Press articles often try to simplify reading and, as a result, don’t always go that much into detail when illustrating a new cyber-attack to the broad public. That being said, we thought it might be helpful to write a post on this exact topic and demystify malware typology. Because, whereas we might not all be cybersecurity prodigies, understanding more about the threats on our machines can help us better protect ourselves. Without further ado, we give to you our very own Malware Dictionary.

1. The Malware (R)evolution
Decades after the invention of the Internet, human kind has come to accept evolution as an unavoidable
happening. As minds evolve, so does technology. And while we’re at that, cybersecurity is pretty much obliged
to maintain itself at the very forefront of this phenomenon in order to keep up the pace with the mutations
arising from the cyber-criminal world. That being said, not only have computer viruses gotten stronger, but
they’ve also gotten more and more complex. And with this unwavering malware evolution, terminology was
bound to catch up. Or at least try to do so.
Only last year, the total number of active malware detected went up to 230,000 unique samples /day (according
to Panda Security), with an increase of 43% compared to the same period in 2014. Obviously, cyber-experts
didn’t come up with new names for all of them. Instead, they’ve gathered all malicious software under one single
umbrella term – malware, with a handful of sub-terms ranging from your average virus to the infamous
ransomware. As such, whereas malware typology is not all that rich, some of these sub-terms may explain how
a malware is distributed or installed, while some focus only on the actions it performs.
Press articles often try to simplify reading and, as a result, don’t always go that much into detail when illustrating
a new cyber-attack to the broad public. That being said, we thought it might be helpful to write a post on this
exact topic and demystify malware typology. Because, whereas we might not all be cybersecurity prodigie s,
understanding more about the threats on our machines can help us better protect ourselves. Without further
ado, we give to you our very own Malware Dictionary.
A is for Adware
This is perhaps one of the mildest of all malicious threats we encounter on the Internet. Adware is a malware
that, as the name would have it, pollutes users with unrequested advertising. Over the course of our digital lives,
we’ve all stumbled upon the notorious pop-up window that just refuses to close. Whereas this is its most
common form, adware can also be distributed along with free software and/or browser toolbars. While it may
sometimes be used with the aim of collecting user data in order to push targeted advertising campaigns, this
type of malware can also contain or be classified as spyware (see below I is for ISM).
B is for Backdoor
The term ‘backdoor’ is pretty much self-explanatory. It refers to a state of established access within an
information system, all the while staying under the radar. A backdoor enables hackers to remotely connect onto
the victim’s computer and take over control. Although the line between a backdoor and a network vulnerability
can be quite fine, the two are not to be confused – a backdoor is created (remember theFBiOS?), while a
vulnerability has always been there (thanks for sharing, NSA). This particular threat category provides a network
connection for hackers to take advantage of in many and various ways.
B is also for Botnet
As we’ve already covered in a previous article, several connected bots form a botnet, a network made entirely

2. C is for Cryptolocker
Given the hype created around cryptolocker this year, we might think a definition isn’t really necessary. But, for
the sake of it, here goes. First of all, one has to know that this type of malware is a subcategory of the
ransomware family, the blanket term for all malware which may prevent a user from accessing his/her computer
or files. Taking its name from the first of its kind, cryptolockers nowadays follow the exact same pattern as the
original one, starting with the encryption of the files taken hostage. And, unfortunately, we all know how the
rest of story goes: in exchange for regaining access to one’s beloved data, one does not just simply ignore the
ransom.
D is for Downloader
A downloader malware is a malicious programme used to download other malicious pieces of code on the
infected workstation. In theory, this doesn’t sound that bad: a bunch of software just waiting around to strike
when the moment’s right. If you’ve read our previous article which talks about the core modules of Project
Sauron, then you probably know that this stepping-stone is, in fact, a killing one.
H is for Hijacker
Browser hijackers are made of malicious code developed especially in order to take control of your browser
settings. It is distributed very much the same way as adware – after installing free software or browser toolbars.
The result? You may notice that your homepage or your standard search provider was switched, for example.
What you may not notice right away is that some hijackers can also mess around with your browser’s proxy
settings. Online safety compromised.
I is for ISM…
…or Information Stealing Malware. Just another fancy name for spyware, this category describes all malware
developed to unlawfully recover sensitive user data (such as your banking details and other personal
information). It accounts for no more and no less that 5% of the malware surge. But since stealing for the fun
of it is not really that profitable, this data then ends up for sale on the Dark Web (see Operation Ghoul and
the HawkEye malware).
K is for Keyloggers
One of the fascinating traits of the HawkEye malware is its ability to trace a user’s keystrokes. This alone was
reason enough for us to create a separate category for this refined type of spyware – the keylogger. Able to
retrieve basically everything you might type using your keyboard, from passwords to personal conversations,
keylogger is a fairly powerful malicious software. When there’s no need to crack password hashes, we should
think so.

3. R is for Rootkit
A root kit is a very dangerous type of software that allows its owner to gain root privileges on the targeted
machine. It is then capable of – among other things – concealing its presence entirely.
As such, a rootkit is almost impossible to detect, as it digs deep into the lower levels of your machine, next to
the kernel.
S is for Scareware
A scareware is a malware that preys on people’s weaknesses, blackmailing users with content it might find on
the targeted machines. As opposed to being afraid of losing their data (see C is for Cryptolocker), the victims
of a scareware fear their data being exposed. The added ‘bonus’ here? A scareware will employ tactics which
strongly embarrass the victim and prevent him/her from escalating the issue to a system administrator.
T is for Trojan (horse)
A Trojan horse is one of those malware that would probably win an Oscar for its performance (if you’re even
the slightest into Greek mythology, then you’ve probably already got the hint). It’s also the most widely spread
cyber-threat (71% of all IT security incidents are Trojans). Basically, what it does is that it acts as something you
might need to install/launch on your machine. A Trojan presents itself as an ordinary application or so it would
seem, since it also contains a malicious payload. Once launched, this particular cyber-threat is used to… oh well,
it’s all depends on the hacker’s imagination. It can steal your information, establish a backdoor, escalate
privileges, launch other types of malware and even turn your machine into a zombie-bot.
V is for Virus
Viruses accounts for over 10% of the entire cyber-threat pallete. A virus is a malicious software capable of
spreading from one computer to another by associating itself to existing programs, script files or documents. It
then replicates itself when the vector in use is launched by the user. The end goal? Let’s just say it takes after
the Trojan horse in this department.
W is for Worm
A worm’s modus operandi is very much alike to that of a computer virus. The main difference here is that, on
top of stealing data and/or turning your computer into a member of the botnet sect, worms will also attempt
to ‘eat’ the information on the host machine. Although classified into the viral family, a worm can do increasingly
more damage as it does not rely on human interaction to self-replicate.
So our dictionary might be missing a few letters. New ones will probably be added in the years to come because,
guess what, the malware revolution is not over. With attacks increasing in sophistication, we urge enterprises
everywhere to stay alert and reinforce their systems and security solutions. Businesses need to be able to speak
fluently the cybersecurity language in order to not fail the ultimate spelling exam.