36 terms

Malware Terms

STUDY
PLAY
Virus
A virus is a program that attempts to damage a computer system and replicate itself to other computer systems.
Worm
A worm is a self-replicating program.
##Does not require a host file to propagate.
##Automatically replicates itself without an activation mechanism. A worm can travel across computer networks without requiring any user assistance.
##Infects one system and spreads to other systems on the network.
Trojan horse
A Trojan horse is a malicious program that is disguised as legitimate or desirable software
Rootkit
a stealthy type of software, typically malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer.
Spyware
software that aims to gather information about a person or organization without their knowledge and that may send such information to another entity
Adware
Adware monitors actions that denote personal preferences, then sends pop-ups and ads that match those preferences.
Grayware
Grayware is software that might offer a legitimate service, but which also includes features that you aren't aware of or features that could be used for malicious purposes.
Spam
Spam is unwanted and unsolicited e-mail sent to many recipients.
Payload
refers to the part of malware which performs a malicious action.[3] In the analysis of malicious software such as worms, viruses and Trojans, it refers to the software's harmful results. Examples of payloads include data destruction, messages with insulting text or spurious e-mail messages sent to a large number of people.
Bots
A computer infected with software that allows it to be controlled by a remote attacker. Also used to refer to the malware itself which allows that control.
Hoaxes
A deliberately fabricated falsehood made to masquerade as truth.
Virus Signature
A unique string of bits, or the binary pattern, of a virus. The virus signature is like a fingerprint in that it can be used to detect and identify specific viruses. Anti-virus software uses the virus signature to scan for the presence of malicious code.
Logic Bomb
A piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files (such as a salary database trigger), should they ever be terminated from the company.
Phishing
The illegal attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.
Exploit
Code used to take advantage vulnerabilities in software code and configuration, usually to install malware.
Blind Drop
A drop that is well hidden and is designed to run while unattended, until an attacker comes to collect the data. In the case of remote access Trojans, can also refer to file hidden locally.
Drop
A clandestine computer or service [such as e-mail account] that collects data stolen by a Trojan.
Downloader
A small piece of code, usually a single instruction, used in the payload of an exploit to silently fetch a malicious EXE file from the attacker's server.
Dump
As a noun, used interchangeably with "drop." As a verb it means to transfer data onto a machine for analysis, or to discard an exe after reverse engineering.
exe
A Windows executable program. In a malware attack, the "exe" refers to the malicious progam which infects the victim's PC.
Form-graber
A program that steals information submitted by a user to a web site. (Originally forms were the only way to submit user input to a web server, but now the meaning has changed to encompass any HTTP communication using a POST request.)
Gozi
One of a family of Trojans written by Russian RATs known as the HangUp Team, used in a string of attacks orchestrated by a group known as 76service.
iFrame
A special tag used to load one web page into a part of another webpage. Used by iFramers to load malicious code, often JavaScript, onto an otherwise trusted page.
Keylogger
A program that logs user input from the keyboard, usually without the user's knowledge or permission.
Packer
A tool used to compress and scramble an EXE file. Used to hide the malicious nature of malware and thwart analysis by researchers.
Padonki
A kind of Russian hacker slang in which words, often obscene ones, are purposefully misspelled or bastardized.
RAT
Remote Access Trojan, malware that allows an attacker to remotely control a infected PC or "bot".
RATs
The nickname for people who write remote access trojans.
RBN
The Russian Business Network. An infamous ISP used by primarily Russian malware groups to host malware and drops. The ISP is reportedly run out of Panama and owned a company operating from the islands of Seychelles, off the eastern coast of Africa. Variously described as "opaque," "dubious," and "shady."
Torpig
A relatively new family of Trojans representing the latest in malware capabilities, including the ability to hide itself and provide backdoor access for installing other configurations, components, or even other Trojans.
Variant
Malware that is produced from the same code base (or "family") as a previous version but is different enough to require new signatures for detection by anti-virus and anti-malware products.
VXer
Originally, a virus writer. Now refers to anyone involved in the production or use of malware.
Vulnerabilities
Bugs in software programs that hackers exploit to
compromise computers. It is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw.
Risks
A threat that exploits a vulnerability that may cause harm to one or more assets.
Threats
An application with the potential to cause harm to a system in the form of destruction, disclosure, data modification, and/or denial of service (DoS) attacks.
Remote Code Exacution
A security vulnerability that allows an attacker to execute codes from a remote server.