Threat Categories Parent topic

Threat Connect categorizes threats based on specific characteristics exhibited by samples during execution in a controlled environment. Trend Micro threat researchers may also assign categories based on the historical behavior of known threat families.

Threat Categories

Threat Category
Description
Backdoor
Backdoor programs expose computers to unauthorized access and control by remote third parties. Backdoors typically respond to custom-built client programs but can also be designed to respond to legitimate messaging applications.
Bot
Bots are programs that infect computers connected to the Internet, allowing them to be remotely controlled by an attacker. Bot-controlled computers—often referred to as zombies—become part of a network of compromised machines that are exploited by the attacker for malicious activities.
Downloader
Downloaders are programs that download files from specific Web or FTP sites, which are usually controlled by a remote attacker. These programs also execute the downloaded files on compromised computers.
Dropper
Droppers are programs that extract enclosed payloads from their own code and write these to the file system of compromised computers. Attackers often use droppers to disguise malware.
File infector
File-infecting viruses, or file infectors, generally copy their code onto executable programs such as .com and .exe files. Most file infectors simply replicate and spread, but some overwrite or inadvertently damage host files.
Rootkit
Rootkits are programs (or collections of programs) that implement stealth techniques to hide files or processes from normal methods of monitoring. Rootkits provide an undetectable environment for installing and executing code, and are often used by malware to conceal their presence and activities.
Targeted attacks
Targeted attacks refer to computer intrusions staged by threat actors that aggressively pursue and compromise specific targets. These attacks seek to maintain a persistent presence within the target's network so that the attackers can move laterally and extract sensitive information.
Worm
Worms are self-contained programs (or sets of programs) that spread functional copies of themselves or their segments to other hosts or systems without user intervention. Worms usually propagate via network connections or email attachments, and do so without attaching to other programs or files.