Browse Definitions :

Malware

Terms related to malware, including definitions about viruses and Trojans and other words and phrases about malicious software.

ACO - TAR

  • acoustical infection - Acoustic infection is a type of malware that uses a compromised computer’s sound card and speakers to send data using a covert ultrasonic acoustical mesh network.
  • ad fraud - Ad fraud is a type of scam in which the perpetrator fools advertisers into paying for something useless to them, such as fake traffic, fake leads or ineffective and misrepresented ad placement.
  • ad fraud botnet - An ad fraud botnet is a distributed network of computers controlled by a botmaster to defraud advertisers.
  • Anna Kournikova virus VBS.SST - The Anna Kournikova VBS.
  • antimalware (anti-malware) - Antimalware is a type of software program created to protect IT systems and individual computers from malicious software, or malware.
  • antivirus software (antivirus program) - Antivirus software is a class of program designed to prevent, detect and remove malware infections on individual computing devices, networks and IT systems.
  • ATM black box attack - An ATM black box attack, also referred to as jackpotting, is a type of banking-system crime in which the perpetrators bore holes into the top of the cash machine to gain access to its internal infrastructure.
  • attack vector - An attack vector is a path or means by which an attacker or hacker can gain access to a computer or network server in order to deliver a payload or malicious outcome.
  • Backoff - Backoff is point-of-sale malware that uses memory scraping  to steal credit card data from Windows-based retail machines on which it is installed.
  • BadBIOS - BadBIOS is a BIOS-level Trojan that can affect Windows, Macintosh, Linux and BSD systems.
  • Bitcoin mining - Bitcoin mining is the processing of transactions in the digital currency system, in which the records of current Bitcoin transactions, known as a blocks, are added to the record of past transactions, known as the block chain.
  • blacklist - A blacklist, in IT, is a collection of entities that are blocked from communicating with or logging into a computer, site or network.
  • blended threat - A blended threat is an exploit that combines elements of multiple types of malware and perhaps takes multiple attack vectors to increase the severity of damage and the speed of contagion.
  • boot sector virus - A boot sector virus is malware that infects the computer storage sector where startup files are found.
  • bot worm - A bot worm is a self-replicating malware program that resides in current memory, turns infected computers into zombies (or bots) and transmits itself to other computers.
  • botnet topology - A botnet topology is the network structure by which botnet interconnections are organized.
  • browser extension malware - Extension malware is any browser extension that was developed intentionally with coding that causes undesirable behaviors or whose code has been compromised by an attacker to do so.
  • car hacking - Car hacking is the manipulation of the code in a car's electronic control unit (ECU) to exploit a vulnerability and gain control of other ECU units in the vehicle.
  • Chernobyl virus - The Chernobyl virus is a computer virus with a potentially devastating payload that destroys all computer data when an infected file is executed.
  • clipboard hijack attack - A clipboard hijacking is an exploit in which the attacker gains control of the victim's clipboard and replaces its contents with their own data, such as a link to a malicious Web site.
  • cloud security - Cloud security, also known as cloud computing security, is the practice of protecting cloud-based data, applications and infrastructure from cyberthreats and cyber attacks.
  • command-and-control server (C&C server) - A command and control server (C&C server) is a computer that issues directives to digital devices that have been infected with rootkits or other types of malware, such as ransomware.
  • computer exploit - A computer exploit, or exploit, is an attack on a computer system, especially one that takes advantage of a particular vulnerability the system offers to intruders.
  • computer worm - A computer worm is a type of malware whose primary function is to self-replicate and infect other computers while remaining active on infected systems.
  • Conduit browser hijacker - Conduit is a browser hijacker that is usually installed without the user’s knowledge through a drive-by download.
  • content spoofing - Content spoofing is a type of exploit used by a malicious hackers to present a faked or modified Web site to the user as if it were legitimate.
  • cross-site scripting (XSS) - Cross-site scripting (XSS) is a type of injection security attack in which an attacker injects data, such as a malicious script, into content from otherwise trusted websites.
  • cryptomining malware - Cryptomining malware is a form of malware that takes over a computer or mobile device's resources and uses them to perform cryptocurrency mining, a process of verifying cryptocurrency transactions using complex mathematical formulas also known as cryptojacking.
  • cyber attack - A cyber attack is any attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage.
  • cyber hijacking - Cyber hijacking, or computer hijacking, is a type of network security attack in which the attacker takes control of computer systems, software programs and/or network communications.
  • cyberheist - A cyberheist is the online version of the classic bank heist, in which a criminal or criminals hold up or break into a bank to get away with a large sum of money quickly.
  • destruction of service (DeOS) attack - A destruction-of-service (DeOS) attack is a form of cyberattack that targets an organization's entire online presence as well as their ability to recover from the attack afterwards.
