Different threat types

In this article, you will learn about different types of threats, malware, and how they work.

 

Malware is any software, product, or program created with the intent to cause harm. The most common types of malware are viruses, Trojans, and worms.

 

Below, we’ll tackle the most prevalent offenders and what you can do about them. 

 

Note: the following descriptions are generalizations and new threats emerge daily. While some malware types cannot do much damage on their own, they can still harm your device and data when combined with other types.

 

Why is it important to remove malware files?

 

It is critical that you delete malware-associated files as soon as possible because they can be used - or are already being used - to inflict serious damage to your device. They can:

 

  • Disrupt the normal functionality of your operating system or even render it completely useless;
  • Hijack valuable private information (credit card numbers, passwords, PIN codes, etc.);
  • Direct all your web searches to the same unwanted or malicious sites;
  • Slow down your device drastically;
  • Gain complete control of your device to spread viruses and Trojans as well as send out spam. 

 

ADSPY What it is: Adware or spyware.

What it can do:
ADSPY will bombard you with unwanted pop-up ads more often than not. However, it can also cause more harm by redirecting you to malicious websites. It is even able to change your browser settings.
ADWARE What it is: Ad software. Software that displays ads by modifying websites or opening additional pages on your browser.

What it can do: ADWARE can display ads by modifying the websites you visit or opening additional pages on your browser.

Important to note: This software can go unnoticed ‘cause it’s often packaged with other downloads. For example, it's common for free programs to include adware as a default install option.
APPL

What it is: Applications of dubious origin. 


What it can do: APPL can be used to extract protected information, provide remote access to the local machine, modify advanced system settings, or perform advanced operating system or networking functions. 


Important to note: This detection doesn't necessarily mean that the file is malicious. However, if the file was downloaded without your knowledge, your system security might be compromised.
BAT What it is: A virus in a batch format.

What it can do: BAT can execute commands from the command line, whereby the system can be modified.
BDC What it is: A backdoor client program.

What it can do: BDC can extract or change data on a computer.
BOO What it is: A boot sector or master boot sector virus.

What it can do: BOO can target and infect a specific physical section of a computer system that contains information crucial to the proper operation of the computer's operating system.
DDOS What it is: A program that can perform distributed denial of service attacks.

What it can do: DDoS allows hackers to overwhelm a website or service with false web traffic or requests from numerous enslaved internet-connected devices, slowing down or downright crashing the affected site or service.
DIALER What it is: A special type of Trojan.

What it can do: DIALER will do one of two things: it will either replace the number in your internet connection dial-up settings to become a premium rate number or simply implant an autodialer on your computer, which will continually dial a certain premium rate number.
DROPPER What it is: A type of Trojan.

What it can do: DROPPER can install some sort of malware (virus, backdoor, etc.) onto a system. The malware code can be contained within the dropper (single-stage) in a way that avoids detection by virus scanners. Alternatively, the dropper may download the malware to the machine only when activated (two-stage).
EML

What it is: A potentially harmful email.

What it can do: EML usually includes harmful content as a script or file. Most often, it's attached as a malicious .eml file to a traditional email. The email itself has no malicious links, and though you may be able to recognize it as an attack with some experience, it's not instantly apparent.

EXP

What it is: A type of malware.

What it can do: EXP can detect and use certain security vulnerabilities which allow hackers to gain control of the system.


Important to note: Many Windows devices come with an Exp.exe file that’s not essential for Windows and can cause problems. This file is usually located in the C:\Windows folder.

EXPLOIT

What it is: An exploit in the system.

What it can do: EXPLOIT can be used as part of a multi-component attack. Instead of using a malicious file, the exploit may instead drop another malware with backdoor Trojans and spyware that can steal your information from the infected systems.

HEUR

What it is: A generic detection routine.

What it can do: HEUR is designed to detect common family characteristics shared in several variants. Heuristic refers to a "preliminary detection" feature that can also detect unknown viruses. It involves a complex analysis of the affected code and scanning for virus-specific functions.


Important to note: Heuristic threats do not always mean that it's a virus for sure; false positives may occur.

HTML

What it is: A virus that can infect the system using an HTML script.


What it can do: HTML smuggling lets an attacker "smuggle" an encoded malicious script within a specially-crafted HTML attachment or web page. When the target (you) opens that attachment in their web browser, the browser decodes the malicious script, which, in turn, assembles the payload on the device.

KIT

What it is: A construction kit.

What it can do: KIT can be used to create various viruses or malware.

LINUX

What it is: A file virus or malware in the Shell or ELF format that is only executable on a Linux operating system.

What it can do: LINUX can be many of the above-mentioned threats (like Trojans and worms) except it’s for Linux systems.

MACRO

What it is: A computer virus written in the same macro language as the software it infects (common victims include Microsoft Excel and Word).

