Security Glossary

Content provided by McAfee. Return to Security Solutions.

Adware

Adware is a legitimate, non-replicating program designed to display ads to the end user, often based on monitoring of browsing habits, and often in exchange for the right to use a program without paying for it (a take on the shareware concept).

Check out Security Solutions for related information.

Go to the top of the page


Anti-antivirus virus

Anti-antivirus viruses attack, disable, or infect specific anti-virus software. Also see: retrovirus.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


Anti-virus software

Anti-virus software scans a computer's memory and disk drives for viruses. If it finds a virus, the application informs the user and may clean, delete, or quarantine any files, directories, or disks affected by the malicious code.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


Anti-virus virus

Anti-virus viruses specifically look for and remove other viruses.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


Armored virus

An armored virus tries to prevent analysts from examining its code. The virus may use various methods to make tracing, disassembling, and reverse engineering its code more difficult.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


Attack

An attack is an attempt to subvert or bypass a system's security. Attacks may be passive or active. Active attacks attempt to alter or destroy data. Passive attacks try to intercept or read data without changing it. Also see: brute-force attack, Denial of Service, hijacking, password attacks, password sniffing.

Check out Security Solutions for related information.

Go to the top of the page


Back door

A back door is a feature programmers often build into programs to allow special privileges normally denied to users of the program. Often programmers build back doors so they can fix bugs. If hackers or others learn about a back door, the feature may pose a security risk. This is also called a trap door.

Check out Security Solutions for related information or shop anti-spyware software.

Go to the top of the page


Back orifice

Back Orifice is a program developed and released by The Cult of the Dead Cow (cDc). It is not a virus; instead, it is a remote administration tool with the potential for malicious misuse. If installed by a hacker, it has the ability to give a remote attacker full system administrator privileges to your system. It can also “sniff” passwords and confidential data and quietly email them to a remote site. Back Orifice is an extensible program—programmers can change and enhance it over time. Also see: password sniffing.

Check out Security Solutions for related information or shop anti-spyware software.

Go to the top of the page


Background scanning

Background scanning is a feature in some anti-virus software to automatically scan files and documents as they are created, opened, closed, or executed.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


Background task

A background task is a task executed by the system that generally remains invisible to the user. The system usually assigns background tasks a lower priority than foreground tasks. Some malicious software is executed by a system as a background task so the user does not realize unwanted actions are occurring.

Check out Security Solutions for related information or shop anti-spyware software.

Go to the top of the page


Bayesian filter

A Bayesian filter is a program that uses Bayesian logic (also called Bayesian analysis) to evaluate the header and content of an incoming email message to determine the probability that it constitutes spam.

Check out Security Solutions for related information.

Go to the top of the page


Bimodal virus

A bimodal virus infects both boot records and files. It is also called a bipartite virus. Also see: boot-sector infector, file virus, multipartite.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


Boot sector infector

A boot-sector infector virus places its starting code in the boot sector. When the computer tries to read and execute the program in the boot sector, the virus goes into memory where it can gain control over basic computer operations. From memory, a boot-sector infector can spread to other drives (floppy, network, etc.) on the system. Once the virus is running, it usually executes the normal boot program, which it stores elsewhere on the disk. It is also called a boot virus, boot-sector virus, or BSI.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


Bot network

A bot network is a network of hijacked zombie computers controlled remotely by a hacker. The hacker uses the network to send spam and launch Denial of Service attacks, and may rent the network out to other cyber criminals. Also see: zombie.

Check out Security Solutions for related information.

Go to the top of the page


Browser hijacker

A browser hijacker is a type of spyware that allows the hacker to spy on the infected PC’s browsing activity, to deliver pop-up ads, to reset the browser homepage, and to redirect the browser to other unexpected sites. Also see: spyware.

Check out Security Solutions for related information or shop anti-spyware software.

Go to the top of the page


Brute-force attack

A brute-force attack is an attack in which each possible key or password is attempted until the correct one is found. Also see: attack.

Check out Security Solutions for related information.

Go to the top of the page


Bug

A bug is an unintentional fault in a program that causes actions that neither the user nor the program author intended.

Check out Security Solutions for related information.

Go to the top of the page


Cavity virus

A cavity virus overwrites a part of its host file without increasing the length of the file while also preserving the host's functionality.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


Cluster virus

Cluster viruses modify the directory table entries so the virus starts before any other program. The virus code only exists in one location, but running any program runs the virus as well. Because they modify the directory, cluster viruses may appear to infect every program on a disk. They are also called file system viruses.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


Companion virus

Companion viruses use a feature of DOS that allows software programs with the same name, but with different extensions, to operate with different priorities. Most companion viruses create a COM file which has a higher priority than an EXE file with the same name.

Thus, a virus may see a system contains the file PROGRAM.EXE and create a file called PROGRAM.COM. When the computer executes PROGRAM from the command line, the virus (PROGRAM.COM) runs before the actual PROGRAM.EXE. Often the virus will execute the original program afterwards so the system appears normal.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


Cookie

Cookies are blocks of text placed in a file on your computer's hard disk. Web sites use cookies to identify users who revisit their site.

Cookies might contain login or registration information, "shopping cart" information or user preferences. When a server receives a browser request that includes a cookie, the server can use the information stored in the cookie to customize the web site for the user. Cookies can be used to gather more information about a user than would be possible without them.

Check out Security Solutions for related information.

Go to the top of the page


Cyber gangs

Cyber gangs are groups of hackers, crackers, and other cyber criminals that pool their resources to commit crimes on the Internet. Organized crime is often involved in cyber gang activity.

Check out Security Solutions for related information.

Go to the top of the page


Denial of service (DoS)

A Denial of Service (DoS) attack is an attack specifically designed to prevent the normal functioning of a system and thereby to prevent lawful access to the system by authorized users. Hackers can cause Denial of Service attacks by destroying or modifying data or by overloading the system’s servers until service to authorized users is delayed or prevented. Also see: attack.

Check out Security Solutions for related information.

Go to the top of the page


Dialer

Dialers are programs that use a system, without your permission or knowledge, to dial out through the Internet to a 900 number or FTP site, typically to accrue charges.

Check out Security Solutions for related information.

Go to the top of the page


Direct action virus

A direct-action virus works immediately to load itself into memory, infect other files, and then to unload itself.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


Disinfection

Most anti-virus software carries out disinfection after reporting the presence of a virus to the user. During disinfection, the virus may be removed from the system and, whenever possible, any affected data is recovered.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


Dropper

A dropper is a carrier file that installs a virus on a computer system. Virus authors often use droppers to shield their viruses from anti-virus software. The term injector often refers to a dropper that installs a virus only in memory.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


Encrypted virus

An encrypted virus's code begins with a decryption algorithm and continues with scrambled or encrypted code for the remainder of the virus. Each time it infects, it automatically encodes itself differently, so its code is never the same. Through this method, the virus tries to avoid detection by anti-virus software.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


Encryption

Encryption is the scrambling of data so that it becomes difficult to unscramble and interpret.

Check out Security Solutions for related information.

Go to the top of the page


Fast infector

Fast infector viruses, when active in memory, infect not only executed programs, but also other programs that are open at the same time. Thus, running an application, such as anti-virus software, which opens many programs but does not execute them, can result in all programs becoming infected. Also see: slow infector.

Check out Security Solutions for related information.

Go to the top of the page


File viruses

File viruses usually replace or attach themselves to COM and EXE files. They can also infect files with the extensions SYS, DRV, BIN, OVL, and OVY. File viruses may be resident or non-resident, the most common being resident or TSR (terminate-and-stay-resident) viruses. Many non-resident viruses simply infect one or more files whenever an infected file runs. These are also called parasitic viruses, file infectors, or file infecting viruses.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


Fram

Spam forwarded to you by a family member, friend or colleague.

Check out Security Solutions for related information.

Go to the top of the page


Hacker

A hacker is a person who creates and modifies computer software and hardware, including computer programming, administration, and security-related items. This can be done for either negative or positive reasons. Criminal hackers create malware in order to commit crimes. Also see: malware, cyber gangs.

Check out Security Solutions for related information.

Go to the top of the page


Hijacking

Hijacking is an attack whereby an active, established session is intercepted and used by the attacker. Hijacking can occur locally if, for example, a legitimate user leaves a computer unprotected. Remote hijacking can occur via the Internet.

Check out Security Solutions for related information.

Go to the top of the page


Host

Host is a term often used to describe the computer file to which a virus attaches itself. Most viruses run when the computer or user tries to execute the host file.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page



Infection

Infection is the action a virus carries out when it enters a computer system or storage device.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


Keylogger

Keyloggers are malicious programs that record the key strokes a user types on their PC, including instant message and email text, email addresses, web sites visited, passwords, credit card and account numbers, addresses, and other private data.

Check out Security Solutions for related information or shop anti-spyware software.

