Malicious software, or malware, is an all-encompassing term for any software that has been created to damage, disable, or produce an unwanted condition within a computer system. This definition, while functional, is also very broad in its categorization of malware. There is malware that is coded specifically to steal credit card numbers from payment systems, while other malware is utilized to take control of a system, allowing an attacker to remotely control that system. Analysts who observe these specific behaviors—such as how a compromised system sends communications out to the internet after infection, or what actions are taken on an infected system—may be able to determine the type of the malware, and what the end goal of the attacker may be.

In general, when discussing malware, the following are some of the more specific categories:

• Virus: For a time, the term virus was used as the term for any malicious code that had a detrimental impact on a computer system. As the types of malware increased, the term virus was relegated to mean any code that has an intentionally malicious impact on a system.
• Worm: Often part of a virus, a worm can not only have an impact on a system but is also able to self-replicate and impact other systems connected to it. One of the most famous worms was the Morris worm that spread worldwide, causing denial-of-service (DoS) attacks across the internet in 1988.
• Trojan: The Trojan horse of mythology is the inspiration for this class of malware. Trojan malware is often hidden within a legitimate application or file. When an unsuspecting user opens the file, the malware infects the system. This type of malware often leverages a social engineering attack to infect a system.
• Keylogger: This specific malware hides in the background of a running system and captures the keystrokes of the user. It then takes this information and sends it to a controller for review. Coders who write keyloggers are often interested in obtaining credentials.
• Rootkit: Rootkits are utilized to conceal other malicious code such as a Remote Access Trojan (RAT), which allows an attacker to take remote command of an infected system.
• Information-stealing malware: Often coded for a single purpose, this type of malware is used to capture information such as credit card numbers or banking credentials, such as the Shylock malware that was created specifically to capture banking logins.
• Backdoor: Another variation of remote access, this type of malware infects a system, and then allows the attacker to take control of the infected system.
• Downloader: As defenses have become more sophisticated, so have the malware writers. A downloader is part of a multi-stage malware program. The downloader often infects a system, and then reaches out to a remote server for the rest of the code. This method is often utilized to bypass security controls and is useful for enabling malware coders to utilize larger and more sophisticated malware.
• Botnet: A botnet is a series of computers, all controlled through a central system on the internet called a botnet controller. First, the botnet malware infects a system. As the number of infected systems grows, the malware writers can then utilize this botnet to conduct distributed denial-of-service (DDoS) attacks against a single target.
• Ransomware: A relatively new type of malware, ransomware encrypts a victim's files. The malware then solicits a payment, often in the form of a cryptocurrency such as Bitcoin, from the victim for the decryption key.
• File wipers: A file wiper either destroys the files or is able to infect the Master Boot Record (MBR) and modify records so that files are no longer accessible to the system.

Many of the variants are used together in a chain. For example, a malware coder may conduct an initial infection of a system, with an RAT disguised as a legitimate application. When an unsuspecting user opens the application, the code executes itself. It then downloads a second payload and further infects the system, allowing the coder remote access. Finally, with remote access, the attack continues, with the attacker identifying a payment system. From there, they load a second piece of malware onto the payment system and capture cleartext credit card numbers.

Another key aspect of malware is how it has evolved over time. There has been an explosion in how many variants of malware there are and the sheer amount of malicious code there is currently in the wild. Malware is evolving every day, with new techniques of encoding and delivery—as well as execution—changing rapidly. Analysts would be well advised to make a point of keeping abreast of these changes as they are happening so that they are prepared for the latest, and more damaging, code.