Glossary
This glossary contains many of the terms you will find throughout the SpywareRemove.com website.
A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z
.dam - Recognizes the files that have been corrupted by a parasite and makes them incorrectly executed.
.dll - Dynamic-link library (DLL) is a file that has a code allowing the programs to share it and also contains other information that can be accessed by computer programs.
.dr - It is a suffix attached to a virus name indicating it as being a dropper type. Dropper is a malicious parasite that may import additional malware onto your machine.
@m - The suffix that identifies a virus being a slow mailer. It send small batches of infected messages or one malicious message at a time to its victims. The infection method is similar to mass mailers (also see @mm).
@mm - The suffix that identifies a virus being a mass mailer that sends large batches of infected messages to its victims. The infection method similar to slow mailers (also see @m).
ACS - A communications server that manages computer modem’s incoming and outgoing messages. It directs outgoing messages and sends to the next available modem and incoming messages to the next suitable workstation.
Action - A predetermined response to an event or alert done by a system or program.
Active - A status showing that an application, scan or process is running. For example, when a program is running it is considered active.
ActiveX controls - ActiveX controls are small programs that add dynamic and interactive features to Web pages. These software components incorporate ActiveX technology and they can be used to add pop-up menus, multimedia effects and animation to web pages, desktop applications and tools that develop software. Programmers can develop ActiveX controls in a variety of languages including C, C++, Visual Basic, and Java. ActiveX controls are usually installed with user permission; however, very often it is automatically downloaded and executed by a Web browser. Unsuspecting users are also sometimes tricked into agreeing to download unwanted ActiveX controls. Such unauthorized installation and execution of ActiveX controls allows malicious code to install components or to make changes on visiting systems.
Activity log - A report that sequentially lists information about all the recorded events operated on the system.
Address Bar Spoofing - Modification of a browser’s address bar in order to show a legitimate address. This modification is done by running a script that removes the browser’s address bar and replaces it with a false address bar.
Admin, administrator - A computer account that provides access to a user over a computer system, including software installation and account management. For instance, if a computer becomes infected and the admin is logged onto a PC, the virus or attacker may gain the same privileges as the admin has, such as software installation and modification.
Administrative domain - An environment that is defined by a security model or security policy.
Adware - A software program that can display advertising banners while the program is running. Adware may track a user’s personal information and transfer the collected data on to third parties, without the user’s knowledge or consent.
Affected file type - Malware and grayware may appear as files of a certain kind. The term affect here stands for the file format (for instance, PE or Win32) that the malware or grayware comes as, or the formats that it adds when infects the files.
Affected software - Affected software, Platform and Systems Affected is a list in which there are indicated the area or areas that are affected by a particular threat (it may be malware, grayware, or vulnerabilities). This list has the operating systems or applications that have to be installed in the user’s system before the parasite performs its nasty routines. Moreover, a threat can act in a different way across different platforms.
Alarm - A sound or visual image that is shown to identify an error or status.
Alert - A notification that announces about a virus intrusion or other computer related task. The message can be delivered to users for example via e-mail.
Alertable event - An event that was predefined to provide a warning signal for that event.
Alias - An alternative virus, trojan or other parasite name issued by another anti-virus vendor. Some viruses may get different names because there is no organization responsible for giving names to computer viruses.
ANSI Bomb - Special character sequences that that are used to reprogram keys on the keyboard. Once ANSI.SYS file is loaded, the bomb may popup colorful screen or may produce unwanted graphical effects.
Anti-antivirus Virus - Another name for a retro-virus.
Attack - An assault against a computer system or network. Successful attacks can cause sabotage such as destroying or stealing data and turning off your computer.
AV Killer - A malicious tool designed to disable a user’s anti-virus programs or firewalls in order to prevent from detecting viruses.
Backdoor - (also called a trapdoor) a Remote Control Software which allows a third-party (the attacker) to gain access and control of a victim’s computer. Backdoors, considered to be Trojans, can bypass security mechanisms. Backdoors are a security risk because they can gain personal information or use a victim’s computer to attack a server.
Banner - Information that is displayed when you connect to a remote system.
Banner ad - Advertisement that is placed at the top of a Web page.
Batch file - A sequence, or batch, of commands performed by a file containing DOS commands. A batch files ends with a .bat extension and is compatible with DOS, Win9x, WinNT, Win2000, Windows XP. Batch files serve as a way to reduce the repetitive typing needed by the user to start programs and to not have to remember every single command to perform a task.
