Browse Definitions :

Malware

Terms related to malware, including definitions about viruses and Trojans and other words and phrases about malicious software.

ACO - THR

  • acoustical infection - Acoustic infection is a type of malware that uses a compromised computer’s sound card and speakers to send data using a covert ultrasonic acoustical mesh network.
  • ad fraud - Ad fraud is a type of scam in which the perpetrator fools advertisers into paying for something useless to them, such as fake traffic, fake leads or ineffective and misrepresented ad placement.
  • ad fraud botnet - An ad fraud botnet is a distributed network of computers controlled by a botmaster to defraud advertisers.
  • adware - Adware is any software application in which an advertising banner or other advertising material displays or downloads while a program is running.
  • Anna Kournikova virus VBS.SST - The Anna Kournikova VBS.
  • antimalware (anti-malware) - Antimalware is a type of software program created to protect IT systems and individual computers from malicious software, or malware.
  • antivirus software (antivirus program) - Antivirus software is a class of program designed to prevent, detect and remove malware infections on individual computing devices, networks and IT systems.
  • ATM black box attack - An ATM black box attack, also referred to as jackpotting, is a type of banking-system crime in which the perpetrators bore holes into the top of the cash machine to gain access to its internal infrastructure.
  • attack vector - An attack vector is a path or means by which an attacker or hacker can gain access to a computer or network server in order to deliver a payload or malicious outcome.
  • Backoff - Backoff is point-of-sale malware that uses memory scraping  to steal credit card data from Windows-based retail machines on which it is installed.
  • BadBIOS - BadBIOS is a BIOS-level Trojan that can affect Windows, Macintosh, Linux and BSD systems.
  • bitcoin mining - Bitcoin mining is the process of verifying new transactions to the Bitcoin digital currency system, as well as the process by which new bitcoin enter into circulation.
  • blacklist - A blacklist, in IT, is a collection of entities that are blocked from communicating with or logging into a computer, site or network.
  • blended threat - A blended threat is an exploit that combines elements of multiple types of malware and perhaps takes multiple attack vectors to increase the severity of damage and the speed of contagion.
  • boot sector virus - A boot sector virus is malware that infects the computer storage sector where startup files are found.
  • bot worm - A bot worm is a self-replicating malware program that resides in current memory, turns infected computers into zombies (or bots) and transmits itself to other computers.
  • botnet topology - A botnet topology is the network structure by which botnet interconnections are organized.
  • browser extension malware - Extension malware is any browser extension that was developed intentionally with coding that causes undesirable behaviors or whose code has been compromised by an attacker to do so.
  • cache poisoning - Cache poisoning is a type of cyber attack in which attackers insert fake information into a domain name system (DNS) cache or web cache for the purpose of harming users.
  • car hacking - Car hacking is the manipulation of the code in a car's electronic control unit (ECU) to exploit a vulnerability and gain control of other ECU units in the vehicle.
  • Chernobyl virus - The Chernobyl virus is a computer virus with a potentially devastating payload that destroys all computer data when an infected file is executed.
  • clipboard hijack attack - A clipboard hijacking is an exploit in which the attacker gains control of the victim's clipboard and replaces its contents with their own data, such as a link to a malicious Web site.
  • cloud security - Cloud security, also known as cloud computing security, is the practice of protecting cloud-based data, applications and infrastructure from cyberthreats and cyber attacks.
  • command-and-control server (C&C server) - A command and control server (C&C server) is a computer that issues directives to digital devices that have been infected with rootkits or other types of malware, such as ransomware.
  • computer exploit - A computer exploit, or exploit, is an attack on a computer system, especially one that takes advantage of a particular vulnerability the system offers to intruders.
  • computer worm - A computer worm is a type of malware whose primary function is to self-replicate and infect other computers while remaining active on infected systems.
  • Conduit browser hijacker - Conduit is a browser hijacker that is usually installed without the user’s knowledge through a drive-by download.
  • content spoofing - Content spoofing is a type of exploit used by a malicious hackers to present a faked or modified Web site to the user as if it were legitimate.
  • cross-site scripting (XSS) - Cross-site scripting (XSS) is a type of injection attack in which a threat actor inserts data, such as a malicious script, into content from otherwise trusted websites.
  • cryptomining malware - Cryptomining malware is a form of malware that takes over a computer or mobile device's resources and uses them to perform cryptocurrency mining, a process of verifying cryptocurrency transactions using complex mathematical formulas also known as cryptojacking.
  • cyber attack - A cyber attack is any attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage.
  • cyber hijacking - Cyber hijacking, or computer hijacking, is a type of network security attack in which the attacker takes control of computer systems, software programs and/or network communications.
  • cyberheist - A cyberheist is the online version of the classic bank heist, in which a criminal or criminals hold up or break into a bank to get away with a large sum of money quickly.
