|
Adware
Programs that secretly gather personal information through the Internet and relay it back to another computer, generally for advertising purposes. This is often accomplished by tracking information related to Internet browser usage or habits.
Adware can be downloaded from Web sites (typically in shareware or freeware), email messages, and instant messengers. A user may unknowingly trigger adware by accepting an End User License Agreement from a software program linked to the adware.
Anti-virus Software
Anti-virus software scans a computer's memory and disk drives for viruses. If it finds a virus, the application informs the user and may clean, delete or quarantine any files, directories or disks affected by the malicious code.
Armored Virus
An armored virus tries to prevent analysts from examining its code. The virus may use various methods to make tracing, disassembling and reverse engineering its code more difficult.
Attack
An attempt to subvert or bypass a system's security. Attacks may be passive or active. Active attacks attempt to alter or destroy data. Passive attacks try to intercept or read data without changing it.
Alert
An automatic notification that an event or error has occurred.
Attribute
A property of an object, such as a file or display device.
Back Door
A feature programmers often build into programs to allow special privileges normally denied to users of the program. Often programmers build back doors so they can fix bugs. If hackers or others learn about a back door, the feature may pose a security risk. Also: Trapdoor.
Back Orifice
Back Orifice is a program developed and released by The Cult of the Dead Cow (cDc). It is not a virus; it is a remote administration tool with potential for malicious misuse. If installed by a hacker, it has the ability to give a remote attacker full system administrator privileges to your system. It can also 'sniff' passwords and confidential data and quietly e-mail them to a remote site. See also: Password Sniffing.
Background Scanning
A feature in some anti-virus software to automatically scan files and documents as they are created, opened, closed or executed.
Background Task
A task executed by the system but generally remain invisible to the user. The system usually assigns background tasks a lower priority than foreground tasks. Some malicious software is executed by a system as a background task so the user does not realize unwanted actions are occurring.
Backup
n. A duplicate copy of data made for archiving purposes or for protecting against damage or loss.
v. The process of creating duplicate data. Some programs backup data files while maintaining both the current version and the preceding version on disk. However, a backup is not considered secure unless it is stored away from the original.
Batch File Virus
Uses text batch files to infect. Batch files can be used to transmit binary executable code and either be or drop viruses.
Bimodal virus
Bimodal virus infects both boot records and files. See Also: Boot Sector Infector, File Virus, Multipartite
BIOS
Basic Input Output System
Boot Record
Boot record contains information on the characteristics and contents of the disk and information needed to boot the computer. If a user boots a PC with a floppy disk, the system reads the boot record from that disk. See Also: Boot Sector
Boot Sector
An area located on the first track of floppy disks and logical disks that contain the boot record. Boot sector usually refers to this specific sector of a floppy disk, whereas the term Master Boot Sector usually refers to the same section of a hard disk. See Also: Master Boot Record
Boot Sector Infector
A boot sector virus places its starting code in the boot sector. When the computer tries to read and execute the program in the boot sector, the virus goes into memory where it can gain control over basic computer operations. From memory, a boot sector infector can spread to other drives (floppy, network, etc.) on the system. Once the virus is running, it usually executes the normal boot program, which it stores elsewhere on the disk. Also: Boot Virus, Boot Sector Virus, BSI.
Blended Threat
Blended threats combine the characteristics of viruses, worms, Trojan Horses, and malicious code with server and Internet vulnerabilities to initiate, transmit, and spread an attack. By using multiple methods and techniques, blended threats can rapidly spread and cause widespread damage.
Bug
A programming error in a software program that can have unwanted side effects.
Camouflage Virus
Virus that attempted to appear as a benign program to scanners.
Cavity Virus
A cavity virus overwrites a part of its host file without increasing the length of the file while also preserving the host's functionality.
CMOS
Memory used to store hardware configuration information.
