Malware Definitions

  • A

    advanced persistent threat (APT)

    An advanced persistent threat (APT) is a prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period of time.

  • adware

    Adware is any software application in which advertising banners are displayed while a program is running.

  • Antigen

    Sybari's Antigen is antivirus software for Lotus Domino and Microsoft Exchange.

  • antimalware (anti-malware)

    Antimalware (anti-malware) is a type of software program designed to prevent, detect and remove malicious software (malware) on IT systems, as well as individual computing devices.

  • antivirus software (antivirus program)

    Antivirus software is a class of program designed to prevent, detect and remove malware infections on individual computing devices, networks and IT systems.

  • attack vector

    An attack vector is a path or means by which a hacker (or cracker) can gain access to a computer or network server in order to deliver a payload or malicious outcome.

  • B

    backdoor (computing)

    A backdoor is a means to access a computer system or encrypted data that bypasses the system's customary security mechanisms.

  • barnacle

    In a computer, a barnacle is unwanted programming, such as adware or spyware, that is downloaded and installed along with a user-requested program.

  • blended threat

    A blended threat is an exploit that combines elements of multiple types of malware and perhaps takes multiple attack vectors to increase the severity of damage and the speed of contagion.  

  • bogie (bogey)

    The term bogie, also spelled bogey, refers to a false blip on a radar display.

  • bot worm

    A bot worm is a self-replicating malware program that resides in current memory, turns infected computers into zombies (or bots) and transmits itself to other computers. A bot worm may be created with the ultimate intention of creating a botnet that functions as a vehicle for the spread of viruses, Trojans and spam... (Continued)

  • BotHunter

    BotHunter is a type of bot application that looks for other bots by tracking two-way communication flows between active software inside a private network and external entities... (Continued)

  • botnet

    A botnet is a network of infected smart computing devices controlled by a common type of malware. The term botnet is derived from the words robot and network. A robot, in this context, is a malicious program that operates as an agent for a human attacker.

  • browser hijacker (browser hijacking)

    A browser hijacker is a malware program that modifies web browser settings without the user's permission and redirects the user to websites the user had not intended to visit.

  • Bugbear

    Bugbear is a computer virus that spread in early October, 2002, infecting thousands of home and business computers. It is similar to an earlier virus, Klez, in terms of its invasion approach and rapid proliferation.

  • C

    cache poisoning (DNS poisoning, web cache poisoning)

    Cache poisoning is an attack vector that exploits the way domain name system (DNS) clients and web servers improve performance by saving old responses for a specified period of time in a temporary storage area called cache.

  • Chernobyl virus

    The Chernobyl virus is a computer virus with a potentially devastating payload that destroys all computer data when an infected file is executed.

  • Crash Course: Spyware

    In general, spyware is any technology that aids in gathering information about a person or organization without their knowledge.

  • crimeware

    Crimeware is programming that is designed to facilitate illegal online activity. The use of crimeware is primarily financially motivated.

  • Cyber Storm

    Cyber Storm is the name of a simulated attack exercise conducted by the U.S. Department of Homeland Security (DHS) February 6-10, 2006 to evaluate whether or not the country could withstand a real attack of similar magnitude...

  • cyberterrorism

    According to the U.S. Federal Bureau of Investigation, cyberterrorism is any 'premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents.'

  • D

    directory traversal

    Directory traversal is a form of HTTP exploit in which a hacker uses the software on a Web server to access data in a directory other than the server's root directory... (Continued)

  • domain generation algorithm (DGA)

    A domain generation algorithm or DGA is a computer program used to create domain names, typically for the purpose of propagating remotely controlled Web-based malware.

  • domain rotation

    Domain rotation is a technique use by malware distributors to drive traffic from multiple domains to a single IP address that is controlled by the distributor. The goal of domain rotation is to make it harder for a network administrator to blacklist the malware distributor.

  • DSO exploit (data source object exploit)

    A data source object (DSO) exploit is a form of spyware that takes advantage of data binding to gain access to the hard drive of a computer connected to the Internet.

  • Duqu (W32.Duqu)

    Duqu is a remote access Trojan (RAT) that is designed to steal data from computers it infects.

