Different malware types

In this article, you will learn about different types of malware and how it works.

We will go through the following:

  1. What is malware?
  2. Why is it important to remove malware?
  3. Types of malware

What is malware?

Malware is any software, product, or program created with the intent to cause harm. The most common types of malware are viruses, Trojans, and worms.


Below, we’ll tackle the most prevalent offenders and what you can do about them. 


NOTE: The following descriptions are generalizations and new threats emerge daily. While some malware types cannot do much damage on their own, they can still harm your device and data when combined with other types.


Why is it important to remove malware files?

It is critical that you delete malware-associated files as soon as possible because they can be used — or are already being used — to inflict serious damage to your device. They can:

  • Disrupt the normal functionality of your operating system or even render it completely useless.
  • Hijack valuable private information (credit card numbers, passwords, PIN codes, etc.)
  • Direct all your web searches to the same unwanted or malicious sites.
  • Slow down your device drastically.
  • Gain complete control of your device to spread viruses and Trojans as well as send out spam. 


Types of malware

ADSPY What it is: Adware or spyware.

What it can do:
ADSPY will bombard you with unwanted pop-up ads. It can also cause more harm by redirecting you to malicious websites and can change your browser settings.
ADWARE What it is: Ad software.

What it can do: ADWARE can display ads by modifying the websites you visit or opening additional pages on your browser.

IMPORTANT TO NOTE: This software can go unnoticed because it’s often packaged with other downloads. For example, it's common for free programs to include adware as a default install option.

What it is: Applications of dubious origin. 

What it can do: APPL can extract protected information, provide remote access to the local machine, modify advanced system settings, or perform advanced operating system or networking functions. 

IMPORTANT TO NOTE: This detection doesn't necessarily mean that the file is malicious. However, your system security might be compromised if the file was downloaded without your knowledge.
BAT What it is: A virus in a batch format.

What it can do: A BAT file can be used to execute other malware or malicious programs on a victim's computer. It can also modify system settings, turn off security software, or make changes that weaken the computer's security.
BDC What it is: A backdoor client program.

What it can do: BDC can extract or change data on a computer.
BOO What it is: A boot sector or master boot sector virus.

What it can do: BOO can target and infect a specific physical section of a computer system that contains information crucial to the proper operation of the computer's operating system.
DDOS What it is: A program that can perform distributed denial of service attacks.

What it can do: DDoS allows hackers to overwhelm a website or service with false web traffic or requests from numerous enslaved internet-connected devices, slowing down or downright crashing the affected site or service.
DIALER What it is: A particular of Trojan.

What it can do:DIALER can replace the number in your internet connection dial-up settings to become a premium rate number or implant an autodialer on your computer. This will continually dial a certain premium rate number.
DROPPER What it is: A type of Trojan.

What it can do: DROPPER can install some sort of malware (virus, backdoor, etc.) onto a system. The malware code can be contained within the dropper (single-stage) in a way that avoids detection by virus scanners. Alternatively, the dropper may only download the malware to the machine when activated (two-stage).

What it is: A potentially harmful email.

What it can do: EML usually includes harmful content as a script or file. Most often, it's attached as a malicious .eml file to a traditional email. The email itself has no malicious links, and though you may be able to recognize it as an attack with some experience, it's not instantly apparent.


What it is: A type of malware.

What it can do: EXP can detect and use specific security vulnerabilities that allow hackers to gain control of the system.

IMPORTANT TO NOTE: Many Windows devices come with an Exp.exe file that’s not essential for Windows and can cause problems. This file is usually located in the C:\Windows folder.


What it is: An exploit in the system.

What it can do: EXPLOIT can be used as part of a multi-component attack. Instead of using a malicious file, the exploit may drop another malware with backdoor Trojans and spyware that can steal your information from the infected systems.


What it is: A generic detection routine.

What it can do: HEUR is designed to detect common family characteristics shared in several variants. Heuristic refers to a "preliminary detection" feature that can detect unknown viruses. It involves a complex analysis of the affected code and scanning for virus-specific functions.

IMPORTANT TO NOTE: Heuristic threats do not always mean that it's a virus for sure; false positives may occur.


What it is: A virus that can infect the system using an HTML script.

What it can do: HTML smuggling lets an attacker "smuggle" an encoded malicious script within a specially crafted HTML attachment or web page. When the target opens that attachment in their web browser, the browser decodes the malicious script, which, in turn, assembles the payload on the device.


What it is: A construction kit.

What it can do: KIT can be used to create various viruses or malware.


