Malware Glossary
Not sure what someone means by Rootkit's, Cookies or Keyloggers, We hope after reading this basic information about what Malware threats are lurking out in Cyberspace, you will have a new understanding.
Adware:
A type of software to display adverts, adware tracks the users browsing habits and deliver adverts based on the habits of the user.
Many adware programs deliver these adverts in a way that is unexpected and unwanted by the user.
Users may wish to remove adware if they object to the tracking methods used and do not wish to see the advertising caused by such a program.
Sometimes users may also wish to keep adware as this in certain case subsidizes the cost of producing the software.
Some adware programs also connect to servers that contain malicious software and adware may can also become a source of infection.
Bot:
The term Bot (short for robot) is a type of program that usually leverages a Internet facing port to deliver a program that awaits a further command on which it can take remote control of the system.
Bots are often combined with other infected machines to form a botnet (a series of bot-infected computers).
Bots are used to turn an individual machine into a "zombie" that can then be used for actions such as coordinated DoS attacks on web sites, spamming, or hired/sold to others for such use.
Cookies:
A small file which is downloaded by a web site or third party that is approved by the web site and saves to the users computer and then retrieved when the user revisits the web site.
Some cookies contain unique information to help identify a returning user, such as login, registration data, online "shopping cart" selections, user preferences.
ALSO SEE Tracking Cookies
Data Miner:
Data miner is a program that can collect information from the users computer about their browsing habits and use of the Internet.
This is normally done without the users permission or knowledge.
Dialler:
A type of program that will use your computers modem to dial an expensive pay per minute phone number, almost all dialler's work without the users knowledge or permission.
E-mail Worm:
A type of worm that uses E-mail as its infection method.
ALSO SEE Worm
Exploits:
A Exploit is a piece of malicious code designed to attack a vulnerability on a computer system and piece of un-patched software.
Hackers and writers of Malware look for announcements of such vulnerabilities by software makers and other sources and then attack machines, which have not been patched against the vulnerability.
The malicious code is designed to enable an activity that otherwise could not take place, or to avoid system restrictions preventing such an activity.
Various payloads (Viruses, Worms, Trojans) attached to the exploits may provide the attacker with several ways into the compromised system.
Hack Tool:
A program used to penetrate a computer security system and gain access to it.
Hoax:
A hoax is a type of chain letter that contains fake information normally about viruses though they can be about anything that causes the receiver to forward it on to people listed in their address book.
IM Worm: (Instant Messaging Worm)
A type of worm that uses Instant Messaging Software as its infection method.
ALSO SEE Worm
IRC Worm:
A type of worm that uses Internet Relay Chat as its Infection method.
IRC is a form of real time chat that is mainly used for group communication in discussion forums.
ALSO SEE Worm
Monitoring Tool:
A Monitoring Tool can monitor and record all computer activities, including each keystroke you type on the keyboard.
Network Worm: (Net Worm)
A type of worm that can copy itself by sending e-mails or message over a network.
ALSO SEE Worm
P2P Worm: (Peer To Peer Worm)
Adware:
A type of software to display adverts, adware tracks the users browsing habits and deliver adverts based on the habits of the user.
Many adware programs deliver these adverts in a way that is unexpected and unwanted by the user.
Users may wish to remove adware if they object to the tracking methods used and do not wish to see the advertising caused by such a program.
Sometimes users may also wish to keep adware as this in certain case subsidizes the cost of producing the software.
Some adware programs also connect to servers that contain malicious software and adware may can also become a source of infection.
Bot:
The term Bot (short for robot) is a type of program that usually leverages a Internet facing port to deliver a program that awaits a further command on which it can take remote control of the system.
Bots are often combined with other infected machines to form a botnet (a series of bot-infected computers).
Bots are used to turn an individual machine into a "zombie" that can then be used for actions such as coordinated DoS attacks on web sites, spamming, or hired/sold to others for such use.
Cookies:
A small file which is downloaded by a web site or third party that is approved by the web site and saves to the users computer and then retrieved when the user revisits the web site.
Some cookies contain unique information to help identify a returning user, such as login, registration data, online "shopping cart" selections, user preferences.
ALSO SEE Tracking Cookies
Data Miner:
Data miner is a program that can collect information from the users computer about their browsing habits and use of the Internet.
This is normally done without the users permission or knowledge.
Dialler:
A type of program that will use your computers modem to dial an expensive pay per minute phone number, almost all dialler's work without the users knowledge or permission.
E-mail Worm:
A type of worm that uses E-mail as its infection method.
ALSO SEE Worm
Exploits:
A Exploit is a piece of malicious code designed to attack a vulnerability on a computer system and piece of un-patched software.
Hackers and writers of Malware look for announcements of such vulnerabilities by software makers and other sources and then attack machines, which have not been patched against the vulnerability.
The malicious code is designed to enable an activity that otherwise could not take place, or to avoid system restrictions preventing such an activity.
Various payloads (Viruses, Worms, Trojans) attached to the exploits may provide the attacker with several ways into the compromised system.
Hack Tool:
A program used to penetrate a computer security system and gain access to it.
Hoax:
A hoax is a type of chain letter that contains fake information normally about viruses though they can be about anything that causes the receiver to forward it on to people listed in their address book.
IM Worm: (Instant Messaging Worm)
A type of worm that uses Instant Messaging Software as its infection method.
ALSO SEE Worm
IRC Worm:
A type of worm that uses Internet Relay Chat as its Infection method.
IRC is a form of real time chat that is mainly used for group communication in discussion forums.
ALSO SEE Worm
Monitoring Tool:
A Monitoring Tool can monitor and record all computer activities, including each keystroke you type on the keyboard.
Network Worm: (Net Worm)
A type of worm that can copy itself by sending e-mails or message over a network.
ALSO SEE Worm
P2P Worm: (Peer To Peer Worm)
A type of worm that uses Peer To Peer Software as its main infection method.
ALSO SEE Worm
Phishing:
In a computing context, Phishing is an impersonation of a corporation or other trusted institution. The goal of the impersonation is to extract passwords or other sensitive information from the victim. It is a form of criminal activity that uses social engineering techniques. Phishing is typically done using e-mail or an instant messaging program. The attempt of the message is to appear to be from an authentic source so that victim will either directly respond, or will open a URL link to a fake web site run by the criminals.
Phishing is a scam technique using e-mail that links to false, but genuine looking web sites, most often of Banks, that attempt to steal personal information. The spam bait is used with the odds that it will be ignored by most, because it will be out of context, but with the hope that some will be hooked.
ALSO SEE Worm
Phishing:
In a computing context, Phishing is an impersonation of a corporation or other trusted institution. The goal of the impersonation is to extract passwords or other sensitive information from the victim. It is a form of criminal activity that uses social engineering techniques. Phishing is typically done using e-mail or an instant messaging program. The attempt of the message is to appear to be from an authentic source so that victim will either directly respond, or will open a URL link to a fake web site run by the criminals.
Phishing is a scam technique using e-mail that links to false, but genuine looking web sites, most often of Banks, that attempt to steal personal information. The spam bait is used with the odds that it will be ignored by most, because it will be out of context, but with the hope that some will be hooked.
Although Phishing in itself is not malware, the fake web sites may contain malware intended to extract passwords or other sensitive information stored on the victims computer.
Polymorphic Virus:
A Polymorphic Virus is a virus which changes itself (mutates) as it passes through host files, making disinfection a serious challenge.
Riskware:
Riskware is software that can pose a security risk that is not malicious by its nature. Such software has the usefulness that can help a knowledgeable user, but can also be bundled and used by malicious software. Examples include: FTP servers, IRC clients, Network Sniffers, overeager DRM software, and Remote Administration. Additionally, this category includes software that cannot be included in other malware categories. Some software is not malicious, but does not provide the functionality claimed. If the functionality of software is suspect, it may be added to the riskware category.