  • E

    Elk Cloner

    Elk Cloner was the first computer virus known to have spread in the wild.

  • email spam

    Email spam, or junk email, is unsolicited bulk messages sent through email with commercial, fraudulent or malicious intent.

  • email virus

    An email virus consists of malicious code that is distributed in email messages, and it can be activated when a user clicks on a link in an email message, opens an email attachment or interacts in some other way with the infected email message.

  • ethical worm

    An ethical worm is a program that automates network-based distribution of security patches for known vulnerabilities.

  • G

    government Trojan

    A government Trojan is spyware installed on a computer or network by a law enforcement agency for the purpose of capturing information relevant to a criminal investigation. Government Trojans represent a step in turning the tables on cybercriminals by using a proven mechanism for capturing data covertly.

  • H

    hijacking

    Hijacking is a type of network security attack in which the attacker takes control of a communication - just as an airplane hijacker takes control of a flight - between two entities and masquerades as one of them.

  • honeynet

    A honeynet is a network set up with intentional vulnerabilities; its purpose is to invite attack, so that an attacker's activities and methods can be studied and that information used to increase network security.

  • Honeynet Project

    The Honeynet Project is a non-profit volunteer organization dedicated to computer security research and information sharing.

  • honeypot (computing)

    A honeypot is a network-attached system set up as a decoy to lure cyberattackers and to detect, deflect or study hacking attempts in order to gain unauthorized access to information systems.

  • hybrid virus (multi-part or multipartite virus)

    A hybrid virus (sometimes called a multi-part or multipartite virus) is one that combines characteristics of more than one type to infect both program files and system sectors.

  • hybrid virus/worm

    A hybrid virus/worm is malicious code that combines characteristics of both those types of malware, typically featuring the virus' ability to alter program code with the worm's ability to reside in live memory and to propagate without any action on the part of the user.

  • I

    I-SPY Act -- Internet Spyware Prevention Act of 2005 (H.R. 744)

    The I-SPY Act, formally known as the Internet Spyware Prevention Act of 2005 (H.R. 744), is a bill in the U.S. Congress that would criminalize the unauthorized use of spyware, phishing, and other methods of using the Internet to obtain sensitive personal information without someone's knowledge and consent.

  • ILOVEYOU virus

    The ILOVEYOU virus comes in an e-mail note with "I LOVE YOU" in the subject line and contains an attachment that, when opened, results in the message being re-sent to everyone in the recipient's Microsoft Outlook address book and, perhaps more seriously, the loss of every JPEG, MP3, and certain other files on the recipient's hard disk.

  • in the wild

    According to noted computer virus expert Paul Ducklin, in order for a virus to be considered in the wild, "it must be spreading as a result of normal day-to-day operations on and between the computers of unsuspecting users.

  • insider threat

    Insider threat is a category of risk posed by humans who have access to an organization's physical or digital assets. Such threats are usually attributed to employees or former employees, but may also arise from third parties, including contractors, temporary workers or customers.

  • K

    Kaptoxa

    Kaptoxa (pronounced kar-toe-sha) is a type of point-of-sale (POS) malware designed to compromise payment information systems.

  • keylogger (keystroke logger or system monitor)

    A keylogger, sometimes called a keystroke logger or system monitor, is a type of surveillance technology used to monitor and record each keystroke typed on a specific computer's keyboard.

  • Klez

    Klez (pronounced KLEHZ) is an Internet worm that launches automatically when a user previews or reads an e-mail message containing Klez on a system that has not been patched for a vulnerability in Microsoft Internet Explorer mail clients.

  • Kraken

    Kraken is the name given to a family of malware that's currently being used to create what the security firm Damballa has called "the world's largest botnet." Single bots infected with Kraken malware have been recorded sending up to 500,000 spam email messages in a day. (Continued...)

  • L

    logic bomb

    A logic bomb, sometimes referred to as slag code, is a string of malicious code used to cause harm to a network when the programmed conditions are met.

  • M

    macro virus

    A macro virus is a computer virus written in the same macro language used for software programs, including Microsoft Excel or word processors such as Microsoft Word.