Cluster Virus
Cluster viruses modify the directory table entries so the virus starts before any other program. The virus code only exists in one location, but running any program runs the virus as well. Because they modify the directory, cluster viruses may appear to infect every program on a disk. Also: File System Virus
Companion Virus
Companion viruses use a feature of DOS that allows software programs with the same name, but with different extensions, to operate with different priorities. Instead of modifying an existing file, creates a new program which (unknown to the user) is executed instead of the intended program. On exit, the new program executes the original program so that things appear normal. Most companion viruses create a COM file which has a higher priority than an EXE file with the same name.
Dialers
Programs that use a system, without your permission or knowledge, to dial out through the Internet to a 900 number or FTP site, typically to accrue charges.
Direct Action Virus
A direct action virus works immediately to load itself into memory, infect other files, and then to unload itself.
Disinfection
Most anti-virus software carries out disinfection after reporting the presence of a virus to the user. During disinfection, the virus may be removed from the system and, whenever possible, any affected data is recovered.
Dropper
A dropper is carrier file that installs a virus on a computer system. Virus author often use droppers to shield their viruses from anti-virus software. The virus code is usually contained in a dropper in such a way that it won't be detected by virus scanners that normally detect that virus (i.e., the dropper program is not infected with the virus). A dropper which installs a virus only in memory (without infecting anything on the disk) is sometimes called an "injector".
Encrypted Virus
A virus using encryption to hide itself from virus scanners. That is, the encrypted virus jumbles up its program code to make it difficult to detect.
Encryption
A method of scrambling or encoding data to prevent unauthorized users from reading or tampering with the data. Only individuals with access to a password or key can decrypt and use the data. The data can include messages, files, folders, or disks.
False Negative
A false negative error occurs when anti-virus software fails to indicate an infected file is truly infected. False negatives are more serious than false positives, although both are undesirable. False negatives are more common with anti-virus software because the may miss a new or a heavily modified virus. See Also: False Positive
False Positive
A false positive error occurs when anti-virus software wrongly claims a virus infects a clean file. False positives usually occur when the string chosen for a given virus signature is also present in another program. See Also: False Negative
Fast Infector
Fast infector is a virus, when active in memory, infects not only executed programs, but also those that are merely opened. Thus running an application, such as anti-virus software, which opens many programs but does not execute them, can result in all programs becoming infected. See Also: Slow Infector
File Viruses
File viruses usually replace or attach themselves to COM and EXE files. They can also infect files with the extensions SYS, DRV, BIN, OVL and OVY. File viruses may be resident or non-resident, the most common being resident or TSR (terminate-and-stay-resident) viruses. Many non-resident viruses simply infect one or more files whenever an infected file runs.
Hoax
Virus hoaxes are false reports about non-existent viruses, often claiming to do impossible things. Unfortunately some recipients occasionally believe a hoax to be a true virus warning and may take drastic action (such as shutting down their network). Some hoaxes cause as much trouble as viruses by causing massive amounts of unnecessary e-mail.
Infection
The action a virus carries out when it enters a computer system or storage device.
Infection Length
This is the size, in bytes, of the viral code that is inserted into a program by the virus. If this is a worm or Trojan Horse, the length represents the size of the file.
Injector
A dropper which installs a virus only in memory (without infecting anything on the disk) is sometimes called an injector.
In-the-Wild
Viruses found "In-the-Wild" are viruses which are known to be spreading uncontrolled to real-life systems, as opposed to those which exist only in controlled situations such as anti-virus research labs. Virus code which has been published but not actually found spreading out of control is not usually regarded as being in-the-wild.
Joke Program
A program with annoying or funny functionality, that change or interrupt the normal behavior of your computer, creating a general distraction or nuisance. Harmless programs that cause various benign activities to display on your computer (for example, an unexpected screen saver). Joke programs are not destructive (not viruses), but may contain a virus if infected or otherwise altered.
Key Logger
Key Logger is a program that runs in the background, recording all the keystrokes. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker. The attacker then peruses them carefully in the hopes of either finding passwords, or possibly other useful information that could be used to compromise the system or be used in a social engineering attack. For example, a key logger will reveal the contents of all e-mail composed by the user. Keylog programs are commonly included in rootkits and RATs (remote administration trojans).