Rogue Security Software:
Rogue Security Software is a form of computer malware that deceives or misleads users into paying for fake removal of malware, in recent years this type of scam has become big business.
Polymorphic Virus:
A Polymorphic Virus is a virus which changes itself (mutates) as it passes through host files, making disinfection a serious challenge.
Riskware:
Riskware is software that can pose a security risk that is not malicious by its nature. Such software has the usefulness that can help a knowledgeable user, but can also be bundled and used by malicious software. Examples include: FTP servers, IRC clients, Network Sniffers, overeager DRM software, and Remote Administration. Additionally, this category includes software that cannot be included in other malware categories. Some software is not malicious, but does not provide the functionality claimed. If the functionality of software is suspect, it may be added to the riskware category.
Rogue Security Software:
Rogue Security Software is a form of computer malware that deceives or misleads users into paying for fake removal of malware, in recent years this type of scam has become big business.
Some types of rogue security software overlaps in function with scareware by presenting the user with offers to fix urgent performance problems and scaring the user by presenting authentic looking system messages.
Rootkit:
Rootkits are a technique that allows malware to hide from computer operating systems and from computer users. Rootkit techniques create stealth programs that run at a "lower" level than the user sees with normal software utilities. Malware attempts to use this method to avoid detection by security software.
Rootkit:
Rootkits are a technique that allows malware to hide from computer operating systems and from computer users. Rootkit techniques create stealth programs that run at a "lower" level than the user sees with normal software utilities. Malware attempts to use this method to avoid detection by security software.
Scareware:
Scareware is a type of software scam that is designed to convince the user that their computer system has become infected with viruses when usually this is completely fictional.
This type of scam is designed to cause shock, panic and anxiety in the computer user to persuade them into downloading and paying for anti-virus software that is non-function or malware itself.
Spyware:
Spyware is a form of malicious software that makes use of the user's Internet connection without the user knowing, usually secretly to gather information about the user.
Once the user has installed the Spyware, it may monitor user activities on the Internet and send that information in the background to someone else.
Spyware can also gather information about addresses and possible even passwords, credit card numbers & bank account details.
Spyware is often unwittingly installed when users install another program, but can also be installed when the user simply visits a malicious web site.
Stealth Virus:
A Stealth Virus is a virus that hides itself by intercepting disk access requests. When an anti-virus program tries to read files or boot sectors to find the virus, the stealth virus feeds the anti-virus program a clean image of file or boot sector.
Tracking Cookie:
Tracking Cookies track your web browsing habits. They can collect information about pages and advertisements you have seen or any other activity during browsing. Different web sites can share tracking cookies, and each web site with the same tracking cookie can read the information and write new information into it.
A Tracking Cookie is any cookie used for tracking users' surfing habits. Tracking Cookies are a form of Tracking Technology. They are typically used by advertisers wishing to analyse and manage advertising data, but they may be used to profile and track user activity more closely.
However, tracking cookies are simply a text file, and far more limited in capability than executable software installed on users' computers. While installed software can potentially record any data or activity on a computer, cookies are simply a record of visits or activity with a single web site or its affiliated sites.
ALSO SEE Cookie.
Trackware:
Software that monitors user behaviour, or gathers information about the user, sometimes including personally identifiable or other sensitive information.
Trojans:
Trojans or Trojan Horses are malicious programs that pretend to be harmless applications. Unlike Viruses or Worms, Trojan Horses do not copy themselves; they can be damaging to networks by delivering other types of Malware.
Trojan-Downloader - Downloads and installs new malware on an infected computer.
Trojan-Dropper - Downloads and installs other malware without the computer users knowledge.
Trojan-Proxy - These Trojans provide Internet access via an infected system that acts as a Proxy Server.
Trojan-PSW - This type of Trojan is used to steal passwords from an infected machine.
Trojan Spy - A type of Trojan that includes many different programs to spy and log the users habits and steal information.
Trojan-Dropper - Downloads and installs other malware without the computer users knowledge.
Trojan-Proxy - These Trojans provide Internet access via an infected system that acts as a Proxy Server.
