A ridiculous simple and short overview on Malware types.

Date : 01/12/2013
Version: 0.1
By: Albert
Remarks: It's a ridiculous simple note on on Malware types, only usable if you just want to know some main characteristics in 5 minutes.

Usually, "malware" is a term for "malicious software" in general, so it covers about anything
that would be described as "intentionally bad software".
So, the term malware should be used to collectively point to boot/rootkits, trojans, hijackers, spyware, viruses etc..

However, often "malware" display a sort of "combined functionality", so a thing that could be called a "Trojan", could install code
that resembles "spyware" or a "hijacker". Or it might install code that replicates (like a "virus") etc..

So, if you would insist on a sharp definition of the different malware types: that most often does not work.

⇒ Vulnerability and Exploit:

A "Vulnerability" is a found security leak (or hole) in a OS module, or programfile, which may allow malware or a hacker
to gain access to your system. Vulnerabilities are discovered regularly, and are often decribed and categorized
under an international "CVE" (Common Vulnerabilities and Exposures) identifier.

Microsoft related "security bugs" are filed under CVE's too, but they also use their own characterization as well. They publish Vulnerabilities using
the "Bulletin Numbers", following the "MS[year]-[sequence number]" notation, like for example "MS13-099" (meaning Bulletin Number 099, in 2013).
The Bulletin then explains the details around this "Vulnerability". An associated "KB" (security) patch can be downloaded and applied to the system.
Those patches will be slightly later made available in "automatic downloads", and subsequently in the next Service Pack.

An "Exploit" is any sort of means, or action, that uses a "vulnerability", for accessing a computersystem.

The above listing of malware types should mention the main categories, however, it is not complete.

-> To illustrate that, even an "excel macro" might display (intentionally) nasty behaviour, but in general it would be difficult to put in a "catagory"
as listed above.

-> Researchers often subdivide malware further, by investigating how they get control, like in using a vulnerability in heap control,
or how they might get Admin rights, or which "stealth techniques" it uses, or if it uses some sort of encryption etc..

⇒ Other criminal activities:

Some criminals send mails around with malicious intentions. You probably know what "phishing" is.
Basically, it may use any form of communication, but most often email is used.
These mails contain links to false sites but they have the appearance of trustworthy sites (like a Bank, or financial institute).
The aim is to steal passwords, codes, or any other sensitive information, or even to install malware to that purpose.

You are encouraged to do an extensive websearch on "phishing" (fishing).

But many other forms of "scams" exists, targeted at naive users (or desperate users) trying to earn money through the Web.
In such a case, the user receives some mail, telling the user about some "wonderfull" method to earn money while
you yourself are sunbathing on the beach, or do other recreational stuff.

As an example of such practice, a mail tells the user about some "algolrithm" that beats the random number generator of Casino sites.
All you need to do is to install some software, and then the money will pour in automatically...

It's all "Bull" ofcourse. However, the text and format is such, that some naive users are willing to try...

It's garanteed that those sort of practices are 100% fraudulous.