Skip to content.

Scott Arciszewski

Software, Privacy, Security, Innovation

Malware Classification for Dummies

August 1, 2014 11:22 PM • Information Securty, Opinion, Security, Migrated

This was originally posted on a website I was developing over a year ago called Keenotes.


My motivation for writing this article is that most people mislabel malicious software, and it's not difficult to get right.

Keenot.es Image
Courtesy of xkcd

Let's start with the basics (then continue through the basics, and finish with the basics):

Malware

Malware is a catch-all term for a piece of software designed with a malicious purpose. "Virus" was once the catch-all term for malicious software, but a virus is a more specific beast. Malware is also preferred because many modern infections cannot be singly considered one thing or the other.

Virus

A virus is a type of malware that infects executable programs on a single machine. Either through overwriting the executable on the disk or by injecting code into a vulnerable process.

Worm

A worm is a type of malware that spreads across computer networks. Worms usually attack network services, such as email.

Backdoor

A piece of malware that connects to the internet and waits for the hacker to come knocking, then gives them as much control over your machine as possible. These are usually hidden.

Trojan

Someone hides a backdoor (or a standalone virus) in an innocuous program. You think you're getting something good, and it turns out to be a trap.

Rootkit

A post-exploitation tool that allows a hacker to hide his presence from a root-level administrative user. Not to be confused with a backdoor (although they're usually bundled together).

Spyware

Software designed to spy on you, usually funded by advertising agencies.

Botnet

A network of infected (backdoored, sometimes with a rootkit) computers that connect to each other to form a network that obeys the hacker's commands. These usually attack infrastructural weaknesses on the internet.

Zero-Day

An existing vulnerability in a program that will allow hackers to take over your system, and that the people who produce said program do not know about (or at least they don't have a patch available).

In closing, saying "Our system got infected by the zero-day virus," is silly; it was more likely to be "a (targeted) worm that spread backdoors by taking advantage of zero-day vulnerabilities in your legacy systems." What a mouthful.

Blog Archives Categories Latest Comments

Want to hire Scott Arciszewski as a technology consultant? Need help securing your applications? Need help with secure data encryption in PHP?

Contact Paragon Initiative Enterprises and request Scott be assigned to your project.