BHO - See also browser helper objects.
Blacklist - The list of e-mail addresses you believe that send spam messages and are from spam providers.
Blended threat - A virus or worm that employs multiple infection methods. For example, the threat can infect files, may implement Trojan behavior and spread on its own.
Boot disk - A disk containing specific files which activate at startup of the computer. Boot disks differ according to the operating system. Boot disks can take the form of a standard floppy boot disk, emergency boot disk, or bootable CD. To remove viruses effectively, antivirus programs use a boot disk to access the hard drive and perform cleanups on the computer. Unused boot disk prevent antivirus programs from tracing and removing viruses from the computer.
Boot records - The area in floppy disks and hard drives that contains the instructions necessary to start up a computer. Viruses usually infect the boot records and change the data incorporating a copy of themselves. As soon as a user starts the PC, the virus installs itself in memory before loading the operating system.
Boot sector infector - A virus that corrupts the original boot sector on a diskette. When the computer tries to carry out the program in the boot sector, the virus loads into memory where it can gain control over basic computer operations. Boot sector infectors are dangerous because they spread quickly and efficiently.
Bot - Is a program which performs repetitive roles such as search and check of information and preserving traffic over the network. Bots are not necessarily harmful but attackers can use it to install malware or pop ups on your computer, spread machine lists and organize robots assaults on DDOS.
Botnet - (short for “robot network”) A network of zombie computers, possibly consisting of tens or thousands of zombie computers, which can automatically send out spam messages. From a single computer, a botnet can send thousands of spam messages in one day.
Bps - Bits per second (bps or bit/sec). This is a common measure of data speed for computer connection, used for computer modems or transmission carriers. Bps means speed is equal to the number of bits sent or received each second.
Broadcast address - Is an IP address which sends the message to all machines on a local subnetwork.
Browser helper objects - Browser helper object is a .DLL file that once installed may modify the settings of Internet Explore and may change its usual behavior. For example, a browser helper object may add toolbars, menu items. Additionally, it may also monitor incoming and outgoing traffic.
Browser hijackers - Browser hijacker is an application that has an ability to replace user’s Home page, Search page, Error page, etc.
Brute force - A method used to reveal passwords or encryption keys by trying every possible combination of characters until it breaks the code.
Buffer overflow attack, buffer overflow exploit - A method of overflowing or overloading a specific amount of space in a buffer. In a buffer overflow attack, attackers can insert their own code into a victim’s machine. Buffer overflow attacks are the most malicious form of attack.
Buffer overflow condition - Condition in an application that delivers more data than the application can handle. Providing an overflow of data can result in a corrupt memory.
Bug - An error, failure, or defect in a software or hardware program that prevents it from working properly or causes a false result.
Camping out - A hacking method that is used to break into a computer system and find a unsupervised place. Once it is done, the attacker may monitor the system, store information or break into the system later.
CD-R, CD-RW Recordable CD - There are different formats for CDs which are the R (recordable) and RW (rewritable). CD-R are written once and read many times. CD-RW are written and overwritten many times.
Certificate - An electronic document that proves identity the identity of a website by many cryptographic systems. These certificates are also used to prove weather the website is authentic and genuine and includes a public key and user’s name.
Certificate authority - An organization that issues security certificates.
Certificate authority-signed SSL - A secure socket layer that provides authentication and encrypts data through a certificate that is digitally signed by the certificate authority.
Clean, cleaning - (alternately called repair) The operation of the scanner after it detects a spyware, adware, malware, or other parasites. With the help of the cleaning action, you can remove spiteful code from a file and restore the file to usability. You can also remove the registry, references to the file from system files, and system INI files.
CleanBoot disk - An anti-virus CD or floppy disk that is used to scan your computer and remove infected files. Once you put it inside your machine and turn on your PC, CleanBoot disk will be launched by using its own operating system.
COM File - COM is short for “command”) It is a simple type of an executable file that contains instructions that can do something on your computer. COM files also implement DOS emulators. COM files run faster than programs which have EXE format. The authors of computer viruses often infect .COM files. When the .COM executes, the virus runs as well and often it adds into memory.
Companion virus - A viral program that does not necessarily attach itself to a certain program, but takes a similar name and priority program rules to associate itself to a regular program.
Compile - To translate a program written in a high-level programming language from source code into object code. A “compiler” program converts a particular programming language into machine language or code that a computer’s processor uses. A “compiler” program detects syntax errors when a script is being compiled.
Compression - The technique that allows the storing data in a format that requires less space than normal. Data compression is very useful in communication because it allows processing, storing and transmitting the same amount of data in fewer bits. Malware and grayware authors usually use different compression types or algorithms in order to reduce their program’s size or conceal the original digital structure of their program. For instance, malware employs binary compression because it makes it harder to disassemble and analyze the malicious application. Moreover, it obfuscates original entry point (OEP). Currently there appeared many outbreaks that were due to the application of different compression algorithms on existing malware variants to produce new ones that tricked antivirus scanners.
Cookies - Cookies are small text files that many Web sites use to store information about pages visited and other settings (temporary or persistent). For example, cookies might contain login or registration information, shopping cart information, or user preferences. When a server receives a browser request that includes a cookie, the server can use the information stored in the cookie to customize the Web site for the user.
DAT files - The type of files that are used to determine anti-virus or anti-spyware program code in order to find malware. DAT files are also known as detection definition files and signature files.
DDoS - A form of denial-of-service (DoS) assault in which an attacker uses malicious code on more than one zombie computer to aim traffic at a targeted URL. An attacker uses this technique to have a greater effect than it would have taken with one zombie computer. The attacker can carry out an attack by uses DDoS programs can carry out instructions from a master program to attack, which is usually a command to disable or shut down the targeted URL.
Defacement - A change of the home page or other main pages of a Website performed by an unauthorized individual or process.
Desktop computer - A computer used for performing individual tasks, typically with the computer found on or under a desktop.
Desktop firewall - A program that is used as a filter between a personal computer and the Internet or computer network which is used to monitor incoming and outgoing traffic.
Destructive threat - A threat known to cause direct damage to files or computer systems. The main result of it is the loss of important information. Some examples of a destructive threat may be such routines as corrupting or deleting important files or formatting the hard drive. There may also be a destructive program that consumes resources in a denial of service attack.
Dialers - Dialer is a computer program used to redirect user’s telephone connection to the more expensive line with higher charges for a content provided with or without user consent.
DLL injector - A method used by a malware author to mask the author’s presence from desktop fire walls. The malware author injects the malicious code as an added DLL into an already running program, making any requests to the disk or network but pretending as if the original program made the request.
Domain Name System (DNS) - An Internet naming scheme that translates internet domains into IP addresses. Every time you use a domain name, a DNS service translates the name into its proper IP address.
DoS (short for denial of service) - An assault on a network that can be intentional or accidental by-product of instruction code that can originate from a separate network, the host or Internet-connected system. The aim of the attack is to disable or shut down the targeted computer, and to break off system’s ability to respond to legitimate requests.
Download - Data transmission from one PC to another or from the Internet that is used to transfer computer files.
Download folder - A default folder which stores files after the download is complete.
Downloader - A computer program that is designed to download files onto a PC usually without user’s knowledge of consent. A downloader may also be programmed to perform automatic downloads in order to update itself.
drive-by download - A type of download that usually appears without user’s consent when viewing unsolicited websites. Once downloaded, the potentially unwanted programs get installed.
dropper - A type of malicious file that carries a Trojan or virus and when executed drops it onto a computer for potentially malicious purposes.
E-mail Worm - A type of malicious parasite that is distributed by email. Once installed, an e-mail worm sends messages to all the addresses that it can find on a computer.
ELF - ELF is an acronym for Executable and Link Format. It is an executable file format for the Linux and Unix platforms. ELF now appears as the default binary format on operating systems such as Linux, Solaris 2.x, and SVR4. Some of the characteristics of ELF are dynamic linking, dynamic loading, imposing runtime control on a program, and an improved method for creating shared libraries. The ELF standard is growing in popularity because it has greater power and flexibility than the a.out and COFF binary formats.
Encryption - A process of transforming data, code, or a file into an unreadable form in such a way that only a decryption process can get the original information. Viruses may also use encryption by translating the code into an encrypted code to hide their malicious code.
Encryption Tool - A software tool used to encrypt a document or file in order to ensure its security. To open it a special key is needed. However, this tool may be used for malicious purposes.
