Malware – an introduction and classification

Malicious software, or malware refers to programs that exploit vulnerabilities in a computing system for a harmful purpose. These malicious programs can be differentiated into categories based on their behaviours or functions. For example, based on whether they require a host program or not, or by identifying if the software copies itself or not. In the following section I will look into main categories of malware.


A virus is a piece of program code, which is self-replicating and inject itself into installed programs in the system. These types of malware can be further classified into 4 types

Resident Virus: This type of viruses embeds themselves into the memory of the target host. In such a way that, it becomes activated every time the OS start or executes a specific action.

Non-resident Virus: When executed this type of virus actively seeks targets for it to infect, either on local, removable or network locations. Upon further infections it exits, hence not residing in memory

Boot sector Virus: This type of virus targets specifically a boot sector on the host’s hard drive. Once infected, the virus gets loaded into memory every time an attempt is made to boot from the infected hard drive.

Macro Virus: Macro viruses are written in macro language, embedded in Word, Excel, Outlook documents. These viruses are executed as soon as the document is opened.


Worms are also considered a sub division of viruses, as they also self-replicating. Unlike viruses, worms exploit network and operating system vulnerabilities to spread. In addition to this, they do not require any interaction for replication process. This capability makes worm more dangerous.

Trojan horse

Unlike viruses and worms, Trojan horse does not have the capabilities of self-replication. These are programs that pretend to be legitimate, but are designed to carry out a malicious actions when run. These applications may come in forms of free software’s, games, videos, etc.

Backdoor (Remote Administration Tool)

A backdoor or a remote administration tool is a piece of software that gives a person access to a computer without the owner’s consent. Depending on the capability of RAT, the attackers can run or install software’s they need to cause damages.


A rootkit is a piece of software, which is designed to hide its presence and actions from the users and anti-virus software. It is able to do this via deep integration with the operating system. These rootkits starts before OS starts. Rootkits helps the attackers to maintain the root level access to the compromised system.

Bots and Botnets

Bots are software’s that are created to perform specific operations. While some of the bots are created for harmless purposes (such as video gaming, Internet auctions), it is becoming increasingly common to bots being used for malicious activities. Bots are used in botnets (which is a collection of computers controlled by third parties) for DDoS attacks, or as web spiders that scrape server data and for distributing malware.


A piece of software that monitors victim’s activities and also gather other information from victim’s computer and sends it back to its creator.


Ransomware is a malware that is designed to extort money from its victims. It can appear as a pop up, phishing link, or malicious website, and once acted on, will trigger a vulnerability in the user’s system, locking out the keyboard and screen, and sometimes even the entire computer. It’s intended to scam people by falsely accusing the victims of a crime and asking to pay a fine.