Go to the top of the page


Logic bomb

A logic bomb is a type of Trojan horse that executes when specific conditions occur. Triggers for logic bombs can include a change in a file, a particular series of keystrokes, or a specific time or date. Also see: time bomb.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


Macro virus

A macro virus is a malicious macro. Macro viruses are written in a macro programming language and attach to a document file such as Word or Excel. When a document or template containing the macro virus is opened in the target application, the virus runs, does its damage, and copies itself into other documents. Continual use of the program results in the spread of the virus.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


Mail bomb

A mail bomb is an excessively large email (typically many thousands of messages) or one large message sent to a user's email account. This is done to crash the system and prevent genuine messages from being received.

Check out Security Solutions for related information.

Go to the top of the page


Malicious code

Malicious code is a piece of code designed to damage a system and the data it contains, or to prevent the system from being used in its normal manner.

Check out Security Solutions for related information.

Go to the top of the page


Malware

Malware is a generic term used to describe malicious software such as viruses, Trojan horses, spyware, and malicious active content.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


Memory-resident virus

A memory-resident virus stays in memory after it executes, and it infects other files when certain conditions are met. In contrast, non-memory-resident viruses are active only while an infected application runs.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


Multipartite virus

Multipartite viruses use a combination of techniques including infecting documents, executables and boot sectors to infect computers. Most multipartite viruses first become resident in memory and then infect the boot sector of the hard drive. Once in memory, multipartite viruses may infect the entire system.

Removing multipartite viruses requires cleaning both the boot sectors and any infected files. Before you attempt the repair, you must have a clean, write-protected rescue disk.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


Mutating virus

A mutating virus changes, or mutates, as it progresses through its host files making disinfection more difficult. The term usually refers to viruses that intentionally mutate, though some experts also include non-intentionally mutating viruses. Also see: polymorphic virus.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


Overwriting virus

An overwriting virus copies its code over its host file's data, thus destroying the original program. Disinfection is possible, although files cannot be recovered. It is usually necessary to delete the original file and replace it with a clean copy.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


Password attacks

A password attack is an attempt to obtain or decrypt a legitimate user's password. Hackers can use password dictionaries, cracking programs, and password sniffers in password attacks. Defense against password attacks is rather limited but usually consists of a password policy including a minimum length, unrecognizable words, and frequent changes. Also see: password sniffing.

Check out Security Solutions for related information.

Go to the top of the page


Password Sniffing

Password sniffing is the use of a sniffer to capture passwords as they cross a network. The network could be a local area network, or the Internet itself. The sniffer can be hardware or software. Most sniffers are passive and only log passwords. The attacker must then analyze the logs later. Also see: sniffer.

Check out Security Solutions for related information or shop anti-spyware software.

Go to the top of the page


Pharming

Pharming is the exploitation of a vulnerability in DNS server software that allows a hacker to redirect a legitimate web site's traffic to a counterfeit web site. The spoofed site is designed to steal personal information such as usernames, passwords, and account information.

Check out Security Solutions for related information.

Go to the top of the page


Phishing

Phishing is a form of criminal activity using social engineering techniques through email or instant messaging. Phishers attempt to fraudulently acquire other people’s personal information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication.

Check out Security Solutions for related information.

Go to the top of the page


Piggyback

To piggyback is to gain unauthorized access to a system by exploiting an authorized user's legitimate connection.

Check out Security Solutions for related information.

Go to the top of the page


Polymorphic virus

Polymorphic viruses create varied (though fully functional) copies of themselves as a way to avoid detection by anti-virus software. Some polymorphic virus use different encryption schemes and require different decryption routines. Thus, the same virus may look completely different on different systems or even within different files. Other polymorphic viruses vary instruction sequences and use false commands in the attempt to thwart anti-virus software. One of the most advanced polymorphic viruses uses a mutation engine and random-number generators to change the virus code and its decryption routine. Also see: mutating virus.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


Ransomware

Ransomware is malicious software that encrypts the hard drive of the PC that it infects. The hacker then extorts money from the PC’s owner in exchange for decryption software to make the PC’s data usable again.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


Resident virus

A resident virus loads into memory and remains inactive until a trigger event. When the event occurs, the virus activates, either infecting a file or disk, or causing other consequences. All boot viruses are resident viruses and so are the most common file viruses.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


Self-encrypting virus

Self-encrypting viruses attempt to conceal themselves from anti-virus programs. Most anti-virus programs attempt to find viruses by looking for certain patterns of code (known as virus signatures) that are unique to each virus. Self-encrypting viruses encrypt these text strings differently with each infection to avoid detection. Also see: self-garbling virus, encrypted virus.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


Self-garbling Viruses

A self-garbling virus attempts to hide from anti-virus software by garbling its own code. When these viruses spread, they change the way they are encoded so anti-virus software cannot find them. A small portion of the virus code decodes the garbled code when activated. Also see: self-encrypting virus, polymorphic virus.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


Slow infector

Slow infectors are active in memory and only infect new or modified files. Also see: fast infector.