  • decompression bomb (zip bomb, zip of death attack) - A decompression bomb -- also known as a zip bomb or zip of death attack -- is a malicious archive file containing a large amount of compressed data.
  • destruction of service (DeOS) attack - A destruction-of-service (DeOS) attack is a form of cyberattack that targets an organization's entire online presence as well as their ability to recover from the attack afterwards.
  • device attack - A device attack is an exploit in which the attacker takes advantage of a vulnerable device to gain network access.
  • dictionary attack - A dictionary attack is a method of breaking into a password-protected computer, network or other IT resource by systematically entering every word in a dictionary as a password.
  • distributed denial-of-service (DDoS) attack - A distributed denial-of-service (DDoS) attack is one in which multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource.
  • domain generation algorithm (DGA) - A domain generation algorithm (DGA) is a program that generates a large list of domain names.
  • domain rotation - Domain rotation is a technique use by malware distributors to drive traffic from multiple domains to a single IP address that is controlled by the distributor.
  • drive-by download - A drive-by download is a program that is automatically downloaded to your computer without your consent or even your knowledge.
  • dropper - A dropper is a small helper program that facilitates the delivery and installation of malware.
  • Elk Cloner - Elk Cloner is the first personal computer virus or self-replicating program known to have spread in the wild on a large scale.
  • email spoofing - Email spoofing is a form of cyber attack in which a hacker sends an email that has been manipulated to seem as if it originated from a trusted source.
  • email virus - An email virus consists of malicious code distributed in email messages to infect one or more devices.
  • enterprise risk management (ERM) - Enterprise risk management is the process of planning, organizing, directing and controlling the activities of an organization to minimize the deleterious effects of risk on its capital and earnings.
  • equipment destruction attack - An equipment destruction attack, also known as a hardware destruction attack, is an exploit that destroys physical computer and electronic equipment.
  • Evil Corp - Evil Corp is an international cybercrime network that uses malicious software to steal money from its victims' bank accounts.
  • exploit kit (crimeware kit) - An exploit kit is a programming tool that allows someone who does not have any experience writing software code to create, customize and distribute malware.
  • fileless malware attack - A fileless malware attack is a type of malicious attack a hacker can use to leverage applications already installed in a computer.
  • form grabber - A form grabber is a type of malware that captures data such as IDs and passwords from browser forms.
  • Gen V attack (5th generation cyberattack) - Gen V attack is a 5th generation cyberattack that is typically defined by the threat level and sophistication of the attack, including very large data breaches.
  • government Trojan - A government Trojan is spyware installed on a computer or network by a law enforcement agency for the purpose of capturing information relevant to a criminal investigation.
  • hardware vulnerability - A hardware vulnerability is an exploitable weakness in a computer system that enables attack through remote or physical access to system hardware.
  • identity theft - Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable information (PII), such as Social Security or driver's license numbers, to impersonate someone else.
  • IFrame (Inline Frame) - The IFrame HTML element is often used to insert content from another source, such as an advertisement, into a Web page.
  • ILOVEYOU virus - The ILOVEYOU virus comes in an email with 'ILOVEYOU' in the subject line and contains an attachment that, when opened, results in the message being re-sent to everyone in the recipient's Microsoft Outlook address book.
  • incidence - Incidence, in statistics, is the rate of occurrence of something within a population, or the number of times it occurs.
  • insider threat - An insider threat is a category of risk posed by those who have access to an organization's physical or digital assets.
  • IP spoofing - Internet Protocol (IP) spoofing is a type of malicious attack where the threat actor hides the true source of IP packets to make it difficult to know where they came from.
  • logic bomb - A logic bomb is a string of malicious code that is inserted intentionally into a program to harm a network when certain conditions are met.
  • macro virus - A macro virus is a computer virus written in the same macro language used to create software programs such as Microsoft Excel or Word.
  • malware - Malware, or malicious software, is any program or file that is intentionally harmful to a computer, network or server.
  • Malware Analysis Report (MAR) - Malware Analysis Report (MAR) is a document that relates the functionality and effects of a given piece of malware.
  • malware testing - Malware testing is the practice of subjecting malicious programs to software testing tools and procedures designed to assess the viability of legitimate applications.
  • man-in-the-middle attack (MitM) - A man-in-the-middle attack is one in which the attacker secretly intercepts and relays messages between two parties who think they are communicating directly with each other.
  • Melissa virus - Melissa was a type of email virus that initially become an issue in early 1999.
  • mobile device attack - A mobile device attack is an exploit targeting handheld communications devices, such as smartphones and tablets.
  • mobile malware - Mobile malware is malicious software specifically written to attack mobile devices such as smartphones, tablets, and smartwatches.