End User License Agreement (EULA) - A legal contract between the author and the user of an application. The EULA, usually referred to as the software license, is a certain form of an agreement. The user agrees to pay for the opportunity of using the software, and promises the software manufacturer to follow the rules provided in the EULA.
Error Hijacker - A program that hijacks your browser’s Error page and changes it to a predefined one. For example, if a user mistypes an URL address, the query is automatically transferred to a predefined website. This usually causes user’s browser to behave sluggish.
Exploit - Is a program that takes advantage of some vulnerability in order to allow hackers to gain access to a system which can lead to cause denial of service, raise privileges, or other attacks.
false alarm - A groundless warning about malware detection on a clean file. Heuristic and generic methods can be applied to prevent from the unsubstantiated threats. See false positive and heuristic scan.
false positive - is a groundless warning about malware detection on a clean file. A heuristic scanner indicates that a threat can be applied to prevent from the unsubstantiated threats. See heuristic scan.
FAT (File Allocation Table) - is a table that the operating system uses to locate files on a floppy disk or hard drive.
FAT32 (32-bit File Allocation Table) - supports larger file sizes and disk partitions. If there is a disk failure, FAT32 can relocate the root directory on the disk and use the backup copy of the FAT table.
file infector - is a set of programs designed to prevent unauthorized access from users on other networks. A firewall can be installed on both software and hardware. A firewall examines each network packet to determine whether to reach its destination. See also Desktop Firewall.
firewall - is a set of programs designed to prevent unauthorized access from users on other networks. A firewall can be installed on both software and hardware. A firewall examines each network packet to determine whether to reach its destination. See also Desktop Firewall.
flooder denial of service (FDoS) - is almost the same like DDoS just in the attack’s nature. FDoS programs attack structure doesn’t have any other components. FDoS attacks shut down or disable the target.
FTP (File Transfer Protocol) - TCP/IP protocols to enable data transfer.
hacker tools - Hacker tools are usually security services that are useful at helping administrators to secure their environment and to help attackers to access entry to it.
Hacking tools - Hacking tool is a program that usually hijacks, cracks or breaks your PC and network security measures. They may have different capabilities depending on the systems they have been designed to break in. Some system administrators use similar tools to check safety and identify possible ways for intrusion.
ham - Ham is a term defining non-spam messages. See spam.
Heuristic scan - is heuristic and generic method that can be applied to prevent your computer from the unsubstantiated threats. Despite that, these methods can result in false detections or false positives. See false positive.
Hoax - A fraudulent e-mail warning that sends some devastating virus or any other negative event. Hoaxes are detectable because they have no file attachment, have no reference to a third-party who can confirm the claim, and by the excessively dramatic tone of the message.
Host, host computer - A computer containing data or programs that another computer can access via the Internet or network.
HTTP - (Hyper-Text Transfer Protocol)A protocol used to request and send files, web pages and their components over the Internet or a network. The port used is Port 80 in IP networking terminology, but for secure http the port used is port 443. Many companies use Port 8080.
In the wild - When two independent researchers identify a virus within a one-year period. About 450 viruses run in the wild at the same time.
incremental DAT files - Up-to-date virus definitions supplementing current definitions that are usable for up to 15 days. These files allow to update utility program, to download only modifications for .DAT files rather than the full .DAT file set.
infected file - A file is infected when a malware inserts its code into it. Computer systems are infected when a virus or Trojan is launched on the system. Static malware (viruses and Trojans that have a malicious code) is also called infected. If an undesirable program is launched on the system, the system is not considered infected, but it can result in other consequences.
infection length - It is a size of the viral code integrated into the program. The size of a worm or Trojan horse is represented by the length.
INI File - A location in the program for storage of instructions and settings that activate when starting an operation system. Virus authors often exploit .INI , SYSTEM. INI and WININIT.INI files.
integer overflow - Status of an operating system or a program that permits storage of the data that will arrange integer value in the application to damage memory. See also Buffer Overflow Condition.
Internet protocol (IP) address - The address that identifies a computer on a TPC/IP network and determines circulating information. Each computer on a network has a unique IP address consisting of network ID, a unique host ID, which is assigned by the network administrator. This address is mainly expressed in dot-decimal notation, where the decimal values are separated by a period (for example, 123.45.6.24 as in IPv4).
Internet relay chat (IRC) - IRC is a chat system connecting multiple users, where people meet on “channels” (chat rooms, virtual places and have conversations on certain topics) to chat in groups or confidentially. The system requires from participants to exchange executable content. In this way many works and Trojans take advantage of IRC as of a communication channel to send the data to the malware author, who then instructs the malware to carry out his commands from causing a DDoS to infect other computers in the network.
