Difference between revisions of "Categories"

From SpybotWiki
Jump to: navigation, search
(Created page with "SBI product blocks (see SBI file forma) always mention a category that help classifying a malware. We use the Anti-Spyware Coalition [http://www.antispywarecoalition.org/d...")
Line 1: Line 1:
SBI product blocks (see [[SBI file forma]]) always mention a category that help classifying a malware.
SBI product blocks (see [[SBI file format]]) always mention a category that help classifying a malware.
We use the Anti-Spyware Coalition [http://www.antispywarecoalition.org/documents/2007definitions.htm definitions].
We use the Anti-Spyware Coalition [http://www.antispywarecoalition.org/documents/2007definitions.htm definitions].

Latest revision as of 10:57, 20 November 2014

SBI product blocks (see SBI file format) always mention a category that help classifying a malware. We use the Anti-Spyware Coalition definitions.


:: IAmSpyware|This is just an invented bot
// {Cat:Test}{Cnt:1}
// {Det:myname,2008-02-17}

List of categories


Any program that causes advertising content to be displayed.

In Spybot, we usually only add products to this category where the advertisement is at least tracking.


Used to gather limited information about user activities without installing any software on the user's computers

Tracking cookies are a form of passive tracking technologies. We recommend users to disable third party cookies as a more effective method.


Used to make calls or access services through a modem or Internet connection

This form of fraud is mostly outdated and getting rare in times of DSL and cable.


Software that tries to appear as other legit software and scares the user into buying, often by displaying invented non-existing infections.


Used to modify system and change user experience: e.g. home page, search page, default media player, or lower level system functions

Hijackers are called system modifying software by the ASC.


This category flags tracking software or spyware in locally stored app copies within the iTunes folders.


Used to allow remote access or control of computer systems

This category includes software used to remotely view and control other computers. Sometimes, this software can be installed with the users consent. Compared to trojans, which are used against masses of users, these are usually targeted.


Malware, aka malicious software, is a generic term for all software categories here, and is used for threats that can do harm to the system without fitting into one of the other categories.


Technologies deployed without appropriate user consent and/or implemented in ways that impair user control over:

  • Material changes that affect their user experience, privacy, or system security;
  • Use of their system resources, including what programs are installed on their computers; and/or
  • Collection, use, and distribution of their personal or other sensitive information.


This category includes system settings that lower the security level. Examples are disabled system restore points or Internet Explorer settings that allow uncontrolled execution of code on websites. it also includes the Eicar test virus simply because it's a small signature database and allows very fast scanning when using just this.


Used to monitor user behavior or gather information about the user, sometimes including personally identifiable or other sensitive information.

Without proper Terms of Use, collecting PII (Personally Identifiable Information/Personally Identifying Information) violates a users privacy. This category is for such software.


This is not a classical malware category, but lists fingerprints a user leaves when using a computer, including browser history, histories of recently opened files, and others.


Used to allow remote access or control of computer systems

Trojans, or better trojan horses, usually allow remote access and control of a computer, e.g. in the form of bot networks, where a computer is misused for spam sending, network attacks or similar tasks that do not a huge number of computers.



The official signature files use the same categories; their filenames all start with the category name, followed by a dash, and either a three digit number, or a "C" for very up to date threats, from which they're moved to the numbered archives when they're no longer updated or have been replaced with newer releases.