Malware, also known as "malicious software," can be classified several ways in order to distinguish the unique types of malware from each other. Distinguishing and classifying different types of malware from each other is important to better understanding how they can infect computers and devices, the threat level they pose and how to protect against them.
Kaspersky Lab classifies the entire range of malicious software or potentially unwanted objects that are detected by Kaspersky’s antivirus engine – classifying the malware items according to their activity on users’ computers. The classification system used by Kaspersky is also used by a number of other antivirus vendors as the basis for their classifications.
Kaspersky’s classification system gives each detected object a clear description and a specific location in the ‘classification tree’ shown below. In the ‘classification tree’ diagram:
Individual malware programs often include several malicious functions and propagation routines – and, without some additional classification rules, this could lead to confusion.
For example, a specific malicious program may be capable of being spread via an email attachment and also as files via P2P networks. The program may also have the ability to harvest email addresses from an infected computer, without the consent of the user. With this range of functions, the program could be correctly classified as an Email-Worm, a P2P-Worm or a Trojan-Mailfinder. To avoid this confusion, Kaspersky applies a set of rules that can unambiguously categorise a malicious program as having a particular behaviour, regardless of the program functions:
Discover more about the threats… and how Kaspersky can defend you against them: