Malware from A to Z
Confused by the terms you come across in the cyber security world? This glossary, provided by the Anti-Spyware Coalition, will help you to understand the key terms in the lingo of malware and cyber crime.
- ActiveX Control
- Advertising Display Software
- Alternate Data Stream
- Automatic Download Software
- Dialing Software
- Distributed Denial-of-Service (DDoS) Attack
- Passive Tracking Technologies
- Password Cracker
- Personally Identifiable Information (PII)
- Port Scanner
- Potentially Unwanted Program
- Privilege Elevation
- Registry Keys
- Remote Access/Administration Tool (RAT)
- Remote Control Software
- Risk Modeling
- Screen Scrapers/Screen Capturers
- Security Analysis Software
- State Management Tools
- System Modifying Software
- Stream Files
- System Monitor
See Browser Plug-in.
Any program that causes advertising content to be displayed.
A type of Advertising Display Software that delivers advertising content potentially in a manner or context that may be unexpected and unwanted by users. Many adware applications also perform tracking functions, and therefore may also be categorized as Tracking Technologies. Some consumers may want to remove Adware if they object to such tracking, do not wish to see the advertising caused by the program, or are frustrated by its effects on system performance.
An extension to Microsoft's Windows NT File System (NTFS) that provides compatibility with files created using Apple's Hierarchical File System (HFS). Applications must write special code if they want to access and manipulate data stored in an alternate stream. Some Spyware uses these streams to evade detection.
Any program used to download and install software without user interaction.
A type of Remote Control Software, specifically a collection of software robots, or 'bots', which run autonomously. Botnets have been used for sending spam remotely, installing more Spyware without consent, and other illicit purposes.
see Browser Plug-in.
A software component that interacts with a Web browser to provide capabilities or perform functions not otherwise included in the browser. Typical examples are to display specific graphic formats, to play multimedia files or to add toolbars which include search or anti-phishing services. Plug-ins can also perform potentially unwanted behaviors such as redirecting search results or installing other unwanted software like harmful adware. Types include:
- ActiveX Control: A type of Browser Plug-in that is downloaded and executed by the Microsoft Internet Explorer Web browser.
- Browser Helper Object (BHOs): A Type of Browser Plug-in that is executed each time the Microsoft Internet Explorer Web browser is launched. Toolbars are a common form of BHO.
- Mozilla Firefox Extensions: A Browser Plug-in specific to Mozilla Firefox.
The practice of distributing multiple pieces of software together, so that when the software 'bundle' is installed, multiple components may be installed. In many cases, bundling is a convenient way to distribute related pieces of software together. However, in some cases, unwanted software components, such as nuisance or harmful adware, can be bundled with programs users want, and can thereby be downloaded onto their computers without notice or consent.
A piece of data that a website -- or a third party that was commissioned or approved by the website -- saves on users' hard drives and retrieves when the users revisit that site. Some cookies may use a unique identifier that links to information such as login or registration data, online 'shopping cart' selections, user preferences, websites a user has visited, etc. See also Tracking Cookies.
Dialer is a colloquial term for Dialing Software.
Any program that utilizes a computer's modem to make calls or access services. Users may want to remove Dialers that dial without the user's active involvement, resulting in unexpected telephone charges and/or cause access to unintended and unwanted content.
A means of burdening or effectively shutting down a remote system by bombarding it with traffic from many other computers. DDoS attacks are often launched using the compromised systems of Internet users, often using botnets.
A program designed to retrieve and install additional files. Downloaders can be useful tools for consumers to automate upgrades of essential software such as operating system upgrades, browsers, anti-virus applications, anti-spyware tools, games and other useful applications. Unauthorized downloaders are used by third parties to download potentially unwanted software without user notification or consent.
The automatic download of software to a user's computer when he/she visits a website or views an html formatted email, without the user's consent and often without any notice at all. Drive-by-downloads are typically performed by exploiting security holes or lowered security settings on a user's computer.
A piece of software that takes advantage of a hole or vulnerability in a user's system to gain unauthorized access to the system.
Security Analysis Software that can be used to investigate, analyze or compromise the security of systems. Some Hacker Tools are multi-purpose programs, while others have few legitimate uses.
System Modification Software deployed without adequate notice, consent, or control to the user. Hijackers often unexpectedly alter browser settings, redirect Web searches and/or network requests to unintended sites, or replace Web content. Hijackers may also frustrate users' attempts to undo these changes, by restoring hijacked settings upon each system start.
A file, stored on the user's computer, used to look up the Internet Protocol address of a device connected to a computer network. Some Spyware has been known to change a host file in order to redirect users from a site that they want to visit to sites that the spyware company wants them to visit.
Tracking Software that records keyboard and/or mouse activity. Keyloggers typically either store the recorded keystrokes for later retrieval or they transmit them to the remote process or person employing the keylogger. While there are some legitimate uses of keyloggers, but they are often used maliciously by attackers to surreptitiously track behavior to perform unwanted or unauthorized actions included but not limited to identity theft.
The behavioral factors which anti-spyware companies use to decide whether to consider a process or program Spyware.
