Security Dictionary
Auto update The process by which code stored on a local drive communicates with a server to be updated, or improved. This is done by legitimate software, e.g., Windows programs. It has also become a regular component of malicious software.
Blackhat A skilled hacker hacking for illegal and sinister purposes, sometimes political and economical, and not just for pranks.
Blended Attacks or Blended Threats is a software vulnerability that involves a combination of attacks against different vulnerabilities. For example, many a worm, a trojan horse and a computer virus exploit multiple techniques to attack and propagate.
Buffer Overflow The overwritten data may include other buffers, variables and program flow data, and may result in erratic program behavior, a memory access exception, program termination (a crash), incorrect results or — especially if deliberately caused by a malicious user — a possible breach of system security. Buffer overflows can be triggered by inputs specifically designed to execute malicious code or to make the program operate in an unintended way. As such, buffer overflows cause many software vulnerabilities and form the basis of many exploits.
Cross-site Scripting HTML/Script Injection is a popular subject, commonly termed "Cross Site Scripting", or "XSS". XSS refers to an injection flaw whereby user input to a web script or something along such lines is placed into the outputted HTML, without being checked for HTML code or scripting.
The two basic types are as follows:
Active (Type 1) This type of XSS flaw is less dangerous, as the user input is placed into a dynamically generated page. No changes are made on the server.
Passive (Type 2) This type is more dangerous, as the input is written to a static page, and as such, is persistent.
Data Mining A legitimate technology approach turned to sinister intent. Databases of identities are joined together, as with a data wharehouse. Then, the pieces of an individual’s identity are matched until there is a whole identity with the information necessary to commit financial fraud. For instance, data is mined on a user’s name and address from one data source, credit card number from another source, and social security number from yet another. Then, all are joined and the identity is whole.
Identity Theft Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception, typically for economic gain. In September 2003, the Federal Trade Commission reported that 9.9 million U.S. residents have been victims of identify theft during the past year, costing businesses and financial institutions $48 billion and consumers $5 billion in out-of-pocket expenses.This has become increasingly common on the internet through a series of ever increasingly sophisticated exploits.
Page hijacking is a form of cloaking, made possible because some web crawlers detect duplicates while indexing web pages. If two pages have the same content, only one of the URLs will be kept. A spammer will try to ensure that the rogue website is the one shown on the result pages.
Pharming (pronounced farming) is a hacker's attack aiming to redirect a website's traffic to another, bogus website. Identify theft is the major objective. Pharming has become of major concern to businesses hosting ecommerce and online banking websites.Antivirus software and spyware removal software cannot protect against pharming.
PhishingThe act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.
Polymorphic malware is harmful, destructive or intrusive computer software such as a virus, worm, Trojan or spyware that constantly changes ("morphs"), making it difficult to detect with anti-malware programs. Evolution of the malicious code can occur in a variety of ways such as filename changes, compression and encryption with variable keys. Think of STORM programs.
SQL injections are a recent version of code injection is a computer bug that is caused by processing invalid data. Code injection can be used by an attacker to introduce (or "inject") code into a computer program to change the course of execution. The results of a Code Injection attack can be disastrous. For instance, code injection is used by some Computer worms to propagate. ASP, PHP, and Shell injections are similar.
Spear Phishing is the technique of identifying executives, or high net wealth individuals. These individuals are actively data mined to commit financial fraud against them.
The following glossary is from the Anti Spyware Coalition, and is copied within the terms of their website
http://www.antispywarecoalition.org/documents/glossary.htm
ASC includes the following Glossary in order to clarify some of the terms used in this document, particularly the more frequently used terms in anti-spyware products and research. This Glossary will be updated as we continue with our work.
ActiveX Control: See “Browser Plug-in.”
Advertising Display Software: Any program that causes advertising content to be displayed.
Adware: A type of Advertising Display Software, specifically certain executable applications whose primary purpose is to deliver advertising content potentially in a manner or context that may be unexpected and unwanted by users. Many adware applications also perform tracking functions, and therefore may also be categorized as Tracking Technologies. Some consumers may want to remove Adware if they object to such tracking, do not wish to see the advertising caused by the program, or are frustrated by its effects on system performance. On the other hand, some users may wish to keep particular adware programs if their presence subsidizes the cost of a desired product or service or if they provide advertising that is useful or desired, such as ads that are competitive or complementary to what the user is looking at or searching for.
Alternate Data Stream: An extension to Microsoft's Windows NT File System (NTFS) that provides compatibility with files created using Apple's Hierarchical File System (HFS). Applications must write special code if they want to access and manipulate data stored in an alternate stream. Some spyware uses these streams to evade detection.
Automatic Download Software: Any program used to download and install software without user interaction
Botnet: A type of Remote Control Software, specifically a collection of software robots, or “bots”, which run autonomously. A botnet's originator can control the group remotely. The botnet is usually a collection of zombie machines running programs (worms, trojans, etc.) under a common command and control infrastructure on public or private networks. Botnets have been used for sending spam remotely, installing more spyware without consent, and other illicit purposes.
Browser Helper Object (BHOs): see “Browser Plug-in.”
Browser Plug-in: A software component that interacts with a Web browser to provide capabilities or perform functions not otherwise included in the browser. Typical examples are plug-ins to display specific graphic formats, to play multimedia files or to add toolbars which include searching or anti-phishing services. Plug-ins can also perform potentially unwanted behaviors such as redirecting search results or monitoring user browsing behavior, connections history, or installing other unwanted software like nuisance or harmful adware. Types of Browser plug-ins include:
- ActiveX controls: A type of Browser Plug-in that is downloaded and executed by the Microsoft Internet Explorer Web browser.
- Browser Helper Object (BHOs): A Type of Browser Plug-in that is executed each time the Microsoft Internet Explorer Web browser is launched. Toolbars are a common form of BHO.
- Mozilla Firefox Extensions: A Browser Plug-in specific to Mozilla Firefox.
Bundling: The practice of distributing multiple pieces of software together, so that when the software “bundle” is installed, multiple components may be installed. In many cases, bundling is a convenient way to distribute related pieces of software together. However, in some cases, unwanted software components, such as nuisance or harmful adware, can be bundled with programs users want, and can thereby be downloaded onto their computers without notice or consent.
Cookie: A piece of data that a Web site -- or a third party that was commissioned or approved by the website -- saves on users’ computers’ hard drives and retrieves when the users revisit that Web site. Some cookies may use a unique identifier that links to information such as login or registration data, online "shopping cart" selections, user preferences, Web sites a user has visited, etc. (See also Tracking Cookies.)
Dialer: Dialer is a colloquial term for Dialing Software.
Dialing Software: Any program that utilizes a computer’s modem to make calls or access services. Users may want to remove dialers that dial without the user’s active involvement, resulting in unexpected telephone charges and/or cause access to unintended and unwanted content.
Distributed Denial-of-Service (DDoS) Attack: A means of burdening or effectively shutting down a remote system by bombarding it with traffic from many other computers. DDoS attacks are often launched using the compromised systems of Internet users, often using botnets. An attacker will exploit a vulnerability in one computer system and make it the DDoS “master” using Remote Control Software. Later, the intruder will use the master system to identify and manage zombies that can perform the attack.
Downloader: A program designed to retrieve and install additional files. Downloaders can be useful tools for consumers to automate upgrades of essential software such as operating system upgrades, browsers, anti-virus applications, anti-spyware tools, games and other useful or enjoyable applications of all kinds. Automated upgrades are useful for closing off security vulnerabilities in a timely way. Unauthorized downloaders are used by third parties to download potentially unwanted software without user notification or consent.
Drive-by-Download: The automatic download of software to a user’s computer when she visits a Web site or views an html formatted email, without the user’s consent and often without any notice at all. Drive-by-downloads are typically performed by exploiting security holes or lowered security settings on a user’s computer.
Droneware: Programs used to take remote control of a computer and typically used to send spam remotely, run DDOS attacks or host offensive Web images. See also “Botnet.”
End User License Agreement (EULA): An agreement between a producer and a user of computer software that specifies the terms of use putatively agreed to by the user. The software producer specifies the parameters and limitations on use, which comprise a legally binding contract. Some companies use the EULA as the sole means of disclosure of a program’s behavior (including bundling, use of the user’s data, etc.).
