Virus Terms- PC Virus Doctors

Active X- Control Modules by a Microsoft architecture known as Component Object Model (COM) that adds additional functionality to original software. Active X components may be prompted by other software/systems to download in order to run programs such as virus scanners.

Advanced Persistant Threat (APT)- a security threat that is highly sophisticated, organized and probably well-funded and state-sponsored.

Adware- software that is downloaded without permission, generally, or through heavily worded agreements in purposefully downloaded programs that display ads. Adware can be designed to track users web browsing history and displlay ads according to topical browsing history bringing relevant ads that users have viewing. Abundant adware can slow computers down significantly.

Aliases- different names used by different malware vendors that are indicative of a particular and specific malware.

Antivirus- a legitimate program that scans for viruses across drives and media and allows users to delete or quarantine virus infections if found.

Anti-Antivirus virus- a virus term meaning a virus that attacks legitimate antivirus software in order to disable or infect the application.

AntiVirusDemoFraud- a Rogue anti-virus.

Armored Virus- a virus term where a virus that attempts to evade analysis, tracing its origins, disassembly and reverse engineering difficult in order to slow down attempts to stop it.

Artifact- an object remaining on a computer or system that is the result of malware after execution.

Attachments- pictures, documents, video, audio and other data that accompanies emails and may be downloaded to view.

Attack- is a computer virus term meaning to breach the computer security and install malware or gather data from systems.

Attack Pattern- the method an attacker uses to exploit computers or systems, i.e. exploiting java scripting or other holes in software or hardware.

Attributes- are assigned to all files and directories and determine whether they are read-only, archive, hidden or system files or directories.

Back Door- a backdoor allows programmers to come into programs via computers to fix bugs or other issues but may also allow hackers or malware to also enter computer systems surreptiously; also called a trap door.

Background Scanning- when items are scanned for malware without using full system resources and may scan recent items, items being worked on or perhaps folders or drives as defined by the user.

Batch File Worm- worms that spread themselves by searching for shared storage on systems such as DOS and Windows platforms.

Bayesian Filter- virus terminology where a filter that screens email headers and content using Bayesian logic/analysis and then attempts verifying if the email is spam or not.

Behavior Blocking- a virus term when programs watch and stop potentially harmful executables such as file removing/deletion, file renaming and also prevents the ability of executables to change sysem settings; a.k.a. sandboxing.

Bimodal Virus or Bipartite Virus- a virus that infects the boot sector and other files on the drive.

Blended Threat- where malware may act as a virus, worm and trojan or any combination providing stealth and replication.

Boot Sector Infection- code that is written to startup instructions then setups in the physical memory to gain control of the computer spreading the infection further if instructed; also called boot sector virus.

Bot- an individual computer in a bot network that is controlled by a hacker through instructions sent that may perform denial of service attacks, distribute spam and other instructions controlled by the hacker/programmer; may also be called a zombie or zombie network.

Botnet- two or more Bots that are performing coordinated events commanded by hackers or cybercriminals.

Browser Hijacker- a spyware programs that infects browsers having the potential to gather information on users, delivering popups, may also redirect to other websites and reset the homepage.

BHO- acronym for Browser Helper Object. Malicious BHOs may take over browsers and redirect internet surfers to porn sites or commercial sites.

Brute Force Attack- a hack-attack where one tries to break-in the software or hardware username and passwords by trying every key and symbol combination until successful.

Bug- a bug is a problem within a program or the way a program interacts with the operating system that is done without intended affects by the programmer.

Checksum- is the way software is checked by the number of its file characteristics and if altered in anyway changes its checksum.

Clean- virus term when a system or computer is considered "clean" when it is malware free.

Cluster Virus or System Virus- a virus term when a virus that starts before any program upon boot-up and appears to infect all programs although the virus exists in only one place on the system. Any program that starts up will trigger the virus to execute because it has modified the table directory to appear that all programs are infected.

Compromise- when a system or computer is accessed without permission usually with illegal intent.

Cookies- Text files that are installed on computers that track user activity, websites visited, pages visited, time spent on each webpage, topics viewed, etc. Cookies are generally not thought to be malware but helpfull to users' interation with websites; a.k.a. tracking cookies.