  • mobile spyware - Mobile spyware is monitoring software that is installed on a mobile device without the end user's knowledge.
  • Nimda - First appearing on September 18, 2001, Nimda is a computer virus that caused traffic slowdowns as it rippled across the internet.
  • pastebin - A pastebin is a Web application that allows users to upload and share text online.
  • peer-to-peer botnet (P2P botnet) - A peer-to-peer botnet is a decentralized group of malware-compromised machines working together for an attacker’s purpose without their owners’ knowledge.
  • Pegasus malware - Pegasus malware is spyware that can hack any iOS or Android device and steal a variety of data from the infected device, including text messages, emails, key logs, audio and information from installed applications, such as Facebook or Instagram.
  • pharma hack - The pharma hack is an exploit that takes advantage of vulnerabilities in WordPress or Joomla documents, causing search engines, notably the one hosted by Google, to return ads for pharmaceutical products along with legitimate listings.
  • pharming - Pharming is a scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent websites without their knowledge or consent.
  • phishing - Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels.
  • phishing kit - A phishing kit is a collection of tools assembled to make it easier for people with little technical skill to launch a phishing exploit.
  • polymorphic virus - A polymorphic virus is a harmful, destructive or intrusive type of malware that can change or 'morph,' making it difficult to detect with antimalware programs.
  • Portal of Doom - Portal of Doom (abbreviated as PoD and sometimes spelled all one word, as PortalOfDoom) is a Trojan horse that hijacks the computers of unsuspecting Windows users running old operating systems.
  • POS malware (point-of-sale malware) - Point-of-sale malware (POS malware) is malicious software expressly written to steal customer payment data -- especially credit card data -- from retail checkout systems.
  • ransomware - Ransomware is a subset of malware in which the data on a victim's computer is locked -- typically by encryption -- and payment is demanded before the ransomed data is decrypted and access is returned to the victim.
  • ransomware as a service (RaaS) - Ransomware as a service (RaaS) is the offering of pay-for-use malware.
  • RAT (remote access Trojan) - A remote access Trojan (RAT) is a malware program that gives an intruder administrative control over a target computer.
  • RFID virus - An RFID (radio-frequency identification) virus is malicious code inserted into an RFID tag to alter or corrupt data in an RFID system.
  • Robert Morris worm - The Robert Morris worm is widely acknowledged as the first computer worm to be distributed across the Internet and the first computer virus to receive mainstream media attention.
  • script kiddie - Script kiddie is a derogative term that computer hackers coined to refer to immature, but often just as dangerous, exploiters of internet security weaknesses.
  • security incident - A security incident is an event that may indicate that an organization's systems or data have been compromised or that measures put in place to protect them have failed.
  • SEO poisoning (search poisoning) - Search poisoning, also known as search engine poisoning, is an attack involving malicious websites that are designed to show up prominently in search results.
  • Shamoon - Shamoon, also called W32.
  • side-channel attack - A side-channel attack is a security exploit that aims to gather information from or influence the program execution of a system by measuring or exploiting indirect effects of the system or its hardware -- rather than targeting the program or its code directly.
  • social engineering - Social engineering is an attack vector that relies heavily on human interaction and often involves manipulating people into breaking normal security procedures and best practices to gain unauthorized access to systems, networks or physical locations or for financial gain.
  • spear phishing - Spear phishing is a malicious email spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information.
  • spyware - Spyware is a type of malicious software -- or malware -- that is installed on a computing device without the end user's knowledge.
  • stealth virus - A stealth virus is a computer virus that uses various mechanisms to avoid detection by antivirus software.
  • Stegano - Stegano is a malware toolkit that allows users to hide malicious code in images.
  • Stuxnet - The Stuxnet worm is a rootkit exploit that targets supervisory control and data acquisition (SCADA) systems.
  • TDL-4 (TDSS or Alureon) - TDL-4 is sophisticated malware that facilitates the creation and maintenance of a botnet.
  • threat modeling - Threat modeling is a procedure for optimizing application, system or business process security by identifying objectives and vulnerabilities, and then defining countermeasures to prevent or mitigate the effects of threats to the system.
SearchCompliance
  • ISO 31000 Risk Management

    The ISO 31000 Risk Management framework is an international standard that provides businesses with guidelines and principles for ...

  • pure risk

    Pure risk refers to risks that are beyond human control and result in a loss or no loss with no possibility of financial gain.

  • risk reporting

    Risk reporting is a method of identifying risks tied to or potentially impacting an organization's business processes.

SearchSecurity
SearchHealthIT
SearchDisasterRecovery
  • What is risk mitigation?

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • fault-tolerant

    Fault-tolerant technology is a capability of a computer system, electronic system or network to deliver uninterrupted service, ...

  • synchronous replication

    Synchronous replication is the process of copying data over a storage area network, local area network or wide area network so ...

SearchStorage
Close