| A |
| |
· Adware: A legitimate, non-replicating program
designed to display ads to the end-user, often based on monitoring of
browsing habits, and often in exchange for the right to use a program
without paying for it (a take on the shareware concept). |
| |
· ALIAS: An assumed or alternate name. Some viruses
get multiple names since there is no single standard for naming computer
viruses. |
| |
· AVERT: Anti-Virus Emergency Response Team. |
| B |
| |
· Back Door: A feature built into a program by its designer,
which allows them to gain full or partial access to your system. |
| |
· Blended threat: A virus, which uses multiple infection
techniques. This may include the exploitation of various program
vulnerabilities, incorporation of trojan behavior, file infection
routines, Internet propagation routines, network share propagation
routines, and spreading without any human intervention. |
| |
· Boot Disk: A disk, which contains special, hidden, startup
files and other programs to run a computer. A boot disk is usually
specific to the operating system and version. There are several types of
boot disks available to the average user ranging from a standard floppy
boot disk to an emergency boot disk or bootable CD. It's important to use
a boot disk when disinfecting a computer since most antivirus programs
work best when they can gain complete access to the hard drive. In some
cases failure to do so will prevent antivirus programs from detecting and
removing certain viruses from the computer. |
| |
· Boot Records: Those areas on diskettes or hard disks that
contain some of the first instructions executed by a PC when it is
booting. Boot records must be loaded and executed in order to load the
operating system. Viruses that infect boot records change them to include
a copy of themselves. When the PC boots, the virus program is run and will
typically install itself into memory before the operating system is
loaded. |
| |
· Boot Sector Infector: A virus, which infects the original
boot sector on a floppy diskette. These viruses are particularly serious
because information in the boot sector is loaded into memory first, before
virus protection code can be executed. A "strict" boot sector
infector infects only the boot sector, regardless of whether the target is
a hard disk or a floppy diskette. Some viruses always attack the first
physical sector of the disk, regardless of the disk type.
|
| C |
| |
· COM File: COM is short for command, being a file that contains
instructions that can do something on your computer. COM files are for DOS
based systems and tend to run faster than EXE type programs. Viruses will
often infect COM files. When the COM file is run the virus is run as well,
often loading it into memory. Note: The Windows operating system
treats files with a .COM extension the same as other executable type
files. Some viruses and trojans use a filename ending in .COM (i.e.,
http://virus.com). Typically, these portable executable files and not real
COM files. |
| |
· Companion Virus: A viral program that does not actually
attach to another program, but which uses a similar name and the rules of
program precedence to associate itself with the regular program. |
| D |
| |
· DDOS (Distributed Denial of Service): A program by this
specification is used in a "community network" setting by a
controlling program in an effort to initiate an attack known as a
"denial of service". DDOS programs receive instruction from a
controller program in order to carry out an attack - the attack itself is
designed to disable or shutdown the target of the attack. |
| |
· Denial of Service: A means of attack against a computer,
server or network; the attack is either an intentional or an accidental
by-product of instruction code, which is either launched from a separate
network or Internet connected system, or directly at the host. The attack
is designed to disable or shutdown the target of the attack. |
| |
· Dropper: An executable file that, when run,
"drops" a virus or trojan. A 'Dropper' file's intention is to
create a virus or trojan and then execute it on the user's system. |
| E |
| |
· EICAR: European Institute of Computer Anti-Virus Research has
developed a string of characters that can be used to test the proper
installation and operation of antivirus software. The EICAR test file is
an important file for any serious antivirus software user. |
| |
· Encryption: A change made to data, code, or a file such
that it can no longer be read or accessed without processing (or
unencrypting). Viruses may use encryption in order to hinder detection by
hiding their viral code. Viruses may also encrypt (change) code or data on
a system as part of their payload. |
| |
· EXE File: EXE, or executable, files are programs that do
things on your computer. For example, tank.exe may be a tank game. Files
with different extensions, like .dll, are often support files for a
program. Viruses commonly infect EXE files. After such an infection, the
virus is run each time the program is run.