  • madware

    Madware is a type of aggressive advertising that affects smartphones and tablets. The name, which is a portmanteau combining the words mobile and adware, was coined by the security vendor Symantec to describe a type of intrusive advertising that currently affects Android smartphones and tablets.

  • Malicious Computer Code: Glossary

    This is a glossary of terms related to malicious computer code.

  • malvertisement (malicious advertisement or malvertising)

    A malvertisement (malicious advertisement) is an advertisement on the Internet that is capable of infecting the viewer's computer with malware.

  • malware (malicious software)

    Malware, or malicious software, is any program or file that is harmful to a computer user.

  • Malware: Glossary

    This is a glossary of terms related to malware.

  • man in the browser

    Man in the browser refers to an emerging tactic used by hackers to commit financial fraud... (Continued)

  • masquerade

    In general, a masquerade is a disguise.

  • Melissa virus

    Melissa is a fast-spreading macro virus that is distributed as an e-mail attachment that, when opened, disables a number of safeguards in Word 97 or Word 2000, and, if the user has the Microsoft Outlook e-mail program, causes the virus to be resent to the first 50 people in each of the user's address books.

  • memory-scraping malware

    Memory-scraping malware is a type of malware that helps hackers to find personal data. It examines memory to search for sensitive data that is not available through other processes.

  • metamorphic and polymorphic malware

    Metamorphic and polymorphic malware are two categories of malicious programs that have the ability to change their code as they propagate.

  • Metamorphic virus

    A metamorphic virus is a type of malware that is capable of changing its code and signature patterns with each iteration.

  • micro VM (micro virtual machine)

    A micro VM (micro virtual machine) is a virtual machine program that serves to isolate an untrusted computing operation from a computer's host operating system.

  • Mytob

    Mytob is a worm used by hackers to gather personal and financial information by phishing, a form of e-mail fraud where the perpetrator sends out legitimate-looking messages that appear to come from well-known and trustworthy Web sites. Since Mytob first originated in February 2005, numerous variants have emerged. Some forms of the worm cause infected computers to send out e-mail messages containing a link to a Web site that hosts rogue programming code. Earlier versions appear as e-mail attachments.

  • N

    Nimda

    First appearing on September 18, 2001, Nimda is a computer virus that caused traffic slowdowns as it rippled across the Internet, spreading through four different methods, infecting computers containing Microsoft's Web server, Internet Information Server (IIS), and computer users who opened an e-mail attachment.

  • P

    payload (computing)

    In computing, a payload is the carrying capacity of a packet or other transmission data unit. The term has its roots in the military and is often associated with the capacity of executable malicious code  to do damage. Technically, the payload of a specific packet or other protocol data unit (PDU) is the actual transmitted data sent by communicating endpoints.

  • polymorphic virus

    A polymorphic virus is a harmful, destructive or intrusive type of malware that can change or 'morph,' making it difficult to detect with antimalware programs.

  • promiscuous mode

    In a network, promiscuous mode allows a network device to intercept and read each network packet that arrives in its entirety. This mode of operation is sometimes given to a network snoop server that captures and saves all packets for analysis (for example, for monitoring network usage)... (Continued)

  • pseudonymous profile

    A pseudonymous profile is a collection of information about a particular computer user that identifies the user either by their computer's IP address or by a randomly-generated nickname.

  • pulsing zombie

    A pulsing zombie is a computer whose security has been compromised without its owner's knowledge by a cracker so that it intermittently carries out a denial-of-service attack on target computers in a network.

  • PUP (potentially unwanted program)

    A PUP (potentially unwanted program) is a program that may be unwanted, despite the possibility that users consented to download it.

  • Q

    Quiz: Who Done IT? A Murder Mystery

    How to take the quiz: - After reading the question, click on the answer that you think is correct

  • R

    ransomware

    Ransomware is a subset of malware in which the data on a victim's computer is locked -- typically by encryption -- and payment is demanded before the ransomed data is decrypted and access is returned to the victim.

  • RAT (remote access Trojan)

    A remote access Trojan (RAT) is a malware program that gives an intruder administrative control over a target computer. RATs are usually downloaded invisibly with a user-requested program -- such as a game -- or sent as an email attachment. Once the host system is compromised, the intruder may use it to distribute more RATs for a botnet.