  • device attack - A device attack is an exploit in which the attacker takes advantage of a vulnerable device to gain network access.
  • dictionary attack - A dictionary attack is a method of breaking into a password-protected computer, network or other IT resource by systematically entering every word in a dictionary as a password.
  • distributed denial-of-service (DDoS) attack - A distributed denial-of-service (DDoS) attack is one in which multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource.
  • domain generation algorithm (DGA) - A domain generation algorithm (DGA) is a program that generates a large list of domain names.
  • domain rotation - Domain rotation is a technique use by malware distributors to drive traffic from multiple domains to a single IP address that is controlled by the distributor.
  • doxware (extortionware) - Doxware, also known as extortionware, is an exploit in which the attacker accesses the target's sensitive data and threatens to publish it if the victim does not meet his demands.
  • drive-by download - A drive-by download is a program that is automatically downloaded to your computer without your consent or even your knowledge.
  • drive-by pharming - Drive-by pharming is a vulnerability exploitation method in which the attacker takes advantage of an inadequately unprotected broadband router to gain access to user data.
  • drive-by spamming - Drive-by spamming is a variation of drive-by hacking in which the perpetrators gain access to a vulnerable wireless local area network (WLAN) and use that access to send huge volumes of spam.
  • dropper - A dropper is a small helper program that facilitates the delivery and installation of malware.
  • email spoofing - Email spoofing is a form of cyber attack in which a hacker sends an email that has been manipulated to seem as if it originated from a trusted source.
  • email virus - An email virus consists of malicious code that is distributed in email messages, and it can be activated when a user clicks on a link in an email message, opens an email attachment or interacts in some other way with the infected email message.
  • equipment destruction attack - An equipment destruction attack, also known as a hardware destruction attack, is an exploit that destroys physical computer and electronic equipment.
  • Evil Corp - Evil Corp is an international cybercrime network that uses malicious software to steal money from its victims' bank accounts.
  • exploit kit (crimeware kit) - An exploit kit is a programming tool that allows someone who does not have any experience writing software code to create, customize and distribute malware.
  • fileless malware attack - A fileless malware attack is a type of malicious attack a hacker can use to leverage applications already installed in a computer.
  • Flexible Mandatory Access Control (FMAC) - Flexible Mandatory Access Control (FMAC) is an ongoing project intended to enhance the Sun Microsystems OpenSolaris operating platform by adding two security technologies: Flux Advanced Security Kernel (Flask) and Type Enforcement (TE).
  • form grabber - A form grabber is a type of malware that captures data such as IDs and passwords from browser forms.
  • Gen V attack (5th generation cyberattack) - Gen V attack is a 5th generation cyberattack that is typically defined by the threat level and sophistication of the attack, including very large data breaches.
  • government Trojan - A government Trojan is spyware installed on a computer or network by a law enforcement agency for the purpose of capturing information relevant to a criminal investigation.
  • hardware vulnerability - A hardware vulnerability is an exploitable weakness in a computer system that enables attack through remote or physical access to system hardware.
  • identity theft - Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable information (PII), such as Social Security or driver's license numbers, in order to impersonate someone else.
  • IFrame (Inline Frame) - The IFrame HTML element is often used to insert content from another source, such as an advertisement, into a Web page.
  • ILOVEYOU virus - The ILOVEYOU virus comes in an e-mail note with "I LOVE YOU" in the subject line and contains an attachment that, when opened, results in the message being re-sent to everyone in the recipient's Microsoft Outlook address book and, perhaps more seriously, the loss of every JPEG, MP3, and certain other files on the recipient's hard disk.
  • incidence - Incidence, in statistics, is the rate of occurrence of something within a population, or the number of times it occurs.
  • insider threat - An insider threat is a category of risk posed by those who have access to an organization's physical or digital assets.
  • IP Spoofing - IP spoofing is the crafting of Internet Protocol (IP) packets with a source IP address that has been modified to impersonate another computer system, or to hide the identity of the sender, or both.
  • Kaptoxa - Kaptoxa (pronounced kar-toe-sha) is a type of point-of-sale (POS) malware designed to compromise payment information systems.
  • likejacking - Likejacking is a variation on clickjacking in which malicious coding is associated with a Facebook Like button.
  • macro virus - A macro virus is a computer virus written in the same macro language used for software programs, including Microsoft Excel or word processors such as Microsoft Word.
  • malware - Malware, or malicious software, is any program or file that is harmful to a computer user.
  • Malware Analysis Report (MAR) - Malware Analysis Report (MAR) is a document that relates the functionality and effects of a given piece of malware.
  • malware testing - Malware testing is the practice of subjecting malicious programs to software testing tools and procedures designed to assess the viability of legitimate applications.
  • man-in-the-middle attack (MitM) - A man-in-the-middle attack is one in which the attacker secretly intercepts and relays messages between two parties who think they are communicating directly with each other.
