Categories
SBI product blocks (see SBI file forma) always mention a category that help classifying a malware. We use the Anti-Spyware Coalition definitions.
Contents
Example
:: IAmSpyware|This is just an invented bot // {Cat:Test}{Cnt:1} // {Det:myname,2008-02-17} File:"<$FILE_DATA>","<$WINDIR>\Malware.txt","filesize>=10" File:"<$FILE_DATA>","<$SYSDIR>\WayTooSmall.txt","filesize=5"
List of categories
Adware
Any program that causes advertising content to be displayed.
In Spybot, we usually only add products to this category where the advertisement is at least tracking.
Cookies
Used to gather limited information about user activities without installing any software on the user's computers
Tracking cookies are a form of passive tracking technologies. We recommend users to disable third party cookies as a more effective method.
Dialer
Used to make calls or access services through a modem or Internet connection
This form of fraud is mostly outdated and getting rare in times of DSL and cable.
Fraud
Software that tries to appear as other legit software and scares the user into buying, often by displaying invented non-existing infections.
Hijackers
Used to modify system and change user experience: e.g. home page, search page, default media player, or lower level system functions
Hijackers are called system modifying software by the ASC.
iPhone
This category flags tracking software or spyware in locally stored app copies within the iTunes folders.
Keyloggers
Used to allow remote access or control of computer systems
This category includes software used to remotely view and control other computers. Sometimes, this software can be installed with the users consent. Compared to trojans, which are used against masses of users, these are usually targeted.
Malware
Malware, aka malicious software, is a generic term for all software categories here, and is used for threats that can do harm to the system without fitting into one of the other categories.
PUPS
Technologies deployed without appropriate user consent and/or implemented in ways that impair user control over:
- Material changes that affect their user experience, privacy, or system security;
- Use of their system resources, including what programs are installed on their computers; and/or
- Collection, use, and distribution of their personal or other sensitive information.
Security
This category includes system settings that lower the security level. Examples are disabled system restore points or Internet Explorer settings that allow uncontrolled execution of code on websites. it also includes the Eicar test virus simply because it's a small signature database and allows very fast scanning when using just this.
Spyware
Used to monitor user behavior or gather information about the user, sometimes including personally identifiable or other sensitive information.
Without proper Terms of Use, collecting PII (Personally Identifiable Information/Personally Identifying Information) violates a users privacy. This category is for such software.
Tracks
This is not a classical malware category, but lists fingerprints a user leaves when using a computer, including browser history, histories of recently opened files, and others.
Trojans
Used to allow remote access or control of computer systems
Trojans, or better trojan horses, usually allow remote access and control of a computer, e.g. in the form of bot networks, where a computer is misused for spam sending, network attacks or similar tasks that do not a huge number of computers.
Viruses
Files
The official signature files use the same categories; their filenames all start with the category name, followed by a dash, and either a three digit number, or a "C" for very up to date threats, from which they're moved to the numbered archives when they're no longer updated or have been replaced with newer releases.