Different malware types

What it is: Applications of dubious origin. 

What it can do: APPL can extract protected information, provide remote access to the local machine, modify advanced system settings, or perform advanced operating system or networking functions. 

What it is: A potentially harmful email.

What it can do: EML usually includes harmful content as a script or file. Most often, it's attached as a malicious .eml file to a traditional email. The email itself has no malicious links, and though you may be able to recognize it as an attack with some experience, it's not instantly apparent.

What it is: A type of malware.

What it can do: EXP can detect and use specific security vulnerabilities that allow hackers to gain control of the system.

IMPORTANT TO NOTE: Many Windows devices come with an Exp.exe file that’s not essential for Windows and can cause problems. This file is usually located in the C:\Windows folder.

What it is: An exploit in the system.

What it can do: EXPLOIT can be used as part of a multi-component attack. Instead of using a malicious file, the exploit may drop another malware with backdoor Trojans and spyware that can steal your information from the infected systems.

What it is: A generic detection routine.

What it can do: HEUR is designed to detect common family characteristics shared in several variants. Heuristic refers to a "preliminary detection" feature that can detect unknown viruses. It involves a complex analysis of the affected code and scanning for virus-specific functions.

IMPORTANT TO NOTE: Heuristic threats do not always mean that it's a virus for sure; false positives may occur.

What it is: A virus that can infect the system using an HTML script.

What it can do: HTML smuggling lets an attacker "smuggle" an encoded malicious script within a specially crafted HTML attachment or web page. When the target opens that attachment in their web browser, the browser decodes the malicious script, which, in turn, assembles the payload on the device.

What it is: A construction kit.

What it can do: KIT can be used to create various viruses or malware.

What it is: A file virus or malware in the Shell or ELF format that is only executable on a Linux operating system.

What it can do: LINUX can be many of the threats mentioned above (like Trojans and worms) except for Linux systems.

What it is: A computer virus written in the same macro language as the software it infects (common victims include Microsoft Excel and Word).

What it can do: MACRO targets software rather than systems, which allows it to infect any operating system (PC or Mac). 

IMPORT TO NOTE: Cybercriminals often trick victims into enabling macros before the infected macro can run.

What it is: A file virus or malware that runs on Apple OSX systems only.

What it can do: OSX can be many of the threats mentioned above (like Trojans and worms) except for Apple systems.

What it is: A heuristic detection routine.

What it can do: PCK is designed to detect common packers used by malware. Even though some packers are commercially available, many executables compressed with them are malware or behave in a way that presents a security or privacy risk.
Usually, these packers employ encryption mechanisms and often manipulate the original executable code to hide their real functionality.

Important to note: Legitimate software may employ some of these commercial packers. A packer detection does not necessarily mean that the detected file is malicious.

What it is: Possibly Fake Software, also known as scareware.

What it can do: PFS can pose as antivirus software and lie about your devices being infected by viruses to get you to install it. Of course, it does not offer any helpful functionality and can be a vector for spreading malware.

What it is: An email, voice call, instant message, file, etc., delivered under false pretenses.

What it can do: PHISH can use social engineering techniques to trick and persuade you into revealing personal information (among other things).

IMPORTANT TO NOTE: Your judgment is the first line of defense against phishing, as no antivirus or browser extension picks up most phishing attacks.

What it is: A virus that runs on 32-bit or 64-bit Windows systems.

What it can do: PROGRAM is a family of viruses that spreads onto your computer and infects files. Generally, it infects local files, removable network drivers, executables (EXE), drivers (DDL), and screensavers.

What it is: Potentially Unwanted Applications.

What it can do: PUA may compromise the privacy and the security of your local system. It’s usually a legitimate application that tries to use social engineering to make you install additional offers during the installation of the software you originally wanted. 

IMPORTANT TO NOTE: This detection doesn't always mean the file is malicious. However, your privacy or system security might be compromised if the file was installed on the system without your knowledge.

What it is: A legitimate program that poses potential risks due to security vulnerabilities, software incompatibility, or legal violations.

What it can do: RISKWARE can affect the security of your system and trigger unwanted activities that might violate your privacy. For example, it can be used to extract protected information, provide remote access to the local machine, modify advanced system settings, or perform advanced operating system or networking functions. 

IMPORTANT TO NOTE: This detection doesn't mean the file is malicious. However, your system security might be compromised if the file gets on the system without your knowledge.

What it is: A piece of software that uses cloaking techniques.

What it can do: RKIT can bypass security systems and gain unauthorized access to data without detection. That means someone can remotely compromise your system without leaving any sign of infiltration.

What it is: A type of cyberattack that leverages the system's existing applications and tools.

What it can do: SCRIPT is a sophisticated technique favored by hackers for its ability to outsmart standard endpoint security solutions. It can be used to capture credentials, compromise data, and cause damage to the operating system.

What it is: A Trojan horse.

What it can do: TR can spy out data, violate privacy, or perform unwanted modifications to the system. Trojans are programs that can appear to serve a legitimate purpose but have an unwanted or harmful effect. Many Trojan programs can download other harmful software components to your device without your knowledge.

What it is: Visual Basic Script virus.

What it can do: VBS damage can range from harmless ad displays to straight-out data theft, remote computer access, and other malicious activities. Additionally, VBS can serve as a backdoor to other malware, such as self-propagating worms.

What it is: A piece of code that inserts itself into an application and executes when the app is run.

What it can do: A virus may be used to steal sensitive data, launch DDoS attacks, or conduct ransomware attacks. Usually spread via infected websites, file sharing, or email attachments. A virus will lie dormant until the infected file or program is activated. Once that happens, the virus can replicate itself and spread through the system and the internet.

What it is: A virus that can spread itself over the internet (using email, peer-to-peer networks, instant messages (IMs), etc.).

What it can do: WORM can modify and delete files and inject malicious software onto a computer. Sometimes, by overloading a shared network, a computer worm's purpose is only to make copies of itself over and over — depleting system resources, such as hard drive space or bandwidth. In addition to wreaking havoc on the computer's resources, worms can also steal data, install a backdoor, and allow someone to gain control of your computer.