Exploit/Security Exploit: A piece of software that takes advantage of a hole or vulnerability in a user’s system to gain unauthorized access to the system.
Hacker Tool: Security Analysis Software that can be used to investigate, analyze or compromise the security of systems. Some Hacker Tools are multi-purpose programs, while others have few legitimate uses.
Hijacker: System Modification Software deployed without adequate notice, consent, or control to the user. Hijackers often unexpectedly alter browser settings, redirect Web searches and/or network requests to unintended sites, or replace Web content. Hijackers may also frustrate users’ attempts to undo these changes, by restoring hijacked settings upon each system start.
Host File: A file, stored on the user's computer, used to look up the Internet Protocol address of a device connected to a computer network. Some spyware has been known to change a host file in order to redirect users from a site that they want to visit to sites that the spyware company wants them to visit.
Keylogger (or Keystroke Logger): Tracking Software that records keyboard and/or mouse activity. Keyloggers typically either store the recorded keystrokes for later retrieval or they transmit them to the remote process or person employing the keylogger. While there are some legitimate uses of keyloggers, but they are often used maliciously by attackers to surreptitiously track behavior to perform unwanted or unauthorized actions included but not limited to identity theft
Objective Criteria: The behavioral factors by which anti-spyware companies use to decide whether to consider a process or program is spyware.
Packer: A program that can compress and/or encrypt an executable file in a manner that prevents matching the memory image of that file and the actual file on disk. Sometimes used for copy protection, packers are often used to make spyware less easy to analyze/detect.
Passive Tracking Technologies: Technologies used to monitor user behavior or gather information about the user, sometimes including personally identifiable or other sensitive information.
Password Cracker: Security Analysis Software designed to allow someone to recover or decrypt lost, forgotten or unknown passwords. Password Cracker can guess a password by running a brute-force attack, e.g. testing each character combination to find the right password, or by running a dictionary attack, e.g. testing common words from large dictionaries, which could be used as password by users. While they can be a legitimate tool used by security administrators and law enforcement officers, Password Crackers pose a significant security and privacy threat when used illicitly.
Port Scanner: Security Analysis Software used to discover what computer network services a remote system provides. Port scanning indicates where to probe for weaknesses.
Privacy Policy: A legally binding notice of how a company deals with a user’s personal information. The privacy policy should contain information about collecting information and the secondary uses of data, including how information is shared with third parties and who those third parties are.
Privilege Elevation: A process that allows an individual or device to gain unauthorized privileges, usually administrator level access, on a computer or network.
Registry: A database integrated into certain operating systems which store information, including user preferences, settings and licence information, about hardware and software installed on a user's computer.
Registry Keys: The individual entries in the registry. The value of the keys is changed every time a new program is installed or configuration settings are modified. Spyware often changes registry key values in order to take control of parts of the system. These changes can impair the regular function of the computer.
Remote Access/Administration Tool (RAT): An executable application designed to allow remote access to or control of a system. RATs are a type of Remote Control Software. While there are many legitimate uses of RATs, they can be used maliciously by attackers to start or end programs, install and uninstall new software, or perform other unwanted or unauthorized actions.
Remote Control Software: Any program used to allow remote access or control of computer systems.
Risk Modeling: The process used by anti-spyware vendors to determine the categorization of spyware, both in terms of level and type of risk.
Rootkit: A program that fraudulently gains or maintains administrator level access that may also execute in a manner that prevents detection. Once a program has gained access, it can be used to monitor traffic and keystrokes; create a backdoor into the system for the hacker's use; alter log files; attack other machines on the network; and alter existing system tools to circumvent detection. Rootkit commands replace original system command to run malicious commands chosen by the attacker and to hide the presence of the Rootkit on the system by modifying the results returned by suppressing all evidence of the presence of the Rootkit. Rootkits are an extreme form of System Modification Software.
Screen Scrapers/Screen Capturers: Tracking Software that records images of activity on the screen. Screen Scrapers typically either store the recorded images and video for later retrieval or they transmit them to the remote process or person employing the Screen Scraper. There are some legitimate uses of screen scrapers, but they are often used maliciously by attackers to surreptitiously track behavior to perform unwanted or unauthorized actions that can include identity theft.
