Friday, May 9, 2008

Malware Codes Glossary


It's a type of Browser Plug-in. ActiveX is a set of technologies from Microsoft that enables interactive content for the World Wide Web. As ActiveX security settings in Internet Explorer can allow web pages to automatically and secretly install ActiveX controls, they can be a significant security threat. ActiveX controls can access files on your hard drive.


A type of Advertising Display Software that delivers advertising content potentially in a manner or context that may be unexpected and unwanted by users. Many adware applications also perform tracking functions, and therefore may also be categorized as Tracking Technologies. Some consumers may want to remove Adware if they object to such tracking, do not wish to see the advertising caused by the program, or are frustrated by its effects on system performance.
On the other hand, some users may wish to keep particular adware programs if their presence subsidizes the cost of a desired product or service or if they provide advertising that is useful or desired, such as ads that are competitive or complementary to what the user is looking at or searching for.

Alternate Data Stream:

An extension to Microsoft's Windows NT File System (NTFS) that provides compatibility with files created using Apple's Hierarchical File System (HFS). Applications must write special code if they want to access and manipulate data stored in an alternate stream. Some applications use these streams to evade detection.


Backdoors are remote administration utilities that open infected machines to external control via the Internet or a local network.


A type of Worm that uses Bluetooth technology as its spreading vector. Bluetooth is a wireless communications technology. See also Worm.

Botnet: Botnet is a term formed from two words â€" Robot and Network. A Bot, sometimes referred to as Zombie, is a computer that has been infected with malware that allows a remote malicious user access to the computer. With that remote access, the malicious user can control and harness the power of all such Bots into a powerful network used for criminal activity. Botnets have been used for sending spam remotely, installing more malware without consent, and other illicit purposes.

Browser Helper Object (BHO):

A Browser Helper Object (BHO) is a program that runs automatically every time that the Internet Explorer browser is launched. It is meant to extend the functionality of the browser, but it can also track how you use the Internet. Toolbars are a common form of BHO.

Browser Plug-in:

A software component that interacts with a Web browser to provide capabilities or perform functions not otherwise included in the browser. Typical examples are plug-ins to display specific graphic formats, to play multimedia files or to add toolbars which include search or antiphishing services. Plug-ins can also perform potentially unwanted behaviors such as redirecting search results or monitoring user browsing behavior, connections history, or installing other unwanted software like nuisance or harmful adware.

Types of Browser plug-ins include:

  • ActiveX Controls: Microsoft Internet Explorer
  • Browser Helper Object (BHOs): Microsoft Internet Explorer
  • Mozilla Firefox Extensions: Mozilla Firefox


A piece of data that a Web site or a third party that was commissioned or approved by the website â€" saves on users' computers' hard drives and retrieves when the users revisit that Web site. Some cookies may use a unique identifier that links to information such as logon or registration data, online "shopping cart" selections, user preferences, Web sites a user has visited, et cetera. See also Tracking Cookies.

Data Miner:

A Data Miner is a program that can collect information on how you browse and use websites. The collected information can include data gathered from forms you fill and submit. Usually data miners work without your knowledge.


A Dialer is a program which tries to connect to an expensive pay-per-minute phone number using the computer's modem. Most malicious dialers work without your awareness or permission.

Distributed Denial-of-Service (DDoS):

Attack A means of burdening or effectively shutting down a remote system by bombarding it with traffic from many other computers. DDoS attacks are often launched using the compromised systems of Internet users, often using botnets. An attacker will exploit a vulnerability in one computer system and make it the DDoS master using Remote Control Software. Later, the intruder will use the master system to identify and manage zombies that can perform the attack. Email-Worm A type of Worm that uses E-mail as its spreading vector.
See also Worm.


A utility designed to penetrate remote computers.


A Hoax is a type of chain letter that contains false information, often spreading a false virus warning. Do note that we generally only focus on virus-related hoaxes. We can not evaluate whether non-computer related folklore stories are urban legends or true stories

Hosts File:

The Hosts File is a lot like an address book. When you type an address into your web browser, the address is translated into a numeric IP address. If the address can be found from the Hosts file, your computer will use it. If not, your computer will connect to the DNS service of your Internet Service Provider. Some malware can edit your Hosts file to hijack and redirect a web connection to a completely different site on the Internet/World Wide Web.


A type of Worm that uses Instant Messaging (IM) software as its spreading vector. MSN Messenger, AOL Instant Messenger (AIM), and Yahoo Messenger are examples of IM applications. See also Worm.


When malware is typed as Intended, it is software that contains bugs or other problems that prevent it from functioning as the author intended. It would have been malware, and future versions still might be, but the current version is defective.


A type of Worm that uses Internet Relay Chat (IRC) as its spreading vector. IRC is a form of real-time Internet chat. It is mainly designed for group communication in discussion forums known as channels. See also Worm.


A Joke is a program with annoying or funny functionality, but it is not destructive.


Malware that is encoded as a macro embedded in a document.


Malware is a common name for all kinds of unwanted software such as viruses, worms, trojans and jokes.


A Monitoring Tool can monitor and record all computer activities, including each keystroke you type on the keyboard.

Multipartite Virus:

A Multipartite Virus is a virus composed of several parts. Every part of a multipartite virus needs to be cleaned away, to give assurance of non-infection.


A Network Worm is a program that can replicate itself by sending copies in e-mail messages or over a network.