Cyber Criminals and Gangs- these are individuals or groups that use computers and the internet for identity theft, phishing and authoring, marketing and distributing rogue malware.

Default Password- a password that originally is configured into a program or system. Malware may change or block passwords if the system is compromised.

Denial of Service (DOS)- an internet attack designed to stop access to a site or purposefully alterating the system where the website may shutdown. Personal computers can be infected with programs to take them over for botnet attacks. Botnets are bots in huge numbers that can purposefull targets specific a website(s) for shutdown. This technique is often affiliated with political motivation or financial motivation.

Dialers- malicious programs designed to dial out through the internet in order to mount charges on the computer users telephone bill; expected charges may come from porn sites, telephone companies, and other businesses that claim innocent computer users accessed their services.

Dictionary Attack- attacks that some malware uses to utilizes known words in the dictionaries to attack password protected software in order to access software or computers.

Direct Action Virus- a virus that quickly loads itself into memory, infects programs or files and then deletes itself.

Disable- to shut down a legitimate program or process or illegitimate program or process.

Disinfection- the process of removing malware, trojans, viruses, spyware, adware, etc.

Distribution- a threat report involving malware that shows how wide the current threats are spreading along with the number/quantity of infections over time. The threats are generally represented on a global graph or world map and then broken down by countries where the infections are currently active.

Domain Name Servers/Services (DNS)- Asssts users in finding websites since the websites identity is a numerical address string versus human language naming of websites; numerical values, the physical address are converted into conventional naming, such as www.PCVirusDoctors.com

Download- the active process of transfering data to the user's computer from another computer either intentionally or unintentionally. Unintentional downloads are often attributed to malware that is designed to download and infect other computers.

Dropper- a virus or trojan that resides within a file and is dropped into the computer system. The technique is used to disquise itself from antivirus software.

Email Worm- a computer worm that arrives via email and when the email is opened the worm activates and seeks nodes on the network to propagate itself.

Encrypted Virus- a virus whose structure is mathematicall mixed and unreadable by anti-malware scanners yet is still able to infect and spread to other computers.

Encryption- to scramble data where it is unreadable unless one has the username and/or password to access the encryption software and decode the data.

Entrenchment- the degree in which the malware is embedded in the system and the difficulty in removing the infection. Infections that are known and have "fixes" available are considered 'lightly entrenched' while other malware such as rootkits are considered 'heavily entrenched'.

Exfiltration- the method of malware to collect information on a computer then send it to a remote server or to store the information in an encrypted file that could be physically collected from the system by another person.

Exploit- a hole, bug or weakness that may be taken advantage of through the vulnerability of hardware and/or software where malware could be injected, passwords broken, administrative status gained, etc.

False Negative- a situation where a file is indicated to be clean when in fact it is contaminated with malware; a worst outcome versus false positive since an infected file slipped by the scanner(s).

False Positive- Virus term when a reported "problem" is shown after a malware scan that is actually an OK program or procedure versus actual bad warez.

Geinimi- a trojan, originating in China, discovered in Dec. '10 that is embedded within pirated applications for Android phones.

HDD Defragmenter- a fake optimizer that bribes users to buy the full version. The errors it reports are false and the rogue software does not optimize or repair errors.

Heuristics- a virus term that refers to a particular scanning procedure that does not involve itself with the name or string of the suspected malware but the heuristic scanner searches for particular features and executions that potential malware possesses.

HIPS- Host Intrusion Prevention System. This process watches particular behavior and patterns and offers users warnings about a file wanting to execute or take action.

Hoax- a way to trick or scare a computer user into applying a particular action.

Host file- is the file where malware may be attached or embedded and where it executes the host file and it can be used to redirect web users to its designated website versus where the user intended to go.

In The Wild- newly released viruses that may not have been identified yet or have not been able to be stopped yet.

Infection or Infected- when a file(s), program(s), or system is hosting malware.

Insertion- a virus term meaning the particular manner in which malware gains access to computers and/or systems.