IPS (Intrusion Prevention System) - An intrusion prevention system (IPS) which observes an individual host and network traffic and is capable of approaching the host and network security used for identification. Also it responds to possible threats. But as the attacker can assault immediately after gaining access, intrusion prevention system can react without delay as preset by the network administrator. See also HIPS and NIPS.
Java applets - It is an applet delivered in the form of Java bytecode. Java applets are used to provide interactive features to Web applications that cannot be provided by HTML. These applets are small, portable Java programs that are embedded in HTML pages and automatically are loaded when the pages are viewed. Malware authors have used Java applets as a means for attack. However, most Web browsers can be configured so that these applets do not execute. Sometimes it is enough to change browser security settings level to high.
jokes, joke programs - Programs that claim to harm the computer, but instead do not contain malicious content or use, do not impact the system’s security or privacy states, however, they can be annoying to the user.
keylogger - A malware that cuts off the data exchange between the user entering it and the intended recipient application. It records any information that the user types at any time using his/her keyboard and can send it to the third party. Keylogger creates the log file which can be sent to a specified receiver. Trojans and Pup keyloggers are functionally identical.
Layered service provider - TCP/IP stack. Once they appear in the stack, layered service providers can cut disrupt or alter incoming and outcoming Internet traffic.
log file - Log files register activities performed during installation, updating, or scanning.
logic bomb - An application that allows a Trojan horse to stay inactive and assault when conditions are right.
macro - A collection of keystrokes and commands that are recorded, saved and ascribed to a shortcut key. As soon as the key code is pressed, the recorded keystrokes and command are launched. Macros assist in carrying out repetitive daily operations. However, they can also be used harmfully. See Macro Virus.
macro virus - A program or code segment programmed in internal macro language of the application. Some macros copy themselves or distribute, others may alter documents, files on the computer without distributing (e.g. Trojan).
malware (malicious software) - It is a malicious program which is designed to break down or disorder the system; the examples of it may be viruses and Trojans. Potentially unwanted programs (PUPs) are not considered malware.
Malware-related hoaxes - Malware-related hoaxes give false information regarding malware or computer system events. In most cases, malware-related hoaxes are warnings of fantastical or impossible malware threats that create unnecessary panic. These hoaxes often try to trick users into performing unwanted actions on their systems. Hoaxes that are related with malware typically reach users as email and often advise that users forward them; however this is only a waste of time and bandwidth.
master boot record (MBR)/boot sector infector (BSI) - A virus infecting the system’s master boot record on hard drives and boot sector on diskettes. This virus corrupts the system at a low level and activates itself between system hardware and the operating system. An MBR/boot sector virus positions itself in memory during boot-up before virus-detection code starts operating.
MD5 - A cryptographic hash function or a unique number while transferring a string of data such as in text file or an EXE file. Hash values show that the original files are not altered.
media - This is a universal term for describing all removable tapes, disks, CD/DVDs that contain code and data to be used on a computer.
memory resident - A program that remains in RAM of the PC at all times when other programs run, e.g. accessory software, activity monitoring, resident scanning software. Viruses often try to become resident programs. An activity monitor can keep track of memory-resident operations.
mobile code - It is a software obtained from remote systems, transferred across the network, downloaded and executed without installation by the user. A worm can be considered as a harmful mobile code.
multi-partite virus - A virus corrupting files, master boot records, and boot sectors.
namespace providers (NSPs) - Namespace providers are DLLs that take advantage of Winsock APIs to penetrate into the TCP/IP stack. Namespace providers can divert data traffic from one website to an intermediary.
network aware - A virus or a worm are regarded as network aware when one of the ways of multiplication is to look for the network for open shares.
Network firewall - A network firewall guards a computer network against illegal access and is considered to be the first line of protection in guarding a computer network against external threats. Usually, data packets entering or leaving a network go through a firewall, which checks each packet and drops those that do not meet specified criteria. Network firewalls may also be configured to limit access to the outside from internal users. In general, Network firewalls may be hardware devices, software programs, or a combination of the two.
NIPS: Network Intrusion Prevention System - A program or a device which observes network traffic and prevents from assaults on a network or a system. See also HIPS, IPS.