|
| F |
| |
· False Alarm: Improper detection of a clean file. Heuristic and
generic detection methods can protect users from threats, which have not
even been discovered yet. However, these detection techniques can also
lead to false detections, or false alarms. (Also known as False
Positive) |
| |
· FDOS (Flooder Denial of Service): Similar to DDOS only in the
nature of the attack. FDOS programs are singular in form in that there are
no other components of the attack structure. FDOS programs can carry out
an attack, which is generally designed to disable or shutdown the target
of the attack. |
| |
· File Infector: A virus, which attaches itself to, or
associates itself with, a file. File infectors usually append or prepend
themselves to regular program files or overwrite program code. The
file-infector class is also used to refer to programs that do not
physically attach to files but associate themselves with program
filenames. |
| H |
| |
· Heuristic: A method of scanning, which looks for patterns or
activities that are virus like. Most leading packages have a heuristic
scanning method to detect new or previously undetected viruses in the
wild. Heuristic scans can lead to false alarms. |
| |
· Hex: Short for hexadecimal. Hex- is a prefix for 6 and
-decimal is a suffix for 10, so this represents numbers in base 16.
Because there are more than 10 digits, values 10 through 15 are
represented by letters A through F respectively. This representation is
used in computer programming. |
| |
· Hoax: This is usually an email message that warns of a
non-existant virus. This can do harm by spreading fear. |
| |
· Hole (as in a "hole" in system memory): When
DOS is starting; it begins allocating areas of memory below 640 K, which
are used to store information. There are some places where there are gaps
in the allocated memory. These gaps are unallocated and unused, and they
are considered to be "holes" in system memory. A hole in system
memory may also be created in DOS because as DOS loads programs, it often
rounds off the amount of memory allocated to the program. For example, a
program might need 1025 Bytes (1Kb + 1 Byte). When DOS loads this program,
it may allocate 2Kb of memory for the program. Thus 1023 Bytes are
actually unused. This unused portion is considered a "hole". |
| I |
| |
· IN-THE-WILD: When a virus is in circulation. Currently about
250 viruses exist in the wild. |
| |
· INI File: A place for programs to store instructions or
settings, which are used during operation. Virus authors often utilize the
WIN.INI, SYSTEM.INI, and WININIT.INI files. |
| J |
| |
· Joke Program: This is not a virus, but a program
that simulates destructive behavior, such as deleting files. |
| L |
| |
· Logic Bomb: When a Trojan Horse is left to lie dormant, only
to attack when the conditions are just right. |
| M |
| |
· Macro: A saved set of instructions that users may create
or edit to automate tasks within certain applications or systems. A Macro
Virus is a malicious macro that a user may execute inadvertently and
that may cause damage or replicate itself.
|
| |
· Malware (Malicious Software): Programs that are intentionally
designed to perform some unauthorized (and often harmful or undesirable)
act such as viruses, worms, and trojans. |
| |
· Master Boot Record (MBR)/Boot Sector Infector: A virus
that infects the system's Master Boot Record on hard drives and the Boot
Sector on floppy diskettes. This type of virus takes control of the system
at a low level by activating between the system hardware and the operating
system. An MBR/Boot Sector virus is loaded into memory upon boot-up,
before virus detection code can be executed. |
| |
· Memory Resident: A program that stays in the active RAM
of the computer while other programs are running. Accessory software is
often of this type, as is activity monitoring and resident scanning
software. Viruses often attempt to "go resident". This is one of
the functions an activity monitor may check. |
| |
· Multi-partite Virus: A virus that infects Master Boot
Records, Boot Sectors, and Files. |
| O |
| |
· OS: Operating system, such as DOS, Windows, Sun/OS, Unix,
Linux, FreeBSD, PalmOS, MacOS. |
| |
· Overwriting Virus: A virus that overwrites files with its own
viral code. |
| P |
| |
· Parasitic: A virus that requires a host to help it to
spread. |
| |
· Payload: The code within a virus that is not part of
detection avoidance replication capabilities. The payload code may cause
text or graphics to appear on the screen, or it may cause corruption or
erasure of data. |
| |
· Polymorphic: A virus that attempts to evade detection by
changing its internal structure or its encryption techniques. Polymorphic
viruses change their "form" with each infection in order to
avoid detection by antiviral software that scans for signature
"forms". Less sophisticated systems are referred to as
self-encrypting. |
| |
· Program: A legitimate program that does not replicate,
and does exactly what it claims, yet might be unauthorized or unwanted by
reasonable end-users or administrators. |
| R |
| |
· Registry: A database that is used to store instructions and
other information. The database is broken down in to keys, which values
are set for. The alternative to using an INI file in many cases, this
Microsoft Windows component is often utilized by virus authors. |
| |
· Risk Assessment: The calculated measurement of the damage a
virus, worm or trojan posses. This assessment is based on several factors
including, severity of payload, the number of cases reported, and its
ability to spread. Additional Information: Guidelines
for the AVERT Risk Assessment (ARA) |
| S |
| |
· Self-Encrypting Viruses: A virus, which uses self-encrypting
techniques to make detection more difficult. |
| |
· Self-Extracting Files: A file that, when run, extracts itself.