What it is: A file virus or malware in the Shell or ELF format that is only executable on a Linux operating system.

What it can do: LINUX can be many of the threats mentioned above (like Trojans and worms) except for Linux systems.


What it is: A computer virus written in the same macro language as the software it infects (common victims include Microsoft Excel and Word).

What it can do: MACRO targets software rather than systems, which allows it to infect any operating system (PC or Mac). 

IMPORT TO NOTE: Cybercriminals often trick victims into enabling macros before the infected macro can run.


What it is: A file virus or malware that runs on Apple OSX systems only.

What it can do: OSX can be many of the threats mentioned above (like Trojans and worms) except for Apple systems.


What it is: A heuristic detection routine.

What it can do: PCK is designed to detect common packers used by malware. Even though some packers are commercially available, many executables compressed with them are malware or behave in a way that presents a security or privacy risk.
Usually, these packers employ encryption mechanisms and often manipulate the original executable code to hide their real functionality.

Important to note: Legitimate software may employ some of these commercial packers. A packer detection does not necessarily mean that the detected file is malicious.


What it is: Possibly Fake Software, also known as scareware.

What it can do: PFS can pose as antivirus software and lie about your devices being infected by viruses to get you to install it. Of course, it does not offer any helpful functionality and can be a vector for spreading malware.


What it is: An email, voice call, instant message, file, etc., delivered under false pretenses.

What it can do: PHISH can use social engineering techniques to trick and persuade you into revealing personal information (among other things).

IMPORTANT TO NOTE: Your judgment is the first line of defense against phishing, as no antivirus or browser extension picks up most phishing attacks.


What it is: A virus that runs on 32-bit or 64-bit Windows systems.

What it can do: PROGRAM is a family of viruses that spreads onto your computer and infects files. Generally, it infects local files, removable network drivers, executables (EXE), drivers (DDL), and screensavers.


What it is: Potentially Unwanted Applications.

What it can do: PUA may compromise the privacy and the security of your local system. It’s usually a legitimate application that tries to use social engineering to make you install additional offers during the installation of the software you originally wanted. 

IMPORTANT TO NOTE: This detection doesn't always mean the file is malicious. However, your privacy or system security might be compromised if the file was installed on the system without your knowledge.


What it is: A legitimate program that poses potential risks due to security vulnerabilities, software incompatibility, or legal violations.

What it can do: RISKWARE can affect the security of your system and trigger unwanted activities that might violate your privacy. For example, it can be used to extract protected information, provide remote access to the local machine, modify advanced system settings, or perform advanced operating system or networking functions. 

IMPORTANT TO NOTE: This detection doesn't mean the file is malicious. However, your system security might be compromised if the file gets on the system without your knowledge.


What it is: A piece of software that uses cloaking techniques.

What it can do: RKIT can bypass security systems and gain unauthorized access to data without detection. That means someone can remotely compromise your system without leaving any sign of infiltration.


What it is: A type of cyberattack that leverages the system's existing applications and tools.

What it can do: SCRIPT is a sophisticated technique favored by hackers for its ability to outsmart standard endpoint security solutions. It can be used to capture credentials, compromise data, and cause damage to the operating system.


What it is: A Trojan horse.

What it can do: TR can spy out data, violate privacy, or perform unwanted modifications to the system. Trojans are programs that can appear to serve a legitimate purpose but have an unwanted or harmful effect. Many Trojan programs can download other harmful software components to your device without your knowledge.


What it is: Visual Basic Script virus.

What it can do: VBS damage can range from harmless ad displays to straight-out data theft, remote computer access, and other malicious activities. Additionally, VBS can serve as a backdoor to other malware, such as self-propagating worms.


What it is: A piece of code that inserts itself into an application and executes when the app is run.

What it can do: A virus may be used to steal sensitive data, launch DDoS attacks, or conduct ransomware attacks. Usually spread via infected websites, file sharing, or email attachments. A virus will lie dormant until the infected file or program is activated. Once that happens, the virus can replicate itself and spread through the system and the internet.


What it is: A virus that can spread itself over the internet (using email, peer-to-peer networks, instant messages (IMs), etc.).

What it can do: WORM can modify and delete files and inject malicious software onto a computer. Sometimes, by overloading a shared network, a computer worm's purpose is only to make copies of itself over and over — depleting system resources, such as hard drive space or bandwidth. In addition to wreaking havoc on the computer's resources, worms can also steal data, install a backdoor, and allow someone to gain control of your computer.




You may also be interested in:

Was this article helpful?
Thank you for your feedback!