Press Blog

By: Kaspersky Américas on 30/09/2010

Malware. Hackers. Spam. Oh my! But what do all these terms actually mean? This glossary provides definitions and explanations for those terms and more.

ADWARE
The general term applied to programs that either launch advertisements (often pop-up banners) or re-direct search results to promotional web sites.  Adware is often built into freeware or shareware programs:  if you download a freeware program, the adware is installed on your system without your knowledge or consent.  Sometimes a Trojan will secretly download an adware program from a web site and install it on your computer.  If your web browser isn't up to date, and contains vulnerabilities, hacker tools (often referred to as Browser Hijackers because they subvert the web browser to install a program without your knowledge), can download adware to your computer.  Browser Hijackers may change browser settings, re-direct incorrectly typed or incomplete URLs to a specific site, or change the default homepage.  They may also re-direct searches to pay-to-view (often pornographic) web sites.
Typically, adware programs do not show themselves in the system in any way:  there will be no listing under Start | Programs, no icons in the system tray and nothing in the task list.  They seldom come with a de-installation procedure. Attempts to remove them manually may cause the original carrier program to malfunction.

BOTNET
The term used for a network of computers controlled by cyber criminals using a Trojan or other malicious program.

CRIMEWARE
Any malicious program used by cyber criminals to make money.

DENIAL-OF-SERVICE
A Denial-of-Service (DoS) attack is designed to hinder or stop the normal functioning of a web site, server or other network resource.  There are various ways for hackers to achieve this.  One common method is to flood a server by sending it more requests than it is able to handle.  This prevents it from operating normally, and may crash the server completely.
A distributed-Denial-of-Service (DDoS) attack differs only in the fact that the attack is conducted using multiple machines.  The hacker typically uses one compromised machine as the ‘master’ and co-ordinates the attack across other, so-called ‘zombie’, machines.  Both master and zombie machines are typically compromised by exploiting a vulnerability in an application on the computer, to install a Trojan or other piece of malicious code.

DRIVE-BY DOWNLOAD
In a drive-by download, you become infected just by visiting a web-site.  Cyber criminals scour the Internet looking for vulnerable web servers and inject their malicious code (often in the form of malicious script) into one of the pages.  If your operating system, or one of your applications, is un-patched,  a malicious program is downloaded to your computer automatically when you brose to the infected web page.

HACKER
This term was originally used to describe a talented programmer.  It now refers to those who exploit security vulnerabilities to break into a computer system.

IDENTITY THEFT
Identity theft is where a criminal steals confidential personal data that lets them obtain goods and services fraudulently in your name.  The criminal could, for example, open a bank account, obtain a credit card or apply for a driving licence or passport.  Or they could simply steal money directly from your bank account.

KEYLOGGER
These are programs which record key presses and can be used by a hacker to obtain confidential data (login details, passwords, credit card numbers, PINs, etc.)

MALWARE
This is short for malicious software. The term refers to any program that is deliberately created to perform an unauthorized, often harmful, action.  Viruses, worms and Trojans are all examples of malware.

PEER-TO-PEER
The term peer-to-peer (P2P) refers to a temporary connection shared by people running the same application. This enables them to share files that are stored on each other’s computers (P2P is typically used to share music, video or other files over the Internet; Napster, Gnutella and Kazaa are all well-known file sharing applications).

PHISHING
Phishing is a very specific type of cyber crime designed to trick you into disclosing personal financial details.  Cyber criminals create a fake web site that looks just like a bank’s web site (or any other web site where online financial transactions are conducted e.g. eBay).  They then try to trick you into visiting this site and typing in your confidential data, such as your login, password or PIN.  Typically, cyber criminals send out a large numbers of e-mails containing a hyperlink to the fake site.

RANSOMWARE
Ransomware is malicious code used by cyber criminals to extort money.  The virus, worm or Trojan encrypts data on your hard disk. It creates a ‘readme’ file that contains instructions on how you should contact the cyber criminals.  They promise to tell you how to get your data back, but only if you pay them some money, using an online payment system like e-gold or WebMoney.

ROGUE DIALER
Rogue dialers are programs that divert the computer's modem connection from the normal number you use to connect to your ISP (Internet Service Provider) to a premium rate phone number. Such programs are installed without your knowledge and consent and they operate in stealth mode.  The first time you notice anything amiss will probably be when the phone bill arrives and it’s substantially bigger than normal.  There will also be premium rate telephone numbers listed on the bill that you don’t recognize.

ROOTKIT
This term describes a collection of programs used by a hacker to evade detection while trying to gain unauthorized access to a computer.  The term originated in the Unix world, although it has since been applied to the techniques used by authors of Trojans that run under Microsoft® Windows® to conceal their actions.  Rootkits have been used increasingly as a form of stealth to hide Trojan activity. The fact that many people log into their computers with administrator rights, rather than creating a separate account with restricted access, makes it easier for cyber criminals to install a rootkit.

SPAM
Spam is anonymous, unsolicited bulk e-mail, the electronic equivalent of junk mail.

SPYWARE
As the name suggests, this is software designed to harvest your data and forward it to a third party without your consent or knowledge.  Such programs may monitor key presses, collect confidential information (passwords, credit card numbers, PIN numbers, etc.), harvest e-mail addresses or track browsing habits.  In addition to all of this, spyware inevitably affects your computer’s performance.

TROJAN
The term Trojan refers to the wooden horse used by the Greeks to sneak inside the city of Troy and capture it. The classic definition of a Trojan is a program that appears to be a legitimate program but does something harmful.
Trojans can't spread by themselves.  This is what distinguishes them from viruses and worms.  In the early days, Trojans were relatively uncommon since the author had to find some way of distributing the Trojan manually.  The widespread use of the Internet and the development of the World Wide Web provide an easy way to distribute Trojans widely.
Today, Trojans are very common.  They are typically installed secretly and deliver their malicious payload without your knowledge. There are many different kinds of Trojan, all purpose-built to carry out a specific malicious function.  The most common are Backdoor Trojans (often they include a keylogger), Trojan Spies, password stealing Trojans and Trojan Proxies that convert your computer into a spam distribution machine.

VIRUS
Today the term virus is often loosely used to refer to any type of malicious program.  Strictly speaking, however, a virus is defined as program code that can copy itself, either within the computer, or to other machines.

VULNERABILITY
The term used to describe a bug or security flaw in an application or operating system that lets a hacker break into a computer.  The hacker creates code that is tailored to make use of a specific vulnerability.
Once a vulnerability has been identified (either by the developer of the software or someone else) the vendor of the application typically creates a patch to block the security hole.  As a result, vendors, security experts and virus writers are in constant competition with each other to see who can find new vulnerabilities first.

WORM
Worms are generally considered to be a subset of viruses, but with certain key differences.  A worm is a computer program that replicates, but does not infect other files:  instead, it installs itself once on a computer and then looks for a way to spread to other computers.
In the case of a virus, the longer it goes undetected, the more infected files there will be on the computer.  Worms, however, create a single instance of their code.  Moreover, worm code is stand-alone rather than being added to existing files on the same disk.