Malware Classifications

Malware, short for "malicious software," is any software designed to harm, exploit, or disrupt
systems, networks, or devices. Malware classifications are based on their purpose, behavior, and
how they spread. Below is a detailed breakdown of malware classifications, their characteristics,
types, and examples.

1. Viruses

 Definition:
A type of malware that attaches itself to legitimate files or programs and spreads when
the infected file is executed.
 Characteristics:
o Requires user action to spread (e.g., opening an infected file).
o Can damage files, corrupt data, or crash systems.
 Example:
o ILOVEYOU Virus: A famous virus from 2000 that spread via email
attachments.

2. Worms

 Definition:
Standalone malware that replicates itself and spreads to other devices without user action.
 Characteristics:
o Exploits vulnerabilities in networks.
o Can consume bandwidth and slow down systems.
 Example:
o Conficker Worm: Spread across millions of computers in 2008 by exploiting
Windows vulnerabilities.

3. Ransomware

 Definition:
Malware that encrypts a victim's data and demands payment (usually in cryptocurrency)
to restore access.
 Characteristics:
o Causes significant financial and operational damage.
o Often delivered via phishing emails or drive-by downloads.
 Example:
o WannaCry: A ransomware attack in 2017 that affected over 150 countries.
4. Trojan Horses (Trojans)

 Definition:
Malware disguised as legitimate software to trick users into installing it.
 Characteristics:
o Does not self-replicate.
o Creates backdoors for attackers to access the system.
 Example:
o Zeus Trojan: Used to steal banking credentials.

5. Spyware

 Definition:
Malware designed to secretly gather sensitive information from a victim’s device without
their consent.
 Characteristics:
o Monitors user activity, including keystrokes, browsing history, and login
credentials.
o Often bundled with free software.
 Example:
o Keyloggers: Record everything a user types, including passwords.

6. Adware

 Definition:
Malware that displays unwanted advertisements and redirects users to malicious sites.
 Characteristics:
o Generates revenue for attackers through forced ad clicks.
o Slows down devices and browsers.
 Example:
o Pop-ups promoting fake antivirus software.

7. Rootkits

 Definition:
Malware designed to gain unauthorized root or administrative access to a system while
remaining undetected.
 Characteristics:
 o Alters system files and hides its presence.
o Difficult to detect and remove.
 Example:
o Sony BMG Rootkit: Installed without user consent to prevent music piracy.

8. Botnets

 Definition:
A network of infected devices (bots) controlled by an attacker (botmaster) to perform
coordinated attacks.
 Characteristics:
o Used for DDoS attacks, spamming, and cryptocurrency mining.
o Infected devices may operate normally, leaving owners unaware.
 Example:
o Mirai Botnet: Took down major websites like Netflix and Twitter in 2016.

9. Fileless Malware

 Definition:
Malware that operates in memory without leaving any traces on the disk, making it hard
to detect.
 Characteristics:
o Exploits legitimate processes or applications.
o Disappears upon system reboot.
 Example:
o Fileless ransomware attacks targeting PowerShell.

10. Scareware

 Definition:
Malware that tricks users into believing their system is infected and persuades them to
purchase fake security software.
 Characteristics:
o Displays alarming pop-ups and messages.
o Exploits fear to make victims act quickly.
 Example:
o Fake antivirus software pop-ups claiming “Your system is infected!”
11. Logic Bombs

 Definition:
Malware programmed to activate when specific conditions are met, such as a certain date
or event.
 Characteristics:
o Lies dormant until triggered.
o Used to sabotage systems or steal data.
 Example:
o Malware that erases files on a specific date.

12. Backdoors

 Definition:
A covert method of bypassing authentication to gain unauthorized access to a system.
 Characteristics:
o Often installed by Trojans.
o Enables attackers to control systems remotely.
 Example:
o SolarWinds Attack (2020): A backdoor was inserted into software updates to
compromise networks.

13. Polymorphic Malware

 Definition:
Malware that changes its code to avoid detection by traditional antivirus software.
 Characteristics:
o Uses encryption to modify its signature.
o Harder to detect and remove.
 Example:
o Polymorphic worms targeting enterprise networks.

14. Mobile Malware

 Definition:
Malware specifically designed to target mobile devices.
 Characteristics:
o Exploits app vulnerabilities or permissions.
o Targets Android and iOS devices.
 Example:
 o Pegasus Spyware: Targeted high-profile individuals through mobile devices.

Type How it Spreads Impact Example

Virus Via infected files Corrupts or deletes files ILOVEYOU Virus
Worm Exploits network flaws Slows systems, spreads widely Conficker Worm

Ransomware Phishing, downloads Encrypts data, demands payment WannaCry

Trojan Disguised as legit apps Creates backdoors Zeus Trojan

Spyware Secret installation Steals personal information Keyloggers

Adware Bundled software Displays intrusive ads Fake antivirus pop-ups

Rootkit Hidden installation Gains admin privileges Sony BMG Rootkit

Botnets Mass infection DDoS attacks, spamming Mirai Botnet
Fileless Malware Via legit processes Operates in memory PowerShell attacks

Logic Bomb Triggered events Deletes or modifies data Time-triggered malware

Comparison Table: Malware Classifications

Key Takeaways

 Malware is diverse, and each type has unique characteristics and methods of attack.
 A combination of antivirus software, firewalls, and employee training is essential to
defend against malware.
 Awareness of these classifications helps in better detection, mitigation, and recovery.