Malware: Glossary

adware - a software application in which advertising banners are displayed while the program is running; sometimes, also tracks user information, which makes it also spyware.

Anna Kournikova virus - worm that infects Windows systems when a user opens an e-mail note with an attachment purporting to be a graphic image of Russian tennis star Anna Kournikova.

anti-virus software - a class of program that searches your hard drive and floppy disks for any known or potential viruses.

back door - an means of access to a computer system that bypasses security mechanisms, installed sometimes by an authorized person, sometimes by an attacker.

buffer overflow - type of attack that sends more data than a buffer was intended to hold; surplus data will overflow into adjacent buffers, corrupting or overwriting the valid data held in them or may. Data sent may include malicious code.

browser hijacker - programming that alters your browser settings so that you are redirected to Web sites you had no intention of visiting.

Bugbear - virus that infected thousands of home and business computers in October, 2002, by exploiting a vulnerability in older versions of Microsoft Outlook and Outlook Express.

Chernobyl virus - a computer virus with a potentially devastating payload that destroys all computer data when an infected file is executed. Since many files are executed during computer use, the virus is able to spread quickly and infect those files. The first virus known to have the power to damage computer hardware.

data miner - in a malware context, a program that tracks and processes data about the user's browsing behavior for marketing purposes.

denial of service (DoS) - an incident in which a user or organization is deprived of the services of a resource they would normally expect to have.

directory harvest attack - an attempt to determine the valid e-mail addresses associated with an e-mail server so that they can be added to a spam database.

distributed denial-of-service attack - one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system.

elk cloner - the first computer virus known to spread in the wild.

e-mail virus - malicious computer code sent to you as an e-mail note attachment. The best two defenses against e-mail viruses for the individual user are (1) a policy of never opening an e-mail attachment (even from someone you know) unless you have been expecting the attachment and know what it contains, and (2) installing and using anti-virus software to scan any attachment before you open it.

ethical worm - program used to automate network-based distribution of security patches.

executable - type of file containing a program that will start it to run; viruses are often sent in executable files that will run when the user opens the file.

heuristic - gaining knowledge or some desired result by intelligent guesswork rather than by following pre-established formula.

hybrid virus - one that combines characteristics of more than one type of virus to infect both program files and system sectors. The virus may attack at either level and proceed to infect the other once it has established itself.

hybrid virus/worm - malicious code that combines characteristics of both those types of malware, typically featuring the virus' ability to alter program code with the worm's ability to reside in live memory and to propagate without any action on the part of the user.

IM worm - self-replicating malicious code that spreads in instant messaging networks.

ILOVEYOU virus - an infamous e-mail virus that arrives in a note with "I LOVE YOU" in the subject line and contains an attachment that, when opened, results in the message being re-sent to everyone in the recipient's Microsoft Outlook address book.

in the wild - malicious computer code that spreads in the real world as a result of normal day-to-day operations.

key logger - a type of spyware program that records the user's keystrokes invisibly and either transmits them to the attacker on an ongoing basis or saves them to a secret file in the user's computer to be sent at a later time.

Klez - worm that launches automatically when a user previews or reads an e-mail message containing Klez on a system that has not been patched for a vulnerability in Microsoft Internet Explorer mail clients.

Kriz virus - infects files on Windows 9x and Windows NT and 2000 systems. W32.Kriz is known as a polymorphic virus, meaning it will reside in computer memory until the next time the system is rebooted. The virus overwrites files on the floppy disk drive, hard drive, RAM drive, and network drives. It has a potentially devastating payload that triggers on December 25th of any year once an infected file is run.

logic bomb - programming code designed to execute (or "explode") after some particular trigger event happens, such as a specific date.

malware - programming or files developed for the purpose of doing harm.

macro virus - virus that infects a word processing application and causes a sequence of actions to be performed automatically when the application is started or something else triggers it. Macro viruses tend to be surprising but relatively harmless.

Melissa virus - fast-spreading macro virus distributed as an e-mail attachment that, when opened, disables a number of safeguards in Word 97 or Word 2000, and, if the user has the Microsoft Outlook e-mail program, sends the virus to the first 50 people in address books.

Nimda - virus that caused traffic slowdowns as it rippled across the Internet, spreading through four different methods.

password cracker - a program used to identify an unknown or forgotten password, often used by a human cracker to obtain unauthorized access.

patch - a quick-repair job for a piece of programming, often as a result of some discovered vulnerability.

patch management - area of systems management that involves acquiring, testing, and installing multiple patches to an administered computer system.

payload - the eventual effect of a software virus.

port scan - series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a "well-known" port number, the computer provides.

probe - an attempt to gain access to a computer and its files through a known or probable weak point in the computer system.

script kiddy - derogatory term used to describe immature and unskilled -- but unfortunately still dangerous -- malware creators.

social engineering - a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures.

spyware - programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties.

stealth - refers to an event, object or file that evades methodical attempts to find it.

stealth virus - a virus that includes mechanisms that enable it to hide from anti-virus programs.

Trojan horse - a virus in which malicious or harmful code is contained inside apparently harmless programming or data.

virus - a piece of programming code usually disguised as something else that causes some unexpected and usually undesirable event. A virus is often designed so that it is automatically spread to other computer users. Generally, there are three main classes of viruses: file infectors, system or boot infectors, and macro viruses.

virus hoax - a false warning about a computer virus. Virus hoaxes are usually forwarded using distribution lists and will typically suggest that the recipient forward the note to other distribution lists. If you get a message about a new virus, you can check it out by going to one of several Web sites that keep up with viruses and virus hoaxes.

worm - a self-replicating virus that does not alter files but resides in active memory and duplicates itself. Worms use parts of an operating system that are automatic and usually invisible to the user. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks.

zoo - a type of malware that exists only in virus and antivirus labs, not in the wild.

This was last updated in June 2007

Dig Deeper on Threats and vulnerabilities