On-Access Scanner:

Real-time scanner, a background process that provides a constant guard against viruses.

On-Demand Scanner:

An On-Demand Scanner is a virus scanner which is started manually.


A type of Worm that uses Peer-to-peer networking software as its spreading vector. See also Worm.


Pharming (pronounced farming) is a scam technique that is similar to phishing. It is an attempt to steal personal information using false web sites. Pharming attacks seed false information on Internet DNS servers that provide location information. The result is that individuals are directed to web sites to seem to be genuine, but are actually false.


In a computing context, Phishing is an impersonation of a corporation or other trusted institution. The goal of the impersonation is to extract passwords or other sensitive information from the victim. It is a form of criminal activity that utilizes social engineering techniques. Phishing is typically done using e-mail or an instant messaging program. The attempt of the message is to appear to be from an authentic source so that victim will either directly respond, or will open a URL link to a fake web site run by the criminals. Phishing (pronounced fishing) is a scam technique using e-mail that links to false, but genuine looking web sites, most often of Banks, that attempt to steal personal information. The spam bait is used with the odds that it will be ignored by most, because it will be out of context, but with the hope that some will be hooked.

Polymorphic Virus:

A Polymorphic Virus is a virus which changes itself (mutates) as it passes through host files, making disinfection a serious challenge.

Real-Time Scanner:

A Real-Time Scanner is a scanner that operates in the background, allowing a user to continue working at normal speed, with no significant slowing.

Replication Mechanism:

Replication Mechanisms are a mandatory part of every virus and worm. If it doesn't have a replication mechanism, it's by definition not a virus or worm.


Riskware is software that can pose a security risk that is not malicious by its nature. Such software has usefulness that can assist a knowledgeable user, but can also be bundled and used by malicious software. Examples include: FTP servers, IRC clients, Network Sniffers, overeager DRM software, and Remote Administration. Additionally, this category includes software that cannot be included in other malware categories. Some software is not malicious, but does not provide the functionality claimed. If the functionality of software is suspect, it may be added to the riskware category.


A suspect antispyware application that engages in doubious practices such as false positives. Illegal advertisements are sometimes used and trojans are sometimes installed to provide an infection to "clean". Rogue antispyware is often not malicious itself, but it does not provide the functionality claimed. Also known as Scareware.


Rootkits are a technique that allows malware to hide from computer operating systems and from computer users. Rootkit techniques create stealth programs that run at a "lower" level than the user can see with normal software utilities. Malware attempts to use this method to avoid detection by security software.


Spyware is software that performs actions such as creating unsolicited pop-ups, hijacks home/search pages, or redirects browsing results. The term Spyware has been used in two ways: In its narrow sense, Spyware is a term for Tracking Software deployed without adequate notice, consent, or control for the user. In its broader sense, Spyware is used as a synonym for Spyware (narrow) and Other Potentially Unwanted Technologies.

Stealth Virus:

A Stealth Virus is a virus that hides itself by intercepting disk access requests. When an antivirus program tries to read files or boot sectors to find the virus, the stealth virus feeds the antivirus program a clean image of file or boot sector.

Time Bomb:

A Time Bomb is a destructive action triggered at some specific date or time.


Toolbars are add-on applications for Web browser software. They provide additional functionality that is often not included within the browser. Toolbar software can be used for Tracking users' online behavior.

Tracking Cookies:

Tracking Cookies track your web browsing habits. They can collect information about pages and advertisements you have seen or any other activity during browsing. Different websites can share tracking cookies, and each website with the same tracking cookie can read the information and write new information into it. A Tracking Cookie is any cookie used for tracking users' surfing habits. Tracking Cookies are a form of Tracking Technology. They are typically used by advertisers wishing to analyze and manage advertising data, but they may be used to profile and track user activity more closely. However, tracking cookies are simply a text file, and far more limited in capability than executable software installed on users' computers. While installed software can potentially record any data or activity on a computer, cookies are simply a record of visits or activity with a single Website or its affiliated sites. See also Cookie.


A software that monitors user behavior, or gathers information about the user, sometimes including personally identifiable or other sensitive information.


A Trojan or Trojan House is a software application with hidden destructive functionality. It is a program that appears to do one thing but actually does another.


Downloads and installs new malware or adware on the targeted computer.


Used to install other malware on a computer without the computer user's knowledge.


These Trojans function as a proxy server and provide anonymous access to the Internet from infected machines.


This type of Trojan is designed to steal passwords.


A type of Trojan that includes a variety of spy programs and keyloggers.


As you know, a Virus is a computer program that replicates by attaching itself to another object and/or program.


Vulnerabilities open security holes that can allow other applications to connect to the computer system without your authorization or knowledge.


W32 is a Platform designator for 32-bit versions of Microsoft Windows. 32-bit refers to the chip architecture that the version of Windows is designed for.


A Worm is a computer program that replicates independently by sending itself to other systems.
Worms are "network viruses", primarily replicating on networks. Usually a worm will execute itself automatically on a remote machine without any extra help from a user. However, there are worms, such as mass-mailer worms, that will not always automatically execute themselves without the help of a user. Multiple vectors of spreading result in malware being typed as "Worm". A single vector of spreading will result in a more specific type. Examples: "Net-Worm", "IM-Worm", or "Bluetooth-Worm".


See 'Botnet'.

No comments: