|
Joke program
|
Joke programs are virus-like programs that
often manipulate the appearance of things on the endpoint's
monitor. |
|
Others
|
Others include viruses/malware not categorized under any of the other virus/malware
types.
|
|
Packer
|
Packers
are compressed and/or encrypted Windows or Linux™ executable programs, often a
Trojan horse program. Compressing executables makes packers more difficult for antivirus
products to
detect. |
|
Ransomware
|
Ransomware is a type of threat that
encrypts, modifies, or locks files and then attempts to extort the
user into paying some sort of ransom demand to retrieve the data.
Some ransomware threats automatically delete the data if the ransom
is not paid in time. |
|
Rootkit
|
Rootkits
are programs (or collections of programs) that install and execute code on a system
without end user
consent or knowledge. They use stealth to maintain a persistent and undetectable presence
on the
machine. Rootkits do not infect machines, but rather, seek to provide an undetectable
environment
for malicious code to execute. Rootkits are installed on systems via social engineering,
upon
execution of malware, or simply by browsing a malicious website. Once installed, an
attacker can
perform virtually any function on the system to include remote access, eavesdropping,
as well as
hide processes, files, registry keys and communication channels. |
|
Test virus
|
Test viruses are inert files that act like a real virus and are detectable by
virus-scanning software. Use test viruses, such as the EICAR test script, to verify
that your
antivirus installation scans properly. |
|
Trojan horse
|
Trojan horse
programs often use ports to gain access to computers or executable programs. Trojan
horse programs
do not replicate but instead reside on systems to perform malicious acts, such as
opening ports for
hackers to enter. Traditional antivirus solutions can detect and remove viruses but
not Trojans,
especially those already running on the system. |
|
Virus
|
Viruses are programs that replicate. To do so, the virus needs to attach itself to
other program
files and execute whenever the host program executes, including:
-
ActiveX malicious code:
Code that resides
on web pages that execute ActiveX™ controls.
-
Boot sector virus:
A virus that infects the
boot sector of a partition or a disk.
-
COM and EXE file infector:
An executable program with .com or
.exe extension.
-
Java malicious code:
Operating
system-independent virus code written or embedded in Java™.
-
Macro virus:
A virus encoded as an application
macro and often included in a document.
-
VBScript, JavaScript or HTML virus:
A virus
that resides on web pages and downloaded through a browser.
-
Worm: A self-contained program or set of
programs able to spread functional copies of itself or its
segments to other endpoint systems, often through email.
|
|
Network Virus
|
A virus spreading over a network is
not, strictly speaking, a network virus. Only some virus/malware
types, such as worms, qualify as network viruses. Specifically,
network viruses use network protocols, such as TCP, FTP, UDP, HTTP,
and email protocols to replicate. They often do not alter system
files or modify the boot sectors of hard disks. Instead, network
viruses infect the memory of agent endpoints, forcing them to flood
the network with traffic, which can cause slowdowns and even
complete network failure. Because network viruses remain in memory,
they are often undetectable by conventional file I/O based scanning
methods. |
|
Probable virus/malware
|
Probable
viruses/malware are suspicious files that have some of the characteristics of viruses/malware.
For details, see the Trend
Micro Threat Encyclopedia:
 |
Note
Clean cannot be performed on probable virus/malware, but the scan action is configurable.
|
|