  • RavMonE virus (W32/Rjump)

    The RavMonE virus, also known as W32/Rjump, is a virus that opens a back door on a computer running Windows, creates a copy of itself in the Windows system directory and creates a log file containing the port number on which its back door component listens... (Continued)

  • Regin malware

    Regin is a complex strain of back-door Trojan malware that uses a multi-staged, modular approach to infect its targets for the purpose of monitoring user activity and stealing data.

  • Robert Morris worm

    The Robert Morris worm is widely acknowledged as the first computer worm to be distributed across the Internet and the first computer virus to receive mainstream media attention.

  • Rock Phish

    Rock Phish is both a phishing toolkit and the entity that publishes the kit, either a hacker, or, more likely, a sophisticated group of hackers. While the authors of the kit remain anonymous, Rock Phish has become the most popular phishing kit available online, with some estimates suggesting that the kit is used for half of all phishing attempts.

  • rootkit

    A rootkit is a program or, more often, a collection of software tools that gives a threat actor remote access to and control over a computer or other system.

  • S

    session replay

    Session replay is a scheme a cracker uses to masquerade as an authorized user on an interactive Web site... (Continued)

  • shoulder surfing

    Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information.

  • signature file

    A signature file is a short text file you create for use as a standard appendage at the end of your e-mail notes or Usenet messages.

  • spyware

    Spyware is a type of malicious software -- or malware -- that is installed on a computing device without the end user's knowledge.

  • stealth

    In computing, stealth refers to an event, object, or file that evades methodical attempts to find it.

  • stealth virus

    In computer security, a stealth virus is a computer virus that uses various mechanisms to avoid detection by antivirus software.

  • Stuxnet

    The Stuxnet worm is a rootkit exploit that targets supervisory control and data acquisition (SCADA) systems.

  • T

    talking Trojan

    A talking Trojan is a Trojan horse program that mocks the user of an infected PC with a repeating audio message while it deletes the entire contents of a hard drive. The first outbreak of the talking Trojan was called "BotVoice.A Trojan" and was detected by security vendor Panda Software SA in the summer of 2007. (Continued...)

  • TDL-4 (TDSS or Alureon)

    TDL-4 is sophisticated malware that facilitates the creation and maintenance of a botnet.  The program is the fourth generation of the TDL malware, which was itself based on an earlier malicious program known as TDSS or Alureon.

  • Tilded platform

    The Tilded platform is a malicious software communicator specifically designed as a vessel for transmitting malware undetected.

  • Trojan horse (computing)

    In computing, a Trojan horse is a program downloaded and installed on a computer that appears harmless, but is, in fact, malicious.

  • V

    vandal

    A vandal is an executable file, usually an applet or an ActiveX control, associated with a Web page that is designed to be harmful, malicious, or at the very least inconvenient to the user.

  • virus (computer virus)

    A computer virus is malicious code that replicates by copying itself to another program, computer boot sector or document and changes how a computer works.

  • virus hoax

    A virus hoax is a false warning about a computer virus.

  • W

    computer worm

    A computer worm is a type of malicious software program whose primary function is to infect other computers while remaining active on infected systems.

  • walled garden

    On the Internet, a walled garden is an environment that controls the user's access to Web content and services.

  • WannaCry ransomware

    The WannaCry ransomware is a worm that spreads by exploiting vulnerabilities in the Windows operating system.

  • watering hole attack

    A watering hole attack targets a specific group of users by infecting websites group members like to visit. The name watering hole attack is inspired by predators in the natural world who lurk near watering holes, looking for opportunities to attack desired prey.

  • Z

    zero-day (computer)

    A zero-day vulnerability, also known as a computer zero day, is a flaw in software, hardware or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw.

  • Zeus Trojan (Zbot)

    Zeus, also known as Zbot, is a malware toolkit that allows a cybercriminal to build his own Trojan Horse. A Trojan Horse is programming that appears to be legitimate but actually hides an attack.

  • Zotob

    Zotob is a computer worm used by an attacker to gather personal and financial information from computers running Microsoft Windows that have a buffer overflow vulnerability. Zotob, which has several variants, is an outgrowth of a worm called Mytob.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close