Malware Classification

• Virus and Worms: Self-replicating programs. Worms move over the network (ie via email). Virus: replicate on local machine unless 'accidentally' moved to another system.
  • Email-Worm: The worm sends a copy of itself as an attachment to an email message or a link to its file on a network resource (e.g. a URL to an infected file on a compromised website or a hacker-owned website).
  • Net-Worm: Net-Worms propagate via computer networks. The distinguishing feature of this type of worm is that it does not require user action in order to spread.
  • File viruses, boot sector viruses, macro viruses, script viruses
• Trojan Programs: malicious programs that perform actions which are not authorized by the user: they delete, block, modify or copy data, and they disrupt the performance of computers or computer networks. They don't self replicate (ie Worm/Virus)
  • Backdoor: Give remote control of system to malicious user
  • Trojan-Spy: used to spy on a user’s actions (to track data entered by keyboard, make screen shots, retrieve a list of running applications, etc. Information usually sent back to malicious user via web.
  • Trojan-Dropper: programs that secretly install malicious programs built into their code to victim computers
  • Rootkit: malicious program is designed to conceal certain objects or activities in the system
• Suspicious packers: Software used to compress, encrypt and disguise malware. Used to prevent reverse engineering and detection (via signatures).
• Malicious tools: programs designed to automatically create viruses, worms, or Trojans, conduct DoS attacks on remote servers, hack other computers, etc
  • DoS: programs are designed to conduct DoS (Denial of Service) attacks on a victim computer
  • Email-flooder: Email-Flooder programs are designed to flood email channels with meaningless messages.
• RiskWare: legitimate programs, which can cause damage when they fall into the hands of malicious users
  • RemoteAdmin: ie VNC/ Remote Desktop
  • Server-Web: web server
  • Server-FTP: FTP Server
• PornWare: programs that display pornographic material to the user.
• Adware: programs designed to display advertisements (usually in the form of banners), redirect search requests to advertising websites, and collect marketing-type data about the user (e.g. which types of websites s/he visits) in order to display customized advertising on the computer.

References

• Classification of Malware