What it can do: MACRO targets software rather than systems, which allows it to infect any operating system (PC or Mac). 


Important to note: Cybercriminals often try to trick victims into enabling macros before the infected macro is able to run.

OSX

What it is: A file virus or malware that runs on Apple OSX systems only.


What it can do: OSX can be many of the above-mentioned threats (like Trojans and worms) except it’s for Apple systems.

PCK

What it is: A heuristic detection routine.


What it can do: PCK is designed to detect common packers used by malware. Even though some packers are commercially available, many executables compressed with them are malware or behave in a way that presents a security or privacy risk.
Usually, these packers employ encryption mechanisms and often manipulate the original executable code to hide their real functionality.


Important to note: Legitimate software may employ some of these commercial packers. A packer detection does not necessarily mean that the detected file is malicious.

PFS

What it is: Possibly Fake Software, also known as scareware.

What it can do: PFS can pose as antivirus software and lie about your devices being infected by viruses to get you to install it. Of course, it does not actually offer any useful functionality and can be a vector for malware spreading.

PHISH

What it is: An email, voice call, instant message, file, etc., delivered under false pretenses.

What it can do: PHISH can use social engineering techniques to trick and persuade you into revealing personal information (among other things).


Important to note: The first line of defense against phishing is your own judgment as most phishing attacks are not picked up by any antivirus or browser extension.

PROGRAM

What it is: A virus that runs on 32-bit or 64-bit Windows systems.


What it can do: PROGRAM is a family of viruses that spreads onto your computer and infects files. Generally, it infects local files, removable network drivers, executables (EXE), drivers (DDL), and screensavers.

PUA

What it is: Potentially Unwanted Applications.

What it can do: PUA may compromise the  privacy and the security of your local system. It’s usually a legitimate application that tries to use social engineering to make you install additional offers during the installation of the software you originally wanted. 


Important to note: This detection doesn't always mean that the file is malicious. However, if the file was installed on the system without your knowledge, your privacy or system security might be compromised.

RISKWARE

What it is: A legitimate program that poses potential risks due to security vulnerabilities, software incompatibility, or legal violations.

What it can do: RISKWARE can affect the security of your system and trigger unwanted activities that might violate your privacy. For example, it can be used to extract protected information, provide remote access to the local machine, modify advanced system settings, or perform advanced operating system or networking functions. 


Important to note: This detection doesn't mean that the file is malicious. However, if the file got on the system without your knowledge, your system security might be compromised.

RKIT

What it is: A piece of software that uses cloaking techniques.

What it can do: RKIT is capable of bypassing security systems and gaining unauthorized access to data without detection. That means someone can remotely compromise your system without leaving any sign of infiltration.

SCRIPT

What it is: A type of cyberattack that leverages the system's existing applications and tools.

What it can do: SCRIPT is a sophisticated technique favored by hackers for its ability to outsmart standard endpoint security solutions and can be used to capture credentials, compromise data, and cause damage to the operating system.

TR (TROJAN)

What it is: A Trojan horse.

What it can do: TR is able to spy out data, violate privacy, or perform unwanted modifications to the system. Trojans are programs that can appear to serve a legitimate purpose but actually have an unwanted or harmful effect. A large segment of Trojan programs can download other harmful software components to your device without your knowledge.

VBS

What it is: Visual Basic Script virus.

What it can do: VBS damage can range from harmless ad display to straight-out data theft, remote computer access, and other malicious activities. Additionally, VBS can serve as a backdoor to other malware, such as self-propagating worms.

VIRUS

What it is: A piece of code that inserts itself into an application and executes when the app is run.

What it can do: A virus may be used to steal sensitive data, launch DDoS attacks, or conduct ransomware attacks. Usually spread via infected websites, file sharing, or email attachments. A virus will lie dormant until the infected file or program is activated. Once that happens, the virus can replicate itself and spread through the system and the internet.

WORM

What it is: A virus that is able to spread itself over the internet (using email, peer-to-peer networks, instant messages (IMs), etc.).

What it can do: WORM can modify and delete files and even inject additional malicious software onto a computer. Sometimes, a computer worm's purpose is only to make copies of itself over and over — depleting system resources, such as hard drive space or bandwidth, by overloading a shared network. In addition to wreaking havoc on the computer's resources, worms can also steal data, install a backdoor, and allow someone to gain control over your computer.

 

Congratulations! Now you know the differences between threats, and what they can do.

 

If you have any further questions, our customer success team is here to help you 24/7 over live chat or email.


You may also be interested in:

  1. How to make sure if my connection was successful?
  2. How to enable 2FA on your Surfshark account?
  3. How to set up a VPN-protected Wi-Fi hotspot using Windows?
Was this article helpful?