Check out Security Solutions for related information.

Go to the top of the page


Sniffer

A sniffer is a software program that monitors network traffic. Hackers use sniffers to capture data transmitted over a network.

Check out Security Solutions for related information or shop anti-spyware software.

Go to the top of the page


Spam

Spam is unsolicited or undesired bulk electronic messages. There is email spam, instant messaging spam, Usenet newsgroup spam, web search-engine spam, spam in blogs, and mobile phone-messaging spam. Spam includes legitimate advertisements, misleading advertisements, and phishing messages designed to trick recipients into giving up personal and financial information.

Check out Security Solutions for related information.

Go to the top of the page


Spoofed web site

A spoofed web site is one that mimics a real company’s site—mainly financial services sites—in order to steal private information (passwords, account numbers) from people that are tricked into visiting it. Phishing emails contain links to the counterfeit site, which looks exactly like the real company’s site, down to the logo, graphics, and detailed information. Also see: phishing.

Check out Security Solutions for related information.

Go to the top of the page


Spyware

Spyware is a wide range of unwanted programs that exploit infected computers for commercial gain. They can deliver unsolicited pop-up advertisements, steal personal information (including financial information such as credit card numbers), monitor web-browsing activity for marketing purposes, or route HTTP requests to advertising sites.

Check out Security Solutions for related information or shop anti-spyware software.

Go to the top of the page


Stealth virus

Stealth viruses attempt to conceal their presence from anti-virus software. Many stealth viruses intercept disk-access requests, so when an anti-virus application tries to read files or boot sectors to find the virus, the virus feeds the program a "clean" image of the requested item. Other viruses hide the actual size of an infected file and display the size of the file before infection.

Stealth viruses must be running to exhibit their stealth qualities. They are also called interrupt interceptors.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


Time bomb

A time bomb is a malicious action triggered at a specific date or time. Also see: logic bomb.

Check out Security Solutions for related information.

Go to the top of the page


Triggered event

A triggered event is an action built into a virus that is set off by a specific condition. Examples include a message displayed on a specific date or reformatting a hard drive after the 10th execution of a program.

Check out Security Solutions for related information.

Go to the top of the page


Trojan horse

A Trojan horse is a malicious program that pretends to be a benign application. It purposefully does something the user does not expect. Trojans are not viruses since they do not replicate, but they can be just as destructive.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


Tunneling

Tunneling is a virus technique designed to prevent anti-virus applications from working correctly. Anti-virus programs work by intercepting the operating system before it can execute a virus. Tunneling viruses try to intercept the actions before the anti-virus software can detect the malicious code. New anti-virus programs can recognize many viruses with tunneling behavior.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


> Virus

A virus is a computer program file capable of attaching to disks or other files and replicating itself repeatedly, typically without user knowledge or permission. Some viruses attach to files so when the infected file executes, the virus also executes. Other viruses sit in a computer's memory and infect files as the computer opens, modifies, or creates the files. Some viruses display symptoms, and others damage files and computer systems, but neither is essential in the definition of a virus; a non-damaging virus is still a virus.

There are computer viruses written for several operating systems including DOS, Windows, Amiga, Macintosh, Atari, UNIX, and others. McAfee.com presently detects more than 57,000 viruses, Trojans, and other malicious software. Also see: boot sector infector, file viruses, macro virus, companion virus, worm.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


Worm

Worms are parasitic computer programs that replicate, but unlike viruses, do not infect other computer program files. Worms can create copies on the same computer, or can send the copies to other computers via a network. Worms often spread via Internet Relay Chat (IRC).

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


Zombie

A zombie is a PC that has been infected with a virus or Trojan horse that puts it under the remote control of an online hijacker. The hijacker uses it to generate spam or launch Denial of Service attacks. Also see: spam, Denial of Service.

Check out Security Solutions for related information or shop anti-virus software.

Go to the top of the page


Zoo Virus

A zoo virus exists in the collections of researchers and has never infected a real-world computer system.

Check out Security Solutions for related information.

Go to the top of the page