Most files transferred across the Internet are compressed to save disk
space and lower transfer times. The self-extracting program can extract a
virus or Trojan Horse. These types of viruses can be effective since the
scanning of compressed files is a rather new technique used by most
leading antivirus package. You cannot get a virus by just downloading a
self-extracting file. You must run it. Always scan new files before using
them. |
| |
· Signature: A series of letters and numbers within the code of
a virus, which are unique. |
| |
· Signature File: A database of various virus signatures; the
reference used to compare found strings during the disinfection of a
computer. Signature files are called a variety of names including the
ever-popular DAT file update used by VirusScan. It's important to download
or purchase signature file updates often to provide yourself with the best
possible protection available to date. |
| |
· Spyware: A legitimate, non-replicating program designed
to monitor the computer usage or browsing habits of a user. This might
including monitoring keystrokes, tracking internet history, uploading
confidential information and the like. |
| |
· Stealth: A virus that uses one or more of various
techniques to avoid detection. A Stealth virus may redirect system
pointers and information in order to infect a file without actually
changing the infected program file. Another Stealth technique is to
conceal an increase in file length by displaying the original, uninfected
file length. |
| |
· System Hang: A complete failure of the operating system.
When a program fails, it usually has an opportunity to display an error or
diagnostic message. If the entire system fails, such a message will not
appear, and input is usually blocked (keystrokes and mouse clicks will be
ignored). In the worst cases, the system cannot be restarted without
turning the system off completely. |
| T |
| |
· Terminate-and-Stay-Resident: A program that remains
active in memory while other programs are run on the system. Examples of
TSRs are VShield, a DOS-based mouse, or a CD-ROM driver. |
| |
· Trigger: An event that a virus writer has programmed the
virus to watch for, such as a date, the number of days since the infection
occurred, or a sequence of keystrokes. When the trigger event occurs, it
activates the virus, which then dispenses its payload. |
| |
· Trojan Horse: A program that either pretends to have, or
is described as having, a set of useful or desirable features, but
actually contains a damaging payload. Most frequently, the usage is
shortened to "Trojan". Trojan Horses are not technically
viruses, since they do not replicate. |
| |
· Tunneling: A virus that avoids standard interfaces to
infect files. This allows the virus to infect files without being noticed
by a behavior blocker. |
| V |
| |
· Variant: A modified version of an original virus. These
modifications can be as simple as a text change, or adding/deleting a few
lines of code. It's not uncommon to see a virus changed, and often
damaged, by other virus authors over time. |
| |
· VBS: New method of spreading viruses by using Visual
Basic Scripting. Not usually a problem, unless a user has either IE5 or
Outlook 98 or higher. |
| |
· Virus (plural viruses): A program that is capable of
replicating with little or no user intervention, and the replicated
program(s) also replicate further.
The majority of viruses fall into five main classes:
Boot-sector
File-infector
Multi-partite
Macro
Worm
|
| |
· Virus signature: A
unique string of bits, or the binary pattern, of a virus. The virus signature is
like a fingerprint in that it can be used to detect and identify
specific viruses. Anti-virus software uses the virus signature
to scan for the presence of malicious code.
|
| W |
| |
· Worm: A virus that spreads by creating duplicates of
itself on other drives, systems, or networks. |
| Z |
| |
· ZIP File: A file that has been compressed and given the file
name extension .zip (usually). Zipped files may contain viruses. Make sure
your antivirus program scans for viruses in compressed files. |
| |
· ZOO Virus: A virus, which is only found in virus laboratories
and hasn't succeeded in moving into general circulation. |