NSLookup - A program that queries Internet domain name servers (DNS). Nslookup has two modes: interactive and non-interactive. Interactive mode lets the user to query name servers for information about various hosts and domains or to print a list of hosts in a domain. Non-interactive mode is used to print just the name and requested information for a host or domain. Given an IP address or a DNS address, it will look up and show the corresponding DNS or IP address.
NTFS (new technology file system) - The default formatting system for disk drives utilized by Windows NT, Windows 2000, Windows XP, and Windows 2003. After updating, NTFS specification is to deal with new characteristics such as larger hard disks and expanded drive support.
OS (operating system) - It is the most important program that operates on a computer. Every usual computer must be equipped with the operating system in order to launch other programs. OS carries out basic tasks as recognizing keyboard input, activating display screen, tracking down files and directories on the disk, controlling auxiliary devices such as printers, modem, and storage system. Examples of operating systems are DOS, Windows, Sun/OS, Unix, Linux, FreeBSD, PalmOS, and MacOS.
OS identification - A series of algorithms which identify the remote host’s operating system, architecture, platform, or type of device. OS identification also involves TCP/IP stack fingerprinting, application-layer protocol tests. See also Vulnerability Assessment.
overwriting virus - A malicious software that destroys old files and overwrites them with its own viral code. It is impossible to recover the original data from such a file, unless to retrieve files from backups.
packer, packed executable - Executable files are compressed with a packer that make the file more compact and encrypt the original code. The packed executable can restore its size and/or convert coded data in memory while it is operating, so that the file on the disk never resembles memory image of the file. Packers are created to eschew security software, impede from reveres engineering, or submission of a copy protection of certain level.
parasitic infector - A virus that affects files on a disk by inserting its code into the original file where it is located. As soon as the user launches the infected file, the virus is activated too. See also file infector.
password cracker - It is a program whose purpose is to make the user or administrator to recover lost or forgotten passwords from accounts on data files. These tools can help the assaulter to access secret information; therefore it is considered a threat for security and privacy.
password stealer - It is a type of Trojan that is intentionally used for stealing user’s passwords.
patch releases - Intermediate issues of a product designed for solving specific problems.
payload - The malicious code in a virus rather than the portions that are used to avoid spotting or duplication. The payload code can cause data destruction; can send messages with insulting text or graphics. However, not all viruses include an intentional payload. Nevertheless, it can endanger CPU usage, affect hard-disk space, and time taken for deleting them. Payload is regarded as data or packets distributed during an assault. See also shellcode.
PDA - Abbreviation of Personal Digital Assistant. A hand-held device that integrates telephone/fax, computing, Internet, and networking functions.
pharming - A method used to divert Internet traffic to a bogus website through domain spoofing. It means creation of a hoax DNS record for an actual website, usually for a bank or a trade company. DNS diverts traffic from the actual existing website to the hoax with intention to corrupt personal data of the customers. It happens when a user types the URL of a bank into the browser, the browser carries out a DNS search in order to establish the IP address of the bank’s website. DNS servers contain a list of domains and their IP addresses. Hackers penetrate fake information into DNS server in order that the bank’s IP addresses are diverted to the fake IP addresses. However, on the user’s browser, the website appears as authentic.
phishing - It is a criminal activity which means fraudulently acquiring personal information as passwords, social security numbers, credit cards passwords, sending spoofed e-mails that make impression as if they are sent from authentic sources, such as banks or other legal institutions. Normally, phishing e-mails ask the recipients to follow the links received in the e-mail to confirm or update credit card or contact details. The same as spam, phishing e-mail are distributed to plenty of e-mail addresses with the hope that somebody will read it and reveal personal information.
ping - A basic Internet utility that lets you verify whether a specific IP address is accessible. You can ping diagnostically to troubleshoot Internet connections.
ping attack - The method by which the network is slowed down until it’s unusable.
ping of death - Is a denial of service (DoS) attack caused by an attacker by sending an oversized ICMP packet to a target. On many operating systems, the packet size overflows the buffer and may cause system crash, reboot or freeze. See buffer overflow.
polymorphic virus - A virus that can change its virus signature when it replicates, and avoids detection by an antivirus program by infecting a new file.
polymorphic/polymorphism - A virus that avoids its detection when changes its structure or its encryption techniques. Polymorphism means the occurrence of different forms, stages or types. To avoid detection by antiviral scanners, the viral code is encrypted.
