Skip to main content

A guide to the different kinds of malware

An antivirus program that only protects against viruses would be barely functional. In a review, I'd have to find some way to assign it a below-zero star rating. Computer viruses are one type of malicious software, but there are many, many other types. Understanding how the different types work and what they can do will give you a new appreciation for your hard-working security software, and a better understanding of security in the news. Simply refer to this article as needed.

Okay, on with the definitions…

Adware. As the name suggests, the purpose of adware is to display ads. That doesn't sound too awful, but some adware threats bombard you with so many ads you can hardly use the computer.

APT (Advanced Persistent Threat). The term APT refers to an elaborate attack like Stuxnet that's backed by a government or other powerful group. You probably won't get hit by an APT, but your bank or your business might.

Backdoor. Just as it sounds, a backdoor opens up your computer to hacking attacks. It allows full access to everything on the computer, bypassing the requirement to log in with a Windows password.

Bot. On its own, a bot isn't harmful. The creator, or "bot herder," works hard to get as many silent bot infestations as possible installed, then rents out the bot network to others. DDoS (Distributed Denial of Service) attacks are often managed by sending commands to a bot network that cause all the infested PCs to run an attack script.

Dropper. A dropper doesn't harm your system itself. Instead, it installs other threats, or opens a channel through which the bad guys can push malware.

Exploit. Sometimes the bad guys discover a way to exploit a bug in the operating system or in a common program. Typically, the exploit lets them execute code to open the door to other malware. Legitimate vendors do their best to patch these holes, naturally.

Keylogger. Basically a form of spyware, a keylogger captures everything you type, including passwords and other sensitive information. Some keyloggers also capture screenshots, log your web browsing history, record anything copied to the clipboard, and more.

Malware. Malware is a blanket term which applies to any software designed to be malicious, including (but not limited to) all of the other types described here.

Ransomware. A ransomware threat encrypts your important documents, disables Windows logon, or otherwise makes your computer unusable until you pay the ransom demanded by its perpetrators. It's a bit dodgy for the perpetrators, since they might be tracked through the ransom payment.

RAT (Remote Access Trojan). Like all Trojans, a RAT masquerades as an innocent and useful program. Behind the scenes, though, it opens up a backdoor that gives its owner complete access to the affected computer.

Rootkit. Antivirus software can only remove threats that it can detect. Rootkit technology hides a threat's file and Registry traces so that most programs can't "see" them. Only specialised anti-malware technology can bring the hidden traces into view.

Scareware. A fake antivirus that pretends to find problems on your system and displays a big, frightening warning – that's scareware. Naturally you must pay the registration before it will "fix" the made-up problems. In most cases there's no actual malicious code, just a huge scam to con you into paying money for nothing. Check out our article on how to ensure you don’t fall prey to scareware.

Spyware. Spyware simply means malicious software that steals credit card numbers, passwords, and other sensitive personal information.

Trojan. Named after the Trojan Horse of legend, a Trojan is a seemingly benign program that does something nasty in secret. Trojans are the most common type of malware on the Android platform. While you play a Trojanised Android game, it may be sending your contacts to a server in Russia, or making £10 per minute phone calls.

Virus. A computer virus spreads by injecting its code into other programs or, less commonly, into the boot sector of a disk. When you execute the infected program, the virus code runs too. It may simply infect more files, or it may perform a "payload" action like wiping out your hard drive.

Worm. Like a virus, a worm replicates itself within the computer or across the network. Unlike a virus, it doesn't wait for you to launch an infected program. Network worms can spread around the world with alarming rapidity.

Mix and match

These categories aren't mutually exclusive. A Trojan could use keylogger technology to spy on you and steal passwords. A virus could hide from antivirus programs using rootkit technology. The most important point to remember is that your antivirus program should protect you against every type of malware, not just viruses.