A program that can compress and/or encrypt an executable file in a manner that prevents matching the memory image of that file and the actual file on disk. Sometimes used for copy protection, packers are often used to make Spyware less easy to analyze/detect.
Technologies used to monitor user behavior or gather information about the user, sometimes including personally identifiable or other sensitive information.
Security Analysis Software designed to allow someone to recover or decrypt lost, forgotten or unknown passwords. Password Cracker can guess a password by running a brute-force attack, e.g. testing each character combination to find the right password, or by running a dictionary attack, e.g. testing common words from large dictionaries, which could be used as password by users. While they can be a legitimate tool used by security administrators and law enforcement officers, Password Crackers pose a significant security and privacy threat when used illicitly.
'Personal information' is information concerning an identified or identifiable individual, the collection, use or disclosure which the individual would ordinarily want to control. Different anti-spyware vendors will apply their own definitions of 'personal information' within their own anti-spyware applications in response to the needs and preferences of their customers.
Security Analysis Software used to discover what computer network services a remote system provides. Port scanning indicates where to probe for weaknesses.
An application that does not display malicious behavior yet raises minor security/privacy/behavioral concerns where its usefulness could be disputed.
A process that allows an individual or device to gain unauthorized privileges, usually administrator level access, on a computer or network.
A database integrated into certain operating systems which store information, including user preferences, settings and license information, about hardware and software installed on a user's computer.
The individual entries in the Registry. The value of the keys is changed every time a new program is installed or configuration settings are modified. Spyware often changes registry key values in order to take control of parts of the system. These changes can impair the regular function of the computer.
An executable application designed to allow remote access to or control of a system. RATs are a type of Remote Control Software. While there are many legitimate uses of RATs, they can be used maliciously by attackers to start or end programs, install and uninstall new software, or perform other unauthorized actions.
Any program used to allow remote access or control of computer systems.
The process used by anti-spyware vendors to determine the categorization of Spyware, both in terms of level and type of risk.
A program that fraudulently gains or maintains administrator level access that may also execute in a manner that prevents detection. Once a program has gained access, it can be used to monitor traffic and keystrokes; create a backdoor into the system for the hacker's use; alter log files; attack other machines on the network; and alter existing system tools to circumvent detection. Rootkit commands replace original system command to run malicious commands chosen by the attacker and to hide the presence of the Rootkit.
Tracking Software that records images of activity on the computer screen. Screen Scrapers typically either store the recorded images and/or video for later retrieval or they transmit them to the remote process or person employing the Screen Scraper. There are some legitimate uses of screen scrapers, but they are often used maliciously by attackers to surreptitiously perform actions that can include identity theft.
Any program used by a computer user to analyze or circumvent security protections.
Technologies used to store and make information available about the 'state' of a system - i.e. information about current conditions and operations. Cookies are the most common form of a State Management Tool since they can be used to store data provided to a website and maintain a Web application session.
Any program used to modify users' systems and change their experience, such as by altering their home page, search page, default media player, or lower level system functions.
The term Spyware has been used in two ways. In its narrow sense, Spyware is a term for Tracking Software deployed without adequate notice, consent, or control for the user. In its broader sense, Spyware is used as a synonym for what the ASC calls 'Spyware (and Other Potentially Unwanted Technologies).' Technologies deployed without appropriate user consent and/or implemented in ways that impair user control over: Material changes that affect their user experience, privacy, or system security; Use of their system resources, including what programs are installed on their computers; and/or Collection, use, and distribution of their personal or other sensitive information.
Tracking Software that is used to monitor computer activity. System Monitors range in capabilities but may record some or all of the following: keystrokes, screen captures, e-mails, chat room conversations, instant messages, websites visited, usernames, passwords or other types of data in transit. The information is typically either stored for later retrieval or transmitted to the remote process or person employing the Monitor. Keyloggers and Screen Scrapers are types of System Monitors.
A Tracking Cookie is any Cookie used for tracking users' surfing habits. Tracking Cookies are a form of Tracking Technology. They are typically used by advertisers wishing to analyze and manage advertising data, but they may be used to profile and track user activity more closely. However, tracking cookies are simply a text file, and a record of visits or activity with a single website or its affiliated sites.
Software that monitors user behavior, or gathers information about the user, sometimes including personally identifiable or other sensitive information, through an executable program.
Automatic Download Software designed to install or reinstall software by downloading slowly in the background so the download is less noticeable (and does not impair other functions). Tricklers are typically used to enable a Spyware program to install silently or to reinstall after a user has removed components of the program from his or her computer.
A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
The system owner or the designated administrator. In a household, this is commonly the person operating the computer.
Code that recursively replicates a possibly evolved copy of itself. Viruses infect a Host File or system area, or they simply modify a reference to such objects to take control and then multiply again to form new generations.
Worms are network Viruses, primarily replicating on networks. Usually, a worm will execute itself automatically on a remote machine without any extra help from a user. However, there are worms, such as mass-mailer worms, that will not always automatically execute themselves without the help of a user.
A system that has been taken over using Remote Control Software. Zombies are often used to send spam or to attack remote servers with an overwhelming amount of traffic, a Distributed Denial-of-Service (DDoS) Attack. A collection of many zombies comprise a botnet.