Intrusion Detection- a virus term meaning the act of knowing that a particular process is attempting to infiltrate a computer or system with the intention of compromising data of the entity it is attempting access.

Joke Programs- a virus term referring to dumb malware that tweaks certain behaviors to be annoying.

Keylogger- logs keystrokes that includes passwords, bank accounts, email usernames and passes, website passwords, utility company usernames and passwords, etc.

Macro Virus- a virus term explaining a virus that effects macro documents such as Microsoft Word where once it is activated then strange things may happen on the screen or keyboard, etc. Once popular, they spread mostly by emails as pranks.

Mail Bomb- an extraordinary size of email that is intended to crash the server or possibly one big email that intends to overwhelm the system because of its size.

Malicious Code- a virus term that means a code intended to do criminal or damaging effects within a computer or on a victims bank account through bribery.

Malware- a virus term literally translated means "bad-ware"; bad software such as trojans, viruses, spyware, adware. etc.

Master Boot Record Virus; MBR Virus- the first logical sector on a hard drive that contains the master boot loader and partition information that may become infected and if so everytime the machine boots the malware will present itself before any type of detection starts in the system whereby the malware stays stealthy and hard to disinfect or delete.

Melissa Virus a.k.a. "Mailissa", "Kwejeebo", "Kwyjibo" or "Simpsons"- an infamous mass-mailing macro virus discovered in March 26, 1999. Servers were crashed as the virus infected emails and overwhelmed systems although the virus was not designed to do harm. Social engineering tricked the users to open the infected attachment, "List.DOC", which listed eighty porn website's passwords.

Memory-Resident Virus- a virus term referring to a virus running in memory and infecting applications or processes according to instruction versus a virus that is hosted and being executed by a file or program.

Meredrop Trojan- trojan:Win32/Meredrop has reared its ugly head once more [Nov. '10]. The trojan is generically named and is known to pack other trojans, malware, backdoors and worms along with the infestation. The trojan often drops itself into a Windows folder and deletes itself while the other malware takes control.

Metadata- a virus term meaning information about malware that serves no distinction in identifying one particular characteristic but where many characteristics are aggregated in order to better identify and describe a particular malware.

Metamorphism- the ability of malware to change coding each time it propagates or when discovered by antimalware in order to remain stealthy and avoid detection.

Obfuscation- in reference to viruses it means ability of malware to avoid detection.

Observable- when defining viruses/malware it is the act or ability to quantify the virus(es) characteristics in its active state.

Password Cracker- a program that recovers passwords from other programs. The recovery can be a brute-force or dictionary method to reveal hidden passwords.

Payload- a virus term that equates to the active destructiveness of malware.

Payload Trigger- the event that activates the intended malware and its malicious activities.

Persistance- in virus terms it means the measurable process which ensures the ability of malware to thrive in its environment through reboot, deletion, quarantining, etc.

Phishing- an effort to dupe one into exposing their identity, credit card numbers, birthdates, social security numbers, passwords, etc., usually by parading as an authoritative source such as Paypal, eBay, Microsoft, large banks and other large companies involved in commerce or security.

Poison Trojan or Trojan.Poison- a hard to detect and hard to remove trojan that tries to connect to a remote host for reasons unknown.

Polymorphic Virus- a virus term where a virus that changes its structure each time it infects in order to avoid detection.

PriceGong- adware that is installed seruptiously on unsuspecting PC users. The ads projected may get in the way of normal browsing and reading.

Proof of Concept Virus- .

Propagation- in the world of virus terms it means the particular way or means in which malware spreads itself.

PUP- acronym for Potentially Unwanted Program.

Quarantine- when an antivirus or antimalware moves the malware, bad-ware, into an area in which it is contained and cannot execute in any manner; it is similar to a jail, where escape is impossible.

Remediation- in virus terms means the act of cleaning up the malware and returning the operating system and other software back to the original state before infection.

Remote Access Trojan (RAT)-

Rogue Antivirus- Virus term where a fake anti-virus program that looks real, however, it does not properly scan, finding real malware but is designed as a fake program to literally bribe users to buy the artificial program while crippling the system's performance.