Logic Bomb
A logic bomb is a type of trojan horse that executes when specific conditions occur. Triggers for logic bombs can include a change in a file, by a particular series of keystrokes, or at a specific time or date. See: Time Bomb
Macro
A set of keystrokes and instructions that are recorded, saved, and assigned to a short key code. When the key code is typed, the recorded keystrokes and instructions execute (play back). Macros can simplify day-to-day operations, which otherwise become tedious.
Macro Virus
A macro virus is a malicious macro. A program or code segment written in the internal macro language of an application and attach to a document file (such as Word or Excel). When a document or template containing the macro virus is opened in the target application, the virus runs, does its damage and copies itself into other documents. Continual use of the program results in the spread of the virus. Some macros replicate, while others infect documents.
Mailbomb
n. Excessively large e-mail (typically many thousands of messages) or one large message sent to a user's e-mail account, for the purpose of crashing the system, or preventing genuine messages from being received. v. To send a mailbomb.
Malicious Code
A piece of code designed to damage a system or the data it contains, or to prevent the system from being used in its normal manner.
Malware
A common name for all kinds of unwanted software such as viruses, worms, trojans, jokes, malicious active content, etc.
Master Boot Record
On all PC fixed disks, the first physical sector is reserved for a short bootstrap program. This sector is the Master Boot Record (MBR). It also includes the partition table. See also Boot Sector.
Master Boot Record Virus
An MBR virus is a common type of virus that replaces the MBR with its own code. Since the MBR executes every time a computer is started, this type of virus is extremely dangerous. MBR viruses normally enter a system through a floppy disk that is installed in the floppy drive when the computer is started up. Even if the floppy disk is not bootable, it can infect the MBR.
Memory Resident Virus
A memory resident virus stays in memory after it executes and infects other files when certain conditions are met. In contrast, non memory resident viruses are active only while an infected application runs.
Multipartite Virus
Multipartite viruses use a combination of techniques including infecting documents, executables and boot sectors to infect computers. Most multipartite viruses first become resident in memory and then infect the boot sector of the hard drive. Once in memory, multipartite viruses may infect the entire system. Removing multipartite viruses requires cleaning both the boot sectors and any infected files. Before you attempt the repair, you must have a clean, write-protected Rescue Disk.
Mutating Virus
A mutating virus changes, or mutates, as it progresses through its host files making disinfection more difficult. The term usually refers to viruses that intentionally mutate, though some experts also include non-intentionally mutating viruses. See Also: Polymorphic Virus
NTFS ADS Virus
Allows alternate data streams to exist attached to files but invisible to some normal file-handling utilities.
On-access Scanner
A real-time virus scanner that scans disks and files automatically and often in the background. An on-access scanner scans files for viruses as the computer accesses the files.
On-demand Scanner
A virus scanner the user starts manually. Most on-demand scanners allow the user to set various configurations and to scan specific files, folders or disks.
Overwriting Virus
An overwriting virus copies its code over its host file's data, thus destroying the original program. Disinfection is possible, although files cannot be recovered. It is usually necessary to delete the original file and replace it with a clean copy. Also: Overwrite Virus
Password Attacks
A password attack is an attempt to obtain or decrypt a legitimate user's password. Hackers can use password dictionaries, cracking programs, and password sniffers in password attacks. Defense against password attacks is rather limited but usually consists of a password policy including a minimum length, unrecognizable words, and frequent changes. See Also: Password Sniffer
Password Sniffing
The use of a sniffer to capture passwords as they cross a network. The network could be a local area network, or the Internet itself. The sniffer can be hardware or software. Most sniffers are passive and only log passwords. The attacker must then analyze the logs later. See Also: Sniffer
Payload
This is the malicious activity that the virus performs. Not all viruses have payloads, but there are some that perform destructive actions.
Payload trigger
The condition that causes the virus to activate or drop its destructive payload. Some viruses trigger their payloads on a certain date. Others may trigger their payload based on the execution of certain programs or on the availability of an Internet connection.
