| 🏠 Back to Exam Syllabus | 📺 RooCloud on YouTube | 🌐 RooCloud Practice Exams |
CISSP 21.1 - Malware (Part 1 of 3)
This episode of the ISC2 Certified Information Systems Security Professional (CISSP) exam prep series opens the malware chapter in Domain 8, building a working picture of malicious code. It frames what malware is, who writes it, what a virus is built to do, and the classic routes viruses take to reach fresh victims across the machines you defend.
What this episode covers
- What malware is — any software carrying a harmful payload, exploiting network, OS, app, and physical gaps.
- Blurry categories — real samples mix traits, so virus, Trojan, and bomb labels overlap rather than divide neatly.
- Who writes it — skilled hobbyists, script kiddies with kits, organized crime rings, and zero-day-armed advanced persistent threats.
- What a virus does — two jobs, propagation and payload, aimed at confidentiality, integrity, or availability.
- Boot record virus — targets tiny startup code, stashes its bulk on disk, blocked by TPM and secure boot.
- File infector virus — attaches to executables, caught by size, date, or hash comparison; watch for companion files.
- Macro and service injection — document scripts that run on open, and code hidden inside trusted OS services.
Watch the full episode above for the worked examples and detailed explanations of each concept.
Frequently Asked Questions
What is malware, and why are its categories so blurry?
Malware is any software built to carry an unwanted or harmful payload onto systems, exploiting weaknesses in networks, operating systems, applications, and even physical access. Some strains need a careless human to click or share, while others spread on their own power. Categories blur because real specimens rarely sit in one bucket; a single sample often behaves like a virus, a Trojan, and a bomb at once, so treat the labels as overlapping traits.
Who writes malicious code today?
The cast ranges widely. Early authors were skilled coders chasing bragging rights, while today a script kiddie fires off a ready-made kit with little understanding of it. Organized crime rings reuse those tools to harvest banking credentials and identities at scale. At the top sit advanced persistent threats, well-funded groups often tied to nation states that hoard zero-day exploits for which no patch exists.
What is a computer virus really doing?
Like a biological virus, it has two jobs: propagation, the way it copies itself onto new hosts, and payload, the harmful action it was built to deliver. That payload might do something petty like flashing a rude message or something ruinous like wiping a drive. Whatever the payload, it targets the confidentiality, integrity, or availability of your systems and data.
What are the four classic virus propagation techniques?
The first attacks the boot process, hiding in the tiny startup code and leaving a pointer to its bulk elsewhere on disk. The second is the file infector, which latches onto executable files and runs when you launch them. The third is the macro virus, which hides inside document scripts and runs when the file opens. The fourth is service injection, which hides its code inside trusted running services to dodge scanners.
How do you defend against a boot record virus?
A boot record virus targets the small startup code a computer reads first at power-on. Because that area is too small to hold a full virus, it stashes its bulk elsewhere and leaves a pointer that loads the whole virus into memory at boot. Boot defenses like a Trusted Platform Module and secure boot help block this route by validating the startup process before the operating system loads.
📚 Master the ISC2 CISSP Exam!
Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISC2 CISSP certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.
Reference: This article is based on concepts discussed in CISSP 21.1 - Malware (Part 1 of 3).