port - Area in a hardware for transferring income and outcome data of a computing device. There can be different types of ports on personal computers. It includes internal ports for connecting monitors, keyboards, disk drives, for connecting modems, printers, and other devices. In TCP/IP and UDP networks, port is the name of an end point to a logical connection. Port numbers identify what kind of port it is.
port scanning - A hacking technique used to scan computer’s ports to realize which services are available for use, and to define the operating system of a specific machine.
portable executable (PE) - A common file format determines the structure that executable files (.EXE) and Dynamic Link Libraries (.DLL) utilize for loading and execution by Windows OS.
potentially unwanted program (PUP) - Potentially unwanted programs is a term which describes unwanted programs like spyware, adware, and malware, and could be installed without user’s consent or knowledge.
protocol - A set of regulations that enable data transmission among the computers and helps to avoid errors. The regulations perform functions such as checking for errors and compression of data. Also see communications protocol.
proxy/proxies - It is a software that diverts information aiming to an IP address, domain name, or Internet traffic to a password stealer. See password stealer.
quarantine - To move infected files, spam, unknown content, and undesirable programs (PUPs) to a folder where it can not be accessed.
recursive scan - Overall scanning of a folder as well as its subfolders.
registry - A database which stores setting and options for the operating system. Registry is split into keys“ all of them having fixed values. INI file as a component of Microsoft Windows is often used by both hackers and programmers.
remote admin tool (RAT) - A software allowing the administrator to have remote control over the system. Remote administration tools can endanger security if it is controlled by an illegitimate party.
risk assessment - A report that shows likelihood of damage, successful assault on an organization’s data or assets, its vulnerabilities.
Scams and shams - Scams and shams are fake email messages that promise material gain or even luck to recipients who will send them to other users. Some luck-based hoaxes (chain letters) manipulate with people’s fear of bad luck. Money-based hoaxes offer incredibly immediate cash for simply forwarding a message. Some email scams have actually tricked many people into investing their own money in unsuccessful investments.
scan, scanning - A search carried out in executable files to detect viruses or other suspicious codes.
script - A program written in a special-purpose language with commands that a host application understands and carries out. The commands are mainly written using application rules and syntax joined with simple control structures. Examples are JavaScript and VBScript, which can be executed by some Web browsers.
self-encrypting viruses - These viruses try to hide themselves from antivirus programs by using encrypting techniques.
self-extracting files - A file which contains other compressed files to save disk space and make it easier to transfer. When extracting, the file can extract viruses or Trojans, which cannot be detected during scanning as it is a new virus detection technique. A virus cannot be activated only by downloading a self-extracting file; therefore you should always scan new files before launching them.
shell script - It is a script written for the shell. Shell scripts refer to the scripts written for UNIX environment shells. Windows and DOS command line scripts are called the batch files.
shellcode - It is a reloadable piece of machine code, mostly written in assembly language, and used as the payload in exploitation of a software bug that allows the hacker to access the computer through the operating system command line. See also exploit.
signature - A unique number built into a virus code.
signature files - A prewritten text files attached to the end of e-mail message identifying the sender.
silent installation - An unattended installation of a software that does not require user’s interaction.
Smurf attack - It is a denial-of-service attack that uses spoofed broadcast ping messages to flood a target system. The targeted addresses forward the requests to 255 hosts on a subnet. The return address of the ping request is the address of the victim. Hundreds of machines might reply to each packet and flood the target with replies.
SNMP trap - A simple network management protocol. It is a form of Internet protocol suite used by network management system to notify in asynchronous way.
spam - It is e-mail that is not requested, also called junk mail. Usually spam messages advertising products are sent to multiple recipients. E-mail messages that were subscribed by the recipient are not considered spam.
spammer - A person who sends unwanted spam messages.
spear phishing - It is a specifically targeted attack on a user. Like phishing it appears in the form of emails that come from legitimate sources such as banks, a company’s IT department, an internal employee. Unlike phishing, spear phishing is not used for masses. Such messages usual request passwords, personal information, provide a link to a Website where users can submit personal details, or contain malware, spyware, or Trojan.
splog - It is the abbreviation for “spam blogs”. These are weblog sites which the spammer uses for promoted fake websites. As links are included into plenty of blogs, they are highly searched on search-engines. Main role of splogs is to attract attention of people to spam sites, chiefly via Google.
spoofing - Faking the IP address or e-mail address to access a secure system illegally.
spyware - Spyware sends information about your personal details and Web surfing habits to the third-party without the user’s permission. This use is different from common use of spyware whose main function is to represent commercial software that is important from the view of security or privacy. See PUPs.
stealth - A virus that is able to avoid detection from scanners and users. It can divert pointers and information of the system to infect a file without modifying the infected program file itself. It can also use another technique which is to hide the length of the file or by placing a copy of itself on the drive in a different location.
SYN flood - It is a denial-of-service attack when a hacker sends a large number of SYN requests to the target system containing spoofed source IP addresses. Thus many TCP connections of the target become half - open and the target responds typing TCP state resources.
system hang - It a freeze or lock up of a computer. When a program crashes, it normally can alert with a diagnostic message or error. If the whole operating system fails, no message is displayed, mouse and keyboard become irresponsive. It happens that computer can not restart without turning it off completely.
terminate-and-stay resident - It is a type of program which keeps active memory and runs continuously in the background while other programs of the system are operating. Examples of it are VShield, a DOS-based mouse, or a CD-ROM driver.
test fckeditor - It is an open source test editor for web pages.
trigger - A condition that activates malicious effects programmed by a malware author. The trigger can be a date, the number of days since the infection, a certain combination of keystrokes. The trigger launches the virus, which later activates the payload.
Trojan, Trojan horse - A program that appears legitimate, but causes damage and endangers security of the computer when launched. Chiefly, these are e-mails containing a Trojan horse, but not the e-mails themselves. Trojans downloads from websites or during P2P communication.
tunneling - A virus that tries to get installed beneath the anti-virus program. It infects files and still remains unnoticed by the behavior blocker. Attackers use tunneling malicious content through the standard port of another application (e.g., port 80 for HTTP) in order to avoid firewalls.
USB (Universal Serial Bus) - An external bus standard that allows data transfers on all new computers. It is used as a connector to connect peripheral devices, such as mice, keyboards, webcams, scanners, and printers. Versions USB1 and USB2 differ from each other, but use the same physical connectors.
UTC time, Coordinated Universal Time (UTC) - An international time standard. Zero hours UTC is midnight in Greenwich, England.
variant, variants - Modifications of previously released viruses. Variants can be identified by a letter-based extension after the virus name e.g., W32/Virus.a, W32/Virus.b, etc. If more than 26 variants are identified within one virus family, a two-letter extension is applied: e.g., W32/Virus.aa, W32/Virus.ab, etc.
VBS - It is a method of distributing viruses by using Visual Basic Scripting. It does not cause a problem, unless Internet Explorer 5 or Outlook98 or higher is used on the computer.
virus - A destructive program or code that can copy itself and infect a computer, boot sector, partition sector, a document that support a macros, by penetrating or attaching itself to the medium. Viruses can only copy themselves, but anyway they are able to cause damage.
virus definition (DAT) files - See DAT files.
virus-scanning engine - A mechanism that carries out anti-virus scanning.
vulnerability - Security expose of a computer, operating system, or a software application which may cause system crash, information loss or allow others to use systems for their own purposes.
Vulnerability Assessment (VA) - Vulnerability Assessment (VA) is the process in a system identifying security deficiencies related to vulnerability scan results. See also Vulnerability Management (VM) and vulnerability scan, vulnerability scanning.
Vulnerability Management (VM) - Vulnerability Management (VM) is a process in a system which decides whether to remove or tolerate on risk and cost based vulnerabilities. See also Vulnerability Assessment (VA).
vulnerability scan, vulnerability scanning - Vulnerability scan is a program which scans hosts and networks of vulnerabilities. See also Vulnerability Assessment (VA).
white list - E-mail addresses list from whom you want to receive messages (not spam).
WHOIS - It is a term referring to a domain name search or look-up feature for a database. It displays information about a domain name or IP address. Information such as name availability can be found through a query or search using a WHOIS protocol (standard). Most Top-Level Domain registries keep their own WHOIS database containing domain name contact information.
worm - A virus which creates itself copies on other drives, systems or networks and performs other malicious actions which may cause system shutting down.
ZIP file - ZIP file (.ZIP) is a file which contains multiple compressed files. In order to reach information from compressed zip extension files they need to be uncompressed in the original form. Unknown zipped files may contain viruses or spyware so you should be careful by opening them.