Categories

From SpybotWiki
Revision as of 10:57, 20 November 2014 by PepiMK (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

SBI product blocks (see SBI file format) always mention a category that help classifying a malware. We use the Anti-Spyware Coalition definitions.

Example

:: IAmSpyware|This is just an invented bot
// {Cat:Test}{Cnt:1}
// {Det:myname,2008-02-17}
File:"<$FILE_DATA>","<$WINDIR>\Malware.txt","filesize>=10"
File:"<$FILE_DATA>","<$SYSDIR>\WayTooSmall.txt","filesize=5"

List of categories

Adware

Any program that causes advertising content to be displayed.

In Spybot, we usually only add products to this category where the advertisement is at least tracking.

Cookies

Used to gather limited information about user activities without installing any software on the user's computers

Tracking cookies are a form of passive tracking technologies. We recommend users to disable third party cookies as a more effective method.

Dialer

Used to make calls or access services through a modem or Internet connection

This form of fraud is mostly outdated and getting rare in times of DSL and cable.

Fraud

Software that tries to appear as other legit software and scares the user into buying, often by displaying invented non-existing infections.

Hijackers

Used to modify system and change user experience: e.g. home page, search page, default media player, or lower level system functions

Hijackers are called system modifying software by the ASC.

iPhone

This category flags tracking software or spyware in locally stored app copies within the iTunes folders.

Keyloggers

Used to allow remote access or control of computer systems

This category includes software used to remotely view and control other computers. Sometimes, this software can be installed with the users consent. Compared to trojans, which are used against masses of users, these are usually targeted.

Malware

Malware, aka malicious software, is a generic term for all software categories here, and is used for threats that can do harm to the system without fitting into one of the other categories.

PUPS

Technologies deployed without appropriate user consent and/or implemented in ways that impair user control over:

  • Material changes that affect their user experience, privacy, or system security;
  • Use of their system resources, including what programs are installed on their computers; and/or
  • Collection, use, and distribution of their personal or other sensitive information.

Security

This category includes system settings that lower the security level. Examples are disabled system restore points or Internet Explorer settings that allow uncontrolled execution of code on websites. it also includes the Eicar test virus simply because it's a small signature database and allows very fast scanning when using just this.

Spyware

Used to monitor user behavior or gather information about the user, sometimes including personally identifiable or other sensitive information.

Without proper Terms of Use, collecting PII (Personally Identifiable Information/Personally Identifying Information) violates a users privacy. This category is for such software.

Tracks

This is not a classical malware category, but lists fingerprints a user leaves when using a computer, including browser history, histories of recently opened files, and others.

Trojans

Used to allow remote access or control of computer systems

Trojans, or better trojan horses, usually allow remote access and control of a computer, e.g. in the form of bot networks, where a computer is misused for spam sending, network attacks or similar tasks that do not a huge number of computers.

Viruses

Files

The official signature files use the same categories; their filenames all start with the category name, followed by a dash, and either a three digit number, or a "C" for very up to date threats, from which they're moved to the numbered archives when they're no longer updated or have been replaced with newer releases.