1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Threat Types

Threat Type is a term of classification used by F-Secure to indicate a program's general security profile. The Threat Type gives the user some useful indications about a program's potential effects on a computer system.

For example, if we look at the description for:

  • Worm:W32/Downadup

The malicious program's Type is 'Worm', which indicates that the threat is:

"A standalone malicious program which uses computer or network resources to make complete copies of itself. May include code or other malware to damage both the system and the network."

Listed below are the Threat Types currently in use. The Types are organized based on the Threat Category they belong to, which approximately indicate the potential severity of the threat they pose.


Types for Malware Category

  • Virus
    A malicious program that secretly integrates itself into program or data files. It spreads by integrating itself into more files each time the host program is run.
  • Worm
    A standalone malicious program which uses computer or network resources to make complete copies of itself. May include code or other malware to damage both the system and the network.
  • Net-Worm
    A worm that replicates by sending complete, independent copies of itself over a network.
  • Email-Worm
    A worm that spreads via e-mail, usually in infected executable e-mail file attachments.
  • P2P-Worm
    A worm that spreads over Peer-to-Peer (P2P) networks, usually as a deceptively named file.
  • IM-Worm
    A worm that spreads over Instant Messaging (IM) networks.
  • IRC-Worm
    A worm that spreads over Internet Relay Chat (IRC) networks.
  • Bluetooth-Worm
    A worm that spreads over Bluetooth networks.
  • Rootkit
    A program or set of programs which hides itself by subverting or evading the computer's security mechanisms, then allows remote users to secretly control the computer's operating system.
  • Backdoor
    A remote administration utility that bypasses normal security mechanisms to secretly control a program, computer or network.
  • Trojan
    Also known as a trojan horse program, this is a deceptive program that performs additional actions without the user's knowledge or permission. It does not replicate.
  • Trojan-Spy
    A trojan that secretly installs spy programs, such as keyloggers.
  • Trojan-PSW
    A trojan that steals passwords and other sensitive information. It may also secretly install other malicious programs.
  • Trojan-Downloader
    A trojan that secretly downloads malicious files from a remote server, then installs and executes the files.
  • Trojan-Dropper
    A trojan that contains one or more malicious programs, which it will secretly install and execute.
  • Trojan-Proxy
    A trojan that allows unauthorized parties to use the infected computer as a proxy server to anonymously access the Internet.
  • Trojan-Dialer
    This program connects the computer to the Internet via premium-rate telephone lines. It may also direct users to unintended or inappropriate sites.
  • Rogue
    Deceptive antivirus software that pressures users into buying or installing it (e.g., infecting a computer; displaying false or alarming warnings or scanning results). Once installed, it may not function as claimed.
  • Exploit
    A program or technique that takes advantage of a vulnerability to remotely access or attack a program, computer or server.
  • Packed
    This program is packed using a packer program associated with numerous other malware.
  • Constructor
    A program or utility used to construct malware


Types for Spyware Category


  • Spyware
    This program negatively affects a user's control of their computer system or browsing experience, usually without their consent or knowledge.
  • Trackware
    This program secretly monitors user behavior or gathers confidential information. It may also forward information to an external third party.
  • Adware
    This program delivers advertising content to the user. It is usually annoying but harmless, unless it is combined with spyware or trackware.


Types for Riskware Category


  • Monitoring-Tool
    This program monitors and records all actions on a computer, including keystrokes entered.
  • Hack-Tool
    A legitimate utility designed to access remote computers. It may be used with malicious intent.
  • Application
    A legitimate application that may introduce additional security risks or be used for malicious purposes.




Get Support online

For documentation and product support, visit our Support site.

Submit a sample

Think a file or URL was falsely detected?

Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)



About Detection Names

A quick guide to Detections - why they are important, how they work and how to read them. Also includes Generic Detections and how they differ from traditional Detections.