Trojan-PSW - This type of Trojan is used to steal passwords from an infected machine.
Trojan Spy - A type of Trojan that includes many different programs to spy and log the users habits and steal information.
___
Virus:
A Computer Virus is a program or piece of code that is normally designed to be malicious but sometimes can be used just for a joke/hoax; it is loaded on to a computer without the user's knowledge.
Viruses are man-made, although through time & use the original virus can become damaged to create new versions (variants) of the virus and copy themselves by attaching themselves to files or diskettes, often soaking up memory or hard disk space and bringing networks to a standstill.
Most recent viruses are born on the Internet and capable of sending themselves across networks and bypassing the security systems that should offer protection.
Now Anti-Virus companies have numerous numbers of researchers and testers working around the clock to make sure that homes & businesses stay protected.
Minor variations of the same virus is classed as families of viruses.
Vulnerability:
Vulnerabilities open security holes that allow other applications to connect to the computer system without your authorization or knowledge.
Worm:
A Worm is an insidious program or algorithm that copies itself over a computer network or by e-mail system and usually performs malicious actions, such as using up the computer's resources or distributing pornography and possibly shutting the system down. Unlike Viruses, Worms copy themselves as standalone programs and do not attach themselves to other objects.
One of the most recent worms was Conficker & its Variations that are estimated to have infected over ten million computers running Windows XP and Vista.
How Does This Malware Get On To Your System?
There are many routes for your computer to become infected with Malware below are some of the most common:
A Computer Virus is a program or piece of code that is normally designed to be malicious but sometimes can be used just for a joke/hoax; it is loaded on to a computer without the user's knowledge.
Viruses are man-made, although through time & use the original virus can become damaged to create new versions (variants) of the virus and copy themselves by attaching themselves to files or diskettes, often soaking up memory or hard disk space and bringing networks to a standstill.
Most recent viruses are born on the Internet and capable of sending themselves across networks and bypassing the security systems that should offer protection.
Now Anti-Virus companies have numerous numbers of researchers and testers working around the clock to make sure that homes & businesses stay protected.
Minor variations of the same virus is classed as families of viruses.
Vulnerability:
Vulnerabilities open security holes that allow other applications to connect to the computer system without your authorization or knowledge.
Worm:
A Worm is an insidious program or algorithm that copies itself over a computer network or by e-mail system and usually performs malicious actions, such as using up the computer's resources or distributing pornography and possibly shutting the system down. Unlike Viruses, Worms copy themselves as standalone programs and do not attach themselves to other objects.
One of the most recent worms was Conficker & its Variations that are estimated to have infected over ten million computers running Windows XP and Vista.
How Does This Malware Get On To Your System?
There are many routes for your computer to become infected with Malware below are some of the most common:
- Malicious web sites - these infect your machine soon as you visit them, though some will trick you into download the malicious program/coding by claiming you need to update a piece of software to view something on the site.
- Drive By Download - this attack method is used surreptitiously to download malware onto the user's machine. The attack generally includes exploits of the browser or OS vulnerabilities, and may be separated into several pieces so that the user may be directed to several web sites or domains to avoid detection by anti-malware programs.
- E-mails & Spam - malware authors may use this method to infect your system and when you go onto the Internet you may find you have been redirected to a Malicious web site that downloads more malware onto your computer.
- Peer To Peer Software - file sharing across P2P networks can contain high numbers of malware because the number of computers connecting to one another can spread infections very quickly.
- Instant Messengers - sometimes your friends computer can become infected without them knowing, when they send you a file that may carry the infection to your computer, also sometimes you may be sent a file that is not from the person you are chatting to which can also be infected.
- Shared Floppy Disks, Cd's & DVDs - when storing files onto Floppy Disks, Cd's & DVDs malware can also be stored on them, when these run on your system they may infect it.
- Infected/Compromised web sites - sometimes a safe and friendly web site can come under attack and become infected with a piece of coding that installs malware when you visit the site unlike a Malicious web site the owner/administration has no knowledge of this until the site has been infected/compromised.
