Wednesday, August 13, 2008

Malware Categories

Upon downloading updates for Ad-Aware I found on Lavasoft’s web site a categorization of malicious software. I kind of liked their way of explaining what all is out there and trying to get on our computers. Lavasoft kindly granted permission to literally quote contents from this web page. Here is the link in text format:

In a few locations I have added links to the original text as help to explain technical expressions that may not be commonly known.

Adware is a type of advertising display software that delivers advertising content potentially in a manner or context that may be unexpected and unwanted by users. Many adware applications also perform tracking functions, and therefore may also be categorized as tracking technologies. Some consumers may want to remove adware if they object to such tracking, do not wish to see the advertising caused by the program, or are frustrated by its effects on system performance.


Backdoors may open up ports on the compromised computer, allowing remote access and control of the victim’s machine.


Dialers are programs that utilize a computer’s modem to make calls or access services. Users may want to remove dialers that dial without the user’s active involvement, resulting in unexpected telephone charges and/or cause access to unintended and unwanted content.


Downloaders are programs designed to retrieve and install additional files. Downloaders can be useful tools for consumers to automate upgrades of essential software such as operating system upgrades, browsers, anti-virus applications, anti-spyware tools, games and other useful applications. Unauthorized downloaders are used by third parties to download potentially unwanted software without user notification or consent.


Flooders may provide functionality that makes it possible for an attacker to send massive amounts of data to a specific target. The flooding of a target may, for example, disturb communication services or make various systems unresponsive. This is similar to a DDoS attack where massive amounts of calls are launched against a system. A DDos attack may even make large systems unresponsive if the attack is launched from several computer systems that are infected by a DDoS capable Trojan Horse.


Password stealers can steal user passwords on an infected system, compromising system security and user privacy.


Rogue anti-spyware applications may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.


Trojans (also known as Trojan Horses) are programs that appear to do one thing but actually do another. Trojans may also download additional files to the infected system.


Trojan.Droppers will drop additional files on the infected system. These files are often other Trojans or downloaders.


Trojan.Notifiers are Trojans for the Microsoft Windows platform. This Trojan installs to run at system startup, opening ports on the infected system and increasing system vulnerability. Trojan.Notifiers may thereby compromise system security and user privacy.


Trojan.Proxies may open up the infected machine to be used as a proxy server.


Trojan.Spies are a type of malicious program that can steal information such as passwords, surfing habits, credit card details and e-mail addresses.


Viruses are code that recursively replicate a possibly evolved copy of itself. Viruses infect a Host File or system area, or they simply modify a reference to such objects to take control and then multiply again to form new generations.


Worms are network malware, primarily replicating on networks. Usually, a worm will execute itself automatically on a remote machine without any extra help from a user. However, there are worms, such as mass-mailer worms, that will not always automatically execute themselves without the help of a user.


This grouping contains other programs with malicious intentions.
Although I do not fully concur with all of these categories I think this is informative reading and good background information for everybody.

And the intricacies of the English language caught up with the (presumably Swedish) author of this as well. In Worms we read that the worm program “executes itself …”. What the author means is that the worm program runs, that it executes the program instructions. The worm program definitely does not place itself in front of a firing squad. I had a good chuckle reading this; how’s about you?

As usual I welcome comments and suggestions right here in the blog.

Thank you in advance.

No comments: