How F-Secure classifies threats
Programs categorized as Spyware introduce a security risk that may affect the user's personal data.
Types of programs in the Spyware category include trackware and adware. These programs may offer a useful service in exchange for being allowed to gather information from or about the user.
The kind of information gathered by these programs varies, and may include items such as details of the system or installed programs; web browsing behavior and history; and most importantly, personal details. Legal implications may also arise based on where and how the program is used, and how the information is collected, transmitted and stored.
If a user is aware of and accepts the potential risk associated with a program classed as Spyware, they can configure the F-Secure security product to exclude it from being scanned.
Types of Spyware
|Spyware||Collects information about the user's web browsing behavior or preferred applications the data collected may be stored locally or sent out.|
|Trackware||Allows a third party to identify the user or their device, usually with a unique identifier. The most common trackware is tracking cookies.|
|Adware||Delivers advertising content, either in the web browser, on a PC's Desktop or within an application.|
Programs categorized as Riskware are considered safe when used by an authorized person in an appropriate situation. If misused, or used by an attacker, the program may be a security risk.
Riskware programs are applications that may pose a security risk when used inappropriately, or by an attacker. For example, keyloggers are utilities that may be used by system administrators in the course of their authorized work, but may also be maliciously used to secretly monitor users.
If user is aware of and accepts the potential risk associated with a program classed as Riskware, they can configure the F-Secure security product to exclude it from being scanned.
Types of Riskware
|Monitoring-Tool||Monitors and records selected or all actions of a user on a device|
|Hack-Tool||Bypasses access restrictions or security mechanisms to give users access or the ability to perform actions beyond what is normally permitted|
|Application||Introduces a security risk if misused or maliciously used|
Potentially Unwanted Application(PUA)
A Potentially Unwanted Application (PUA) is a program that has behaviors or aspects which are considered undesirable, unwanted or risky, but does not meet the stricter definition of malware.
If the user is aware of and accepts the potential risk associated with a program classed as PUA, they may elect to keep and use the application, or allow the F-Secure security product to remove it.
For more information about PUAs, see Classifying Potentially Unwanted Applications.
The term 'Threat Platform' is used to refer to the operating system or application on which a malicious program operates.
To indicate the platform a malware will operate on, F-Secure uses a platform designator in the detection name for the malware. For example, the detection for the notorious Downadup worm (also known as Conficker) is:
Where ''W32' is the platform designator, and indicates that the malicious program 'Downadup' is designed to work on machines running the 32-bit Windows operating system.
Most malicious programs are designed to function only on one platform, as they must target and exploit specific files or vulnerabilities unique to a particular operating system or application. Some malware are even more specific - they can only run if a specific application is installed on a specific operating system.
Occasionally, a malware is found that is sophisticated enough to operate on more than one platform, but these are still relatively rare.
|AM||Macro malware for VBA in Access 97 or later|
|AndroidOS||Malware that runs on the Android OS|
|ACAD||Malware or exploits that uses AutoCAD|
|BAT||Malware that requires DOS, Windows or NT command interpreter or clone (4DOS, 4NT)|
|Boot||Malware that resides in the Master Boot Record or DOS Boot Sector|
|ChromeOS||Malware that runs on Chrome OS|
|CM||VBA macro malware for Corel Draw! v 9.0 or later|
|CS||Malware for CorelScript interpreter in many Corel products|
|DOS||Infects DOS COM, EXE (MZ) or SYS files and require some version of MS-DOS or clone|
|HLP||Malware for WinHelp. Note, JS and VBS script malware embedded in HTML and CHM files should use JS or VBS platform|
|HTML||For files that only contain a malicious iframe and cannot be classified as JS, PHP or other script|
|IDA||Malware for IDA Pro|
|INF||Malware that uses Windows INF files|
|INI||Malware for mIRC INI files|
|iPhoneOS||Malware that runs on the iPhone platform|
|MSIL||Malware for .NET platform|
|Java||Malware for Java runtime enviroment (standalone or browser-embedded)|
|Linux||Malware that runs on any Linux distribution|
|MaxOS||Malware that runs on MacOS prior to OSX|
|MMS||Malware that spreads via Multimedia Messaging System (MMS) messages|
|OM||For malware that infects at least two applications within the Office 97 suite or later. Also includes related products (Visio, Projects)|
|OS/2||Malware that runs on OS/2|
|OSX||Malware that runs on Mac OSX|
|PM||Malware for VBA in Project 98 or later|
|PalmOS||Malware for PalmOS|
|Perl||Malware that requires a Perl interpreter incl those under WSH and HTML embedded Perl malware|
|PHP||Malware for PHP script|
|PPM||Macro malware for VBS in PowerPoint 97 or later|
|PUM||Macro malware for VBS in Publisher 97 or later|
|REG||Malware in Windows Registry file format|
|SH||Malware that requires a Unix(-like) shell script interpreter. Hosting does not affect the platform name. Shell malware specific to Linux, Solaris, HP-UX or other Unices, or specific to csh, ksh, bash, tcsh or other interpreters all fall under this platform name.|
|SMS||Malware that spreads via Short Messaging System (SMS) messages|
|Solaris||Malware for Solaris|
|SymbOS||Malware for Symbian OS|
|SVL||Malware for Microsoft Silverlight|
|SWF||Malware for Macromedia Flash|
|Unix||Malware that runs on Unix, ELF file infectors etc|
|VBS||Malware for the Visual Basic Script interpreter. Hosting does not affect the platform designator. Standalone VBS infectors that require VBS under WSH, HTML-embedded VBS malware, and malware embedded in Windows compiled HTML help files (CHM), all fall under this platform type|
|W16||Malware for 16-bit Windows (native executables)|
|W32||Malware for 32-bit Windows (native executables)|
|W64||Malware for 64-bit Windows (native executables)|
|W128||Malware for 128-bit Windows (native executables)|
|WM||Macro malware for VBA in Word 97 or later|
|WinCE||Malware for PocketPC (Windows CE)|
|WinHEX||Malware for WinHex|
|WMA||Windows Media Audio (WMA) usually disguised as mp3, that when loaded or played, will redirect to a site that tells the user to download and install a malicious codec to hear the audio|
|WMV||Windows Media Video (WMV) usually disguised as avi, that when loaded or played, will redirect to a site that tells the user to download and install a malicious codec to view the video|
|XM||Macro malware for VBA in Excel 97 or later|