Viruses and Malware

Tens of thousands of virus/malware exist, with more being created each day. Although once most common in DOS or Windows, computer viruses today can cause a great amount of damage by exploiting vulnerabilities in corporate networks, email systems and websites.

  • Joke program: A virus-like program that often manipulates the appearance of things on a computer monitor.

  • Probable virus/malware: Suspicious files that have some of the characteristics of virus/malware. For details, see the Trend Micro Threat Encyclopedia:

  • Rootkit: A program (or collection of programs) that installs and executes code on a system without end user consent or knowledge. It uses stealth to maintain a persistent and undetectable presence on the machine. Rootkits do not infect machines, but rather, seek to provide an undetectable environment for malicious code to execute. Rootkits are installed on systems via social engineering, upon execution of malware, or simply by browsing a malicious website. Once installed, an attacker can perform virtually any function on the system to include remote access, eavesdropping, as well as hide processes, files, registry keys and communication channels.

  • Trojan horse: This type of threat often uses ports to gain access to computers or executable programs. Trojan horse programs do not replicate but instead reside on systems to perform malicious acts, such as opening ports for hackers to enter. Traditional antivirus solutions can detect and remove viruses but not Trojans, especially those already running on the system.

  • Virus: A program that replicates. To do so, the virus needs to attach itself to other program files and execute whenever the host program executes, including:

    • ActiveX malicious code: Code that resides on web pages that execute ActiveX™ controls.

    • Boot sector virus: A virus that infects the boot sector of a partition or a disk.

    • COM and EXE file infector: An executable program with .com or .exe extension.

    • Java malicious code: Operating system-independent virus code written or embedded in Java™.

    • Macro virus: A virus encoded as an application macro and often included in a document.

    • Packer: A compressed and/or encrypted Windows or Linux™ executable program, often a Trojan horse program. Compressing executables makes packer more difficult for antivirus products to detect.

    • Test virus: An inert file that acts like a real virus and is detectable by virus-scanning software. Use test viruses, such as the EICAR test script, to verify that your antivirus installation scans properly.

    • VBScript, JavaScript or HTML virus: A virus that resides on web pages and downloaded through a browser.

    • Worm: A self-contained program or set of programs able to spread functional copies of itself or its segments to other computer systems, often through email.

    • Others: Virus/Malware not categorized under any of the other virus/malware types.