  • Melissa virus - Melissa is a fast-spreading macro virus that is distributed as an e-mail attachment that, when opened, disables a number of safeguards in Word 97 or Word 2000, and, if the user has the Microsoft Outlook e-mail program, causes the virus to be resent to the first 50 people in each of the user's address books.
  • mobile device attack - A mobile device attack is an exploit targeting handheld communications devices, such as smartphones and tablets.
  • mobile malware - Mobile malware is malicious software specifically written to attack mobile devices such as smartphones, tablets, and smartwatches.
  • mobile phone virus - A mobile phone virus is a computer virus specifically adapted for the cellular environment and designed to spread from one vulnerable phone to another.
  • mobile spyware - Mobile spyware is monitoring software that is installed on a mobile device without the end user's knowledge.
  • pastebin - A pastebin is a Web application that allows users to upload and share text online.
  • peer-to-peer botnet (P2P botnet) - A peer-to-peer botnet is a decentralized group of malware-compromised machines working together for an attacker’s purpose without their owners’ knowledge.
  • Pegasus malware - Pegasus malware is spyware that can hack any iOS or Android device and steal a variety of data from the infected device, including text messages, emails, key logs, audio and information from installed applications, such as Facebook or Instagram.
  • pharma hack - The pharma hack is an exploit that takes advantage of vulnerabilities in WordPress or Joomla documents, causing search engines, notably the one hosted by Google, to return ads for pharmaceutical products along with legitimate listings.
  • pharming - Pharming is a scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent websites without their knowledge or consent.
  • phishing - Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels.
  • phishing kit - A phishing kit is a collection of tools assembled to make it easier for people with little technical skill to launch a phishing exploit.
  • polymorphic virus - A polymorphic virus is a harmful, destructive or intrusive type of malware that can change or 'morph,' making it difficult to detect with antimalware programs.
  • Portal of Doom - Portal of Doom (abbreviated as PoD and sometimes spelled all one word, as PortalOfDoom) is a Trojan horse that hijacks the computers of unsuspecting Windows users running old operating systems.
  • POS malware (point-of-sale malware) - Point-of-sale malware (POS malware) is malicious software expressly written to steal customer payment data -- especially credit card data -- from retail checkout systems.
  • ransomware - Ransomware is a subset of malware in which the data on a victim's computer is locked -- typically by encryption -- and payment is demanded before the ransomed data is decrypted and access is returned to the victim.
  • ransomware as a service (RaaS) - Ransomware as a service (RaaS) is the offering of pay-for-use malware.
  • RAT (remote access Trojan) - A remote access Trojan (RAT) is a malware program that gives an intruder administrative control over a target computer.
  • Rescator - Rescator is the name of an underground online forum which allegedly sold credit card data stolen from customers who shopped at the United States discount retail chain, Target.
  • RFID virus - An RFID (radio-frequency identification) virus is malicious code inserted into an RFID tag to alter or corrupt data in an RFID system.
  • Robert Morris worm - The Robert Morris worm is widely acknowledged as the first computer worm to be distributed across the Internet and the first computer virus to receive mainstream media attention.
  • script kiddy (or script kiddie) - Script kiddy (sometimes spelled kiddie) is a derogative term, originated by the more sophisticated crackers of computer security systems, for the more immature, but unfortunately often just as dangerous exploiter of security lapses on the Internet.
  • security incident - A security incident is an event that may indicate that an organization's systems or data have been compromised or that measures put in place to protect them have failed.
  • SEO poisoning (search poisoning) - Search poisoning, also known as search engine poisoning, is an attack involving malicious websites that are designed to show up prominently in search results.
  • Shamoon - Shamoon, also called W32.
  • side-channel attack - A side-channel attack is a security exploit that aims to gather information from or influence the program execution of a system by measuring or exploiting indirect effects of the system or its hardware -- rather than targeting the program or its code directly.
  • social engineering - Social engineering is an attack vector that relies heavily on human interaction and often involves manipulating people into breaking normal security procedures and best practices to gain unauthorized access to systems, networks or physical locations or for financial gain.
  • spear phishing - Spear phishing is an email spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information.
  • spyware - Spyware is a type of malicious software -- or malware -- that is installed on a computing device without the end user's knowledge.
  • stealth virus - In computer security, a stealth virus is a computer virus that uses various mechanisms to avoid detection by antivirus software.
  • Stegano - Stegano is a malware toolkit that allows users to hide malicious code in images.
  • Stuxnet - The Stuxnet worm is a rootkit exploit that targets supervisory control and data acquisition (SCADA) systems.
  • targeted attack - A targeted attack is one that seeks to breach the security measures of a specific individual or organization.
SearchCompliance
  • OPSEC (operations security)