Polymorphic Virus
A virus that, when replicating itself, creates copies that are different from itself, making them harder to detect. Each copy may use a different encryption algorithm, so each will look entirely different from the original and from each other. This property makes it harder for anti-virus software to recognize each strain of the virus, so the odds are higher that some strains will get through. See Also: Mutating Virus.
Program Infector
A program infector virus infects other program files once an infected application is executed and the activated virus is loaded into memory.
Real-time Scanner
An anti-virus software application that operates as a background task, allowing the computer to continue working at normal speed, with no perceptible slowing. See Also: On-Access Scanner
Remote Access program
Program that allows another computer to gain information or to attack or alter your computer, usually over the Internet. Remote access programs detected in virus scans may be recognizable commercial software, which are brought to the user's attention during the scan.
Replication
The process of duplicating data from one database to another. Replication is one of major criteria spreading viruses from other computer programs. The process by which a virus makes copies of itself in order to carry out subsequent infections.
Resident Virus
A resident virus loads into memory and remains inactive until a trigger event. When the event occurs the virus activates, either infecting a file or disk, or causing other consequences. All boot viruses are resident viruses and so are the most common file viruses.
Slow Infector
Slow infectors are active in memory and only infect new or modified files. See Also: Fast Infector
Sniffer
A software program that monitors network traffic. Hackers use sniffers to capture data transmitted via a network.
Sparse Infector
This type of virus uses any one of a variety of techniques to minimize detection of its activity. In order to spread widely, a virus must attempt to avoid detection. To minimize the probability of its being discovered a virus could use any number of different techniques. It might, for example, only infect every 20th time a file is executed; it might only infect files whose lengths are within narrowly defined ranges or whose names begin with letters in a certain range of the alphabet. There are many other possibilities.
Source Code Virus
Source code viruses add instructions to existing programming code found on your system.
Spyware
Stand-alone programs that can secretly monitor system activity. These may detect passwords or other confidential information and transmit them to another computer.
Spyware can be downloaded from Web sites (typically in shareware or freeware), email messages, and instant messengers. A user may unknowingly trigger spyware by accepting an End User License Agreement from a software program linked to the spyware.
Stealth Virus
Stealth Virus hides its presence by making an infected file not appear infected, but doesn't usually stand up to anti-virus software. Many stealth viruses intercept disk-access requests, so when an anti-virus application tries to read files or boot sectors to find the virus, the virus feeds the program a "clean" image of the requested item. Other viruses hide the actual size of an infected file and display the size of the file before infection.
Time Bomb
Usually malicious action triggered at a specific date or time. See Also: Logic Bomb
Trojan Horse Program
A malicious program that neither replicates nor copies itself, but causes damage or compromises the security of the computer. A Trojan horse program pretends to be a benign application and does something the user does not expect.
TSR
A memory-resident DOS program, i.e one which remains in memory while other programs are running. A good TSR should at least detect all known in-the-wild viruses and a good percentage of other known viruses. Generally, TSRs are not so good with polymorphic viruses, and should not be relied on exclusively
Tunneling virus
Tunneling viruses try to intercept the actions before the anti-virus software can detect the malicious code. New anti-virus programs can recognize many viruses with tunneling behavior.
Virus
A program or code that replicates; that is, infects another program, boot sector, partition sector, or document that supports macros, by inserting itself or attaching itself to that medium. Most viruses only replicate, though, many do a large amount of damage as well.
VxD
A Windows program which can run in the background. A scanner implemented as a VxD has nearly all the advantages of a DOS TSR, but can have additional advantages: for instance, a good VxD will scan continuously and for all the viruses detected by an on-demand scanner.
Worm
A program that makes copies of itself; for example, from one disk drive to another, or by copying itself using email or another transport mechanism. The worm may do damage and compromise the security of the computer. It may arrive in the form of a joke program or software of some sort.
Zoo
A threat that exists only in virus and antivirus labs, not in the wild. Most zoo threats never get released into the wild, and as a result, rarely threaten users.
| 
