UtterAccess Discussion Forums > Virus/security terms

UtterAccess Discussion Forums > Virus + Security Issues > Virus + Security FAQs

dana

Sep 11 2003, 05:12 PM

• Adware (this definition comes from Symantec)

Programs that secretly gather personal information through the Internet and relay it back to another computer, generally for advertising purposes. This is often accomplished by tracking information related to Internet browser usage or habits. Adware can be downloaded from Web sites (typically in shareware or freeware), email messages, and instant messengers. A user may unknowingly trigger adware by accepting an End User License Agreement from a software program linked to the adware.

• Backdoor program

A program designed to open a "back door" on a computer system and allow a malicious person to take over or alter that system from a remote location. SubSeven is an example of a backdoor program. A backdoor program often arrives as a trojan program (masquerading as something harmless, like a screensaver) and is willingly installed by the user.

• Browser hijack

An incident in which a user's Internet browser and/or its settings are altered without the user's desire or permission. One common form of browser hijacking is when visiting a web page results in a change in the user's home page.

• Dialer programs, dialers, porn dialers

An unauthorized program (often delivered as a trojan horse) that uses a computer's modem to dial costly 900 numbers or other toll numbers without the knowledge of the user or owner of the computer (until the phone bill arrives!). There is a bit more about dialer programs here.

• Exploit

A way of actively compromising a vulnerable system. An attack that can be used against a vulnerable system. (see below for definition of vulnerability)

• Exploit code

The programming code used to attack a computer system, especially referring to an attack that takes advantage of a vulnerability in software.

• "In the wild"

Referring to a virus, it means that the virus is spreading outside a contained test environment (generally among the mainstream public); referring to exploit code, it means that the code is available to the hacker community. This term is opposed to "in the zoo," which means the virus or code only exists in test environments.

• Joke program

A typically benign program that causes unusual system behavior, intended as a prank. These programs are often believed to be viruses by victim users because of the odd actions they invoke. For instance, one popular joke program makes the computer's display screen appear to shake.

• Malware

Meaning "malicious software," malware is any file or program that is designed to do harm to you or your computer. (Doing harm to you could mean stealing your passwords, credit card information, or other personal information.) Malware includes viruses, trojan horse programs, and worms. The word "malware" is replacing the word "virus" as the catch-all word for this type of thing, since a "virus" is technically a specific type of malware.

• Patch, security patch

An update to vulnerable software that is made available in order to patch/close/fix the vulnerability. Microsoft regularly issues patches for its Windows operating system, Internet Explorer web browser, and other products.

• Payload

The actions of a malware program on an infected system. For instance, the payload may be to play a sound and produce a dialog box on a certain day of each month, or the payload may be to install a backdoor program on a system and delete important files.

• Spoofing

A commonly-used technique by both virus authors and spammers for helping to spread their emails. The "from" name and address on the email is often faked in order to make the email look like it is from someone other than the actual sender. For example, the author of an email worm may set up the emailing routine to show a "from" name of Customer Support and a "from" address of support@microsoft.com, when the worm is actually coming from an infected machine owned by one of your friends. (Swen was an example of the use of email "from" name spoofing.) Email addresses are just one example of something that can be spoofed.

• Spyware

The best definition of spyware I've ever read is posted here, at SpywareInfo.com.

• Trojan horse program, trojan program, trojan

A program that usually intends to cause damage to a computer or user but that doesn't replicate itself or infect other files. A trojan program is a standalone program that masquerades as an innocent and useful thing, like a screensaver or game. However, when run, the trojan performs actions that are unknown to and unauthorized by the user. For instance, a trojan program may give remote control of the infected computer to a malicious outside party or may steal passwords and send them back to a malicious outside party.

• Virus

A program or code block, usually malicious, that replicates itself and seeks to infect other "hosts," such as files or boot sectors, often in order to damage a computer or its data.

• Vulnerability, security vulnerability

A flaw or "hole" in a software product that allows for some security breach if a person knows how to exploit that vulnerability.

As a simplistic, theoretical example, let's say you had a program that is designed to allow you to type in your name and then show you a screen with your name displayed in a weird font. Let's say that program is written in a programming language that can only handle an input of up to 10 characters at a time. A properly written program would include something that first checks for the size of the input and makes sure it isn't more than 10 characters; it would produce an error message and would not take the input if more than 10 characters. But let's say the person who wrote this program forgot to add the error-handling part in. Programs can do all sorts of unexpected things when they receive an error they don't know how to handle, and sometimes that can include things like giving unguarded access to some deeper level of a computer system. A person who knew about the input flaw in our example program might write another program designed to input more than 10 characters to that program, wait for it to crash, and take advantage of where it leaves you after the crash (perhaps with adminstrator rights or with access to a locked feature).

The RPC vulnerability in certain versions of Microsoft Windows that opened computers up to the famous Blaster worm is an example of a security vulnerability.

For a deeper discussion on what a security vulnerability is, you can read Micrsoft's essay on the topic here.

• Worm

A program that resides in active memory and replicates itself over computer networks, often with the intention of causing damage. Some of the most widespread malware programs are worms that travel via email, like Klez.

• Zero-day exploit, 0-day exploit

An exploit (defined above) that is used against vulnerable systems before a patch (defined above) has been made available to fix the vulnerability (defined above). For more about protecting your network from zero-day exploits, you can read this article at ComputerWorld.

* Will be updating this and adding more terms on a continuing basis...

Edited by: indygo on 03.03.04.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.