    OPSEC (operations security) is a security and risk management process and strategy that classifies information, then determines ...

  • smart contract

    A smart contract is a decentralized application that executes business logic in response to events.

  • compliance risk

    Compliance risk is an organization's potential exposure to legal penalties, financial forfeiture and material loss, resulting ...

SearchSecurity
  • DOS (disk operating system)

    A DOS, or disk operating system, is an operating system that runs from a disk drive. The term can also refer to a particular ...

  • private key

    A private key, also known as a secret key, is a variable in cryptography that is used with an algorithm to encrypt and decrypt ...

  • security token

    A security token is a physical or digital device that provides two-factor authentication for a user to prove their identity in a ...

SearchHealthIT
SearchDisasterRecovery
  • What is risk mitigation?

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • change control

    Change control is a systematic approach to managing all changes made to a product or system.

  • disaster recovery (DR)

    Disaster recovery (DR) is an organization's ability to respond to and recover from an event that affects business operations.

SearchStorage
  • What is RAID 6?

    RAID 6, also known as double-parity RAID, uses two parity stripes on each disk. It allows for two disk failures within the RAID ...

  • VRAM (video RAM)

    VRAM (video RAM) refers to any type of random access memory (RAM) specifically used to store image data for a computer display.

  • PCIe SSD (PCIe solid-state drive)

    A PCIe SSD (PCIe solid-state drive) is a high-speed expansion card that attaches a computer to its peripherals.

Close