RootKit- malware that is hard to detect and clean. It gains user access and goes undetected by avoiding authentication access and is able to retrieve passwords and all administrative privileges.

SandBox- where processes are divided and the "SandBox" holds running processes and evaluates their characteristics.

Scanner- a virus term meaning when software searches files systems for malware. The action can be manual by the user or triggered by suspect files or configured actions that set the scan in motion.

ScareWare- a virus term where software attempts to "scare" people into purchasing fake antivirus programs.

Security Vulnerabilities- the areas of the operating system or hardware that may be able to be exploited or hacked.

Self-Defense- in reference to virus terms is when malware attempts to resist removal upon discovery through file-name changing, disabling of services or any variety of means to keep itself active.

Side-Effect- observed actions that are unintended or unforeseen action between malware and the software environment.

SEO Poisoning- the ability of cybercriminals to push web pages to the top of the search results where if the web page is clicked on then malware is delivered and installed on the computer; an aspect of social engineering.

Social Engineering- a process where cybercriminals trick or dupe users into performing actions that lead to security breeches, such as stolen passwords, rogue malware installed by users unknowing it is fake and installing software that can be programmed to perform a variety of functions designed by cybercriminals.

Spawning Cookies- Flash cookies that re-emerge after being deleted; when closing Flash Player these spawning cookies will cause the webpage to pop back up. The cookies are stored in an alternative location, Flash Local Storage Objects (FLSO) that recreates cookies if they are deleted. A.K.A. cookie re-spawning.

Spear-fishing- the act of using emails in order to download and install malware on unknowing participants.

Spyware- a virus term meaning secretly installed software that collects information about users and sends the information to servers. Spyware can be surreptitiously downloaded from websites or installed by technicians in companies to monitor employees computer use for example.

SQL Injection-

Stealth- refers to malware that remains or does it best to stay hidden from detection.

Threat Assessment- a virus term meaning the process of analyzing the extent which data or systems may be exposed to unauthorized access.

Trojan Agent/ Gen- a trojan horse most likely delivered by a malicious, rogue security program. These programs can be installed and then set to run in memory which may cause security issues and instability within the operating system.

Trojan SVChost/ Fake- a trojan that is part of rogue antivirus/software that comes packed or bundled with additional malware.

Trojan or Trojan Horse- malware that users generally install believing it is functional software but instead takes control of computers allowing undesirable behavior such as information gathering, controlling computers without the users permission, downloading other software and other miscellaneous activities unbeknown to the personal computer user.

Type- the characteristics of known malware and commonly grouped by security vendors for names such as viruses, trojans, worms, etc.

Variant(s)- an alteration of code from a trojan or virus with similar characteristics.

Vector- a virus term meaning the method of propagation by malware where it infects files, emails, Facebook infections, etc.

Virtumonde [and its variants]- A Vundo trojan similar to virtumondo. A notorious trojan that may affect winlogin.exe, explorer.exe and lsass.exe. These can be extremely hard to remove if it is the latest to date Vundo, often times stopping updates, virus scans and remaining undetected or unremovable if detected. The Vundo trojan is known to remain undetected with ComboFix and VundoFix. Vundo often is associated with Rogue Software.

Virus Definitions- the identifying code that spots each particular, known malware. AntiVirus vendors may release new definitions several times daily

Viruses- malicious software that replicates itself spreading to other software, computers, devices and recorded media such as USB devices, DVD's, etc.

Worm, Email Worm or Internet Worm- scripts that can work their way through emails, computer systems and the internet replicating itself and seeking physical places to propagate. Emails can be typical carriers of internet worms as they spread to email address books and have the potential to infect thousands of computers within hours.

Zero-day Threats- a virus term representing malware that is recently released where there is no known identification or "fix" or "cure".

Zombie- a machine that is taken over and controlled remotely for uses like a spam server or to launch attacks on other machines or websites.

Computer Manufacturers Repaired: Acer, Apple, Asus, Compaq, Dell, eMachines, Fujitsu, Gateway, HP, Lenovo, Sony and Toshiba.

Virus Terms

Tech News