Virus
This threat is categorized as viral with a high probability of spreading using various means, by either duplicating itself, or by injecting its code into host files or targets. Viruses don~{!/~}t always have a payload and the symptoms vary. File infectors can sometimes corrupt or damage target files, making them unusable. Operating systems often become sluggish when the environment becomes heavily infested, e.g. the "Marburg" 32 bit file virus.
Worm
This is a sub-category to the virus category, thus logically all worms are viruses, but not all viruses are worms. This threat is categorized as being capable to distribute itself to others using various methods such as SMTP, IRC script, TCP/IP connect and other types. Some worms use an exploit against a host operating system or application such as SQL or open TCP ports. As technologies emerge and progress, new transport types are used, such as Symbian-based mobile devices or peer-to-peer communication networks such as Messenger clients.
Backdoor
This threat is categorized to exist on the system as a doorway to malicious users that have the ability to connect to a compromised host. The backdoor may communicate across various or multiple transport methods such as using specific TCP and UDP ports. The compromised system containing the backdoor could have enough controls for an attacking user to upload, download (steal), modify, delete and infect files stored on the host. The attacking user could even control the operations of the host.
Trojan
This threat does not spread, but will very likely perform unwanted or undesired actions against the target, either by downloading additional threats, modifying host files or targets, modifying, deleting or corruption of information or applications or host computer, compromising of information, opening backdoor channels or any other unwanted activities against the host.
Exploit
This category of threat indicates the use of an exploit to compromise or gain access to a host system. Most exploits are designed to cause buffer overruns or cause a denial of service against an application preventing the system from using that application. Many times the exploit is to gain root access to the target and/or to run arbitrary code. Viruses and Worms sometimes use an exploit to first gain access to the Internet connected system allowing the virus or worm to infect it.
Rootkit
This is one of the most insidious threats due to its stealthy presence on a host. The basic concept behind rootkits are that they function as a hidden backdoor, running invisibly to the operating system, invisible to Windows Task Manager and most utilities that display threads and processes running in memory. The rootkit commonly allows connections to specific TCP or UDP ports on the compromised system, allowing hackers and malicious users the ability to monitor and manipulate that system remotely. Detection of rootkits after they are installed on a target becomes quite difficult by standard means such as client Antivirus scanners. Use of more advanced tools such as applications specifically designed to detect rootkits are required.
Macro
This is a sub-category to the virus category. This threat is identified as containing a macro that could infect or modify files native to the application type such as MS Word, Excel or other applications that support the use of embedded macros. Often times there are very little symptoms however some macro viruses do announce themselves with silly message box displays, and some have destructive payloads. Very few macro viruses tamper with the data however they do exist, particularly for Excel macro viruses such as the ~{!0~}Paix~{!1~} Excel formula virus.
VirTool
This category of threat identifies a program or tool used to create a virus. Examples of this type of program include VCL ("virus creation lab") and VBSWG ("visual basic script worm generator"). Virus construction kits allow virus writers to create cookie-cutter type viruses without the requirement to understand programming.
Adware
This threat is a sub-category of the Spyware classification. Most adware installations are not malicious and are not difficult to remove. Some adware are installed in a way that makes them tricky to remove due to modifications such as browser helper object assignments, and uncommon system registration. Adware commonly targets users by communicating with a web server and sending browsing habit data in an effort to deliver to the targeted user advertisements that are similar to items viewed on various web sites. Adware is most often a profit generator for the company connected with the adware installation.
HackTools
This category of threat identifies a program or tool possibly used by hackers (either ethical or unethical) to test targets for access, infection capability, availability, presence of open ports, presence of target systems or applications, presence of vulnerabilities or unpatched systems and so on. Hacktools are not generally malicious and do not pose a danger of spreading or infecting systems.
Spyware
This threat is categorized to be in a wide group known as Spyware. This includes various types such as pop-up Adware, keyboard monitors, click-through generators, cookie stealing or logging programs and various other types of programs that could be used to track or monitor the use of the system. Spyware is not generally damaging to the system, however it could cause financial loss.
Toolbar
This category identifies a program that is installed and designed to run as a component and add-on to the web browser. The program may have been installed without consent from the user, or as part of the installation for another application such as a file sharing program. Toolbars are a sub-category of Spyware and Adware.
Hoax
This category includes virus hoax, rogue anti-spyware and joke programs. Virus hoax is a false warning about a computer virus. Typically, the warning arrives in an e-mail note or is distributed through a note in a company's internal network. These notes are usually forwarded using distribution lists and they will typically suggest that the recipient forward the note to other distribution lists. Rogue anti-spywares are products of unknown, questionable, or pretending to be effective software. They do not provide proven, reliable anti-spyware protection and prone to false alarms. Joke program includes software that mimic malware behaviors but not malicious and does not harm machines. They are designed to trick users which cause them to panic.
Phishing
This classification is one of the most dangerous threats in the Spyware sub-categories. Commonly a phishing threat is a copycat look-alike of a real web site or financial service. Phishing threats are the leading cause of financial loss in Internet e-commerce. Phishing often involves the use of emails sent as spam or scatter to numerous end-users in a chance that the bait draws the targeted user to a fake web site where login credentials are requested for the authentic site. The fake web site stores the login data or sends it to a web server for retrieval by the phishers. Some banks and financial institutions are trying to make phishing more difficult by employing multiple sign-on keys.
PUA
This threat is a miscellaneous category and is reserved for programs that fall under "potentially unwanted application" designation. Such types of programs are not obviously malicious and don't pose an immediate cause for concern however the presence of the item could be unwanted from a user perspective.