Security Analysis Software: Any program used by a computer user to analyze or circumvent security protections.
Snoopware: Sometimes used as a synonym for the narrower definition of Spyware—i.e. Tracking Software.
State Management Tools: Technologies used to store and make available information about the “state” of a system—i.e. information about current conditions and operations. Cookies are the most common form of a State Management Tool since they can be used to store data provided to a Web site and maintain a Web application session. State Management Tools can be used as a Tracking Technology.
System Modifying Software: Any program used to modify a user's system and change their experience, such as by altering their home page, search page, default media player, or lower level system functions.
Spyware: The term Spyware has been used in two ways.
In its narrow sense, Spyware is a term for Tracking Software deployed without adequate notice, consent, or control for the user.
In its broader sense, Spyware is used as a synonym for what the ASC calls “Spyware and Other Potentially Unwanted Technologies.”
In technical settings, ASC uses the term Spyware only in its narrower sense and always marks it as such [spyware(narrow)]. However, we understand that it is impossible to avoid the broader connotations of the term in colloquial or popular usage, and we do not attempt to do so. For example, we refer to the group as the Anti-Spyware Coalition and vendors as makers of anti-spyware software, even recognizing that their scope of concern extends beyond tracking software. Therefore, the term spyware, when used generally in an ASC document will always refer to the broader colloquial usage.
Stream Files: See “Alternate Data Stream.”
System Monitor: Tracking Software is used to monitor computer activity. System Montiors range in capabilities but may record some or all of the following: keystrokes, screen captures, e-mails, chat room conversations, instant messages, Web sites visited, programs run, time spent on Web sites or using programs, or usernames, passwords or other types of data in transit. The information is typically either stored for later retrieval or transmitted to the remote process or person employing the Monitor. Keyloggers and Screen Scrapers are types of System Monitors.
Tracking Cookies: A Tracking Cookie is any cookie used for tracking users’ surfing habits. Tracking Cookies are a form of Tracking Technology. They are typically used by advertisers wishing to analyze and manage advertising data, but they may be used to profile and track user activity more closely. However, tracking cookies are simply a text file, and far more limited in capability than executable software installed on users’ computers. While installed software can potentially record any data or activity on a computer (see System Monitor), cookies are simply a record of visits or activity with a single Website or its affiliated sites.
Tracking software: Software that monitors user behavior, or gathers information about the user, sometimes including personally identifiable or other sensitive information, through an executable program.
Tricklers: Automatic Download Software designed to install or reinstall software by downloading slowly in the background so the download is less noticeable (and does not impair other functions). Tricklers are typically used to enable a spyware program to install silently or to reinstall after a user has removed components of the program from his or her computer.
Trojan: A Program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Underlying Technology: One of the technologies listed in the table above that has been used to harm users; however with proper notice, consent, and control, these same technologies could provide user benefit.
United Virtualities Persistent Identification Element (PIE): United Virtualities PIE is a Tracking Technology designed to be an alternative to a cookie, utilizing Macromedia Flash, that is an example of a passive tracking technology.
User: The system owner or their designated administrator. In a household, this is commonly the person operating the computer.
Virus: A computer virus is code that recursively replicates a possibly evolved copy of itself. Viruses infect a host file or system area, or they simply modify a reference to such objects to take control and then multiply again to form new generations.
Worm: Worms are network viruses, primarily replicating on networks. Usually a worm will execute itself automatically on a remote machine without any extra help from a user. However, there are worms, such as mass-mailer worms, that will not always automatically execute themselves without the help of a user.
Zombie: A system that has been taken over using Remote Control Software. Zombies are often used to send spam or to attack remote servers with an overwhelming amount of traffic (a Distributed Denial of Service Attack). A collection of many zombies comprise a botnet.
Ad Network Suite Products
Malware Detection
Creative Scan
Content Monitor
Ad Buddy
Product Demonstration
Click Here to see a demonstration of ClickFacts' Content Monitor.
Stay up to date on the threats to your business: