ActiveX

ActiveX controls are software modules based on Microsoft's Component Object Model (COM) architecture. They add functionality to software applications by seamlessly incorporating pre-made modules with the basic software package. Modules can be interchanged but still appear as parts of the original software.

On the Internet, ActiveX controls can be linked to Web pages and downloaded by an ActiveX-compliant browser. ActiveX controls turn Web pages into software pages that perform like any other program launched from a server.

ActiveX controls can have full system access. In most instances this access is legitimate, but one should be cautious of malicious ActiveX applications.

Algorithm

A sequence of steps needed to solve logical or mathematical problems.

Certain cryptographic algorithms are used to encrypt or decrypt data files and messages and to sign documents digitally.

Anti-antivirus Virus

Anti-antivirus viruses attack, disable or infect specific anti-virus software. Also: Retrovirus

Anti-virus Software

Anti-virus software scans a computer's memory and disk drives for viruses. If it finds a virus, the application informs the user and may clean, delete or quarantine any files, directories or disks affected by the malicious code. Also: Anti-virus Scanner

Antivirus Virus

Antivirus viruses specifically look for and remove other viruses.

Applet

Any miniature application transported over the Internet, especially as an enhancement to a Web page. Authors often embed applets within the HTML page as a foreign program type.

Java applets are usually only allowed to access certain areas of the user's system. Computer programmers often refer to this area as the sandbox.

Armored Virus

An armored virus tries to prevent analysts from examining its code. The virus may use various methods to make tracing, disassembling and reverse engineering its code more difficult.

ASCII

American Standard Code for Information Interchange. Usually refers to coding system that assigns numerical values to characters such as letter, numbers, punctuation, and other symbols.

Basic ASCII allows only 7 bits per character (for a total of 128 characters). The first 32 characters are "unprintable" (line feed, form feed, etc.). Extended ASCII adds an additional 128 characters that vary between computers, programs and fonts. Computers use these extra characters for accented letters, graphical characters or other special symbols.

ASCII Files

ASCII files are usually text files consisting of only ASCII characters. With effort, it is possible to write program files consisting only of printable characters (See: EICAR Standard Anti-virus Test File). Windows batch (BAT) files and Visual Basic Script (See Also: Batch Files, VBS) files are also typically pure text, and program files.

Because of the danger macro viruses can pose, using ASCII files in e-mail communications may by less risky. While it is possible for ASCII files to contain program code, and thus to contain viruses, ASCII files let you control both content and layout exactly, ensuring your e-mail is legible by the most e-mail programs.

Attack

An attempt to subvert or bypass a system's security. Attacks may be passive or active. Active attacks attempt to alter or destroy data. Passive attacks try to intercept or read data without changing it. See Also: Brute Force Attack, Denial of Service, Hijacking, Password Attacks, Password Sniffing

Attributes

Characteristics assigned to all files and directories. Attributes include: Read Only, Archive, Hidden or System.

Back Door

A feature programmers often build into programs to allow special privileges normally denied to users of the program. Often programmers build back doors so they can fix bugs. If hackers or others learn about a back door, the feature may pose a security risk. Also: Trapdoor.

Back Orifice

Back Orifice is a program developed and released by The Cult of the Dead Cow (cDc). It is not a virus; it is a remote administration tool with potential for malicious misuse. If installed by a hacker, it has the ability to give a remote attacker full system administrator privileges to your system. It can also 'sniff' passwords and confidential data and quietly e-mail them to a remote site. Back Orifice is an extensible program--programmers can change and "enhance" it over time. See Also: Password Sniffing

Background Scanning

A feature in some anti-virus software to automatically scan files and documents as they are created, opened, closed or executed.

Background Task

A task executed by the system but generally remain invisible to the user. The system usually assigns background tasks a lower priority than foreground tasks. Some malicious software is executed by a system as a background task so the user does not realize unwanted actions are occurring.

Backup

n. A duplicate copy of data made for archiving purposes or for protecting against damage or loss.

v. The process of creating duplicate data. Some programs backup data files while maintaining both the current version and the preceding version on disk. However, a backup is not considered secure unless it is stored away from the original.

Batch files

Text files containing one MS-DOS command on each line of the file. When run, each line executes in sequential order. The batch file AUTOEXEC.BAT is executed when the computer is booted and loads a series of controls and programs. This file type has the extension BAT.

Bimodal virus

A bimodal virus infects both boot records and files. Also: Bipartite; See Also: Boot Sector Infector, File Virus, Multipartite

BIOS

Basic Input/Output System. The part of the operating system that identifies the set of programs used to boot the computer before locating the system disk.

The BIOS is located in the ROM (Read Only Memory) area of system and is usually stored permanently.

Boot

To start (a cold boot) or reset (warm boot) the computer so it is ready to run programs for the user. Booting the computer executes various programs to check and prepare the computer for use. See Also: Cold Boot, Warm Boot

Boot Record

The program recorded in the boot sector. This record contains information on the characteristics and contents of the disk and information needed to boot the computer. If a user boots a PC with a floppy disk, the system reads the boot record from that disk. See Also: Boot Sector

Boot Sector

An area located on the first track of floppy disks and logical disks that contain the boot record. Boot sector usually refers to this specific sector of a floppy disk, whereas the term Master Boot Sector usually refers to the same section of a hard disk. See Also: Master Boot Record

Boot Sector Infector

A boot sector infector virus places its starting code in the boot sector. When the computer tries to read and execute the program in the boot sector, the virus goes into memory where it can gain control over basic computer operations. From memory, a boot sector infector can spread to other drives (floppy, network, etc.) on the system. Once the virus is running, it usually executes the normal boot program, which it stores elsewhere on the disk. Also: Boot Virus, Boot Sector Virus, BSI.

Brute Force Attack

An attack in which each possible key or password is attempted until the correct one is found. See Also: Attack

BSI

See: Boot Sector Infector

Bug

An unintentional fault in a program that causes actions neither the user nor the program author intended.

Cavity Virus

A cavity virus overwrites a part of its host file without increasing the length of the file while also preserving the host's functionality.

Checksum

An identifying number calculated from file characteristics. The slightest change in a file changes its checksum.

Clean

adj. A computer, file or disk that is free of viruses.

v. To remove a virus or other malicious software from a computer, file or disk. Also: Disinfection.

Cluster Virus

Cluster viruses modify the directory table entries so the virus starts before any other program. The virus code only exists in one location, but running any program runs the virus as well. Because they modify the directory, cluster viruses may appear to infect every program on a disk. Also: File System Virus

Cold Boot

To start the computer by cycling the power. A cold boot using a rescue disk (a clean floppy disk with boot instructions and virus scanning capabilities) is often necessary to clean or remove boot sector infectors. See Also: Boot, Warm Boot

COM File

A type of executable file limited to 64 kb. These simple files are often used for utility programs and small routines. Because COM files are executable, viruses can infect them. This file type has the extension COM.

Companion Virus

Companion viruses use a feature of DOS that allows software programs with the same name, but with different extensions, to operate with different priorities. Most companion viruses create a COM file which has a higher priority than an EXE file with the same name.

Thus, a virus may see a system contains the file PROGRAM.EXE and create a file called PROGRAM.COM. When the computer executes PROGRAM from the command line, the virus (PROGRAM.COM) runs before the actual PROGRAM.EXE. Often the virus will execute the original program afterwards so the system appears normal.

Compromise

To access or disclose information without authorization.

Cookie

Cookies are blocks of text placed in a file on your computer's hard disk. Web sites use cookies to identify users who revisit the site.

Cookies might contain login or registration information, "shopping cart" information or user preferences. When a server receives a browser request that includes a cookie, the server can use the information stored in the cookie to customize the Web site for the user. Cookies can be used to gather more information about a user than would be possible without them.

Default Password

A password on a system when it is first delivered or installed.

Denial Of Service (DoS)

An attack specifically designed to prevent the normal functioning of a system and thereby to prevent lawful access to the system by authorized users. Hackers can cause denial of service attacks by destroying or modifying data or by overloading the system's servers until service to authorized users is delayed or prevented. See Also: Attack

Direct Action Virus

A direct action virus works immediately to load itself into memory, infect other files, and then to unload itself.

Disinfection

Most anti-virus software carries out disinfection after reporting the presence of a virus to the user. During disinfection, the virus may be removed from the system and, whenever possible, any affected data is recovered.

DOC File

A Microsoft Word Document File. In the past, these files contained only document data, but with many newer versions of Microsoft Word, DOC files also include small programs called macros. Many virus authors use the macro programming language to associate macros with DOC files. This file type has the extension DOC.

DOS

Disk Operating System. Generally any computer operating system, though often used as shorthand for MS-DOS--the operating system used by Microsoft before Windows was developed.

Dropper

A dropper is carrier file that installs a virus on a computer system. Virus author often use droppers to shield their viruses from anti-virus software. The term injector often refers to a dropper that installs a virus only in memory.

EICAR

European Institute of Computer Anti-Virus Research. In conjunction with several anti-virus software companies, EICAR has developed a test file for anti-virus software. See Also: EICAR Standard Anti-Virus Test File

EICAR Standard Anti-Virus Test File

This text file consists of one line of printable characters; if saved as EICAR.COM, it can be executed and displays message: "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!" This provides a safe and simple way of testing the installation and behavior of anti-virus software without using a real virus.

Encrypted Virus

An encrypted virus's code begins with a decryption algorithm and continues with scrambled or encrypted code for the remainder of the virus. Each time it infects, it automatically encodes itself differently, so its code is never the same. Through this method, the virus tries to avoid detection by anti-virus software.

Encryption

Encryption is the scrambling of data so it becomes difficult to unscramble and interpret.

EXE file

An executable file; as contrasted with a document or data file. Usually, executed by double-clicking its icon or a shortcut on the desktop, or by entering the name of the program at a command prompt. Executable files can also be executed from other programs, batch files or various script files.

The vast majority of known viruses infect program files. However, real-world infections by program-infecting viruses are much less common. Also: Program File

False Negative

A false negative error occurs when anti-virus software fails to indicate an infected file is truly infected. False negatives are more serious than false positives, although both are undesirable. False negatives are more common with anti-virus software because the may miss a new or a heavily modified virus. See Also: False Positive

False Positive

A false positive error occurs when anti-virus software wrongly claims a virus infects a clean file. False positives usually occur when the string chosen for a given virus signature is also present in another program. See Also: False Negative

Fast Infector

Fast infector viruses, when active in memory, infect not only executed programs, but also those that are merely opened. Thus running an application, such as anti-virus software, which opens many programs but does not execute them, can result in all programs becoming infected. See Also: Slow Infector

FAT

File Allocation Table. The under MS-DOS, Windows 3.x, 9x, and NT (in some cases), the FAT is located in the boot sector of the disk and stores the addresses of all the files contained on a disk. Viruses and other malicious programs, as well and normal use and extended wear and tear, can damage the FAT. If the FAT is damaged or corrupt, the operating system may be unable to locate files on the disk.

FDISK /MBR

If you have MS-DOS version 5.0 or later, the command FDISK /MBR can remove viruses which infect the master boot sector but do not encrypt it. Using this command can produce unexpected results and cause unrecoverable damage.

File Viruses

File viruses usually replace or attach themselves to COM and EXE files. They can also infect files with the extensions SYS, DRV, BIN, OVL and OVY.

File viruses may be resident or non-resident, the most common being resident or TSR (terminate-and-stay-resident) viruses. Many non-resident viruses simply infect one or more files whenever an infected file runs.

Also: Parasitic Virus, Fire Infector, File Infecting Virus

Firewall

A firewall prevents computers on a network from communicating directly with external computer systems. A firewall typically consists of a computer that acts as a barrier through which all information passing between the networks and the external systems must travel. The firewall software analyzes information passing between the two and rejects it if it does not conform to pre-configured rules.

Good Times

See: Virus Hoaxes

Heuristic Analysis

Behavior-based analysis of a computer program by anti-virus software to identify a potential virus. Often heuristic scanning produces false alarms when a clean program behaves as a virus might. Also: Heuristic Scan

Hijacking

An attack whereby an active, established, session is intercepted and used by the attacker. Hijacking can occur locally if, for example, a legitimate user leaves a computer unprotected. Remote hijacking can occur via the Internet.

Hole

Vulnerability in the design software and/or hardware that allows circumvention of security measures.

Host

A term often used to describe the computer file to which a virus attaches itself. Most viruses run when the computer or user tries to execute the host file.

In The Wild

A virus is "in the wild" if it is verified as having caused an infection outside a laboratory situation. Most viruses are in the wild and differ only in prevalence. Also: ITW; See Also: Zoo Virus

Infection

The action a virus carries out when it enters a computer system or storage device.

Injector

See: Dropper

JavaScript

JavaScript is a scripting language that can run wherever there is a suitable script interpreter such as Web browsers, Web servers, or the Windows Scripting Host. The scripting environment used to run JavaScript greatly affects the security of the host machine:

A Web page with JavaScript runs within a Web browser in much the same way as Java applets and does not have access to host machine resources.

An Active Server Page (ASP) or a Windows Scripting Host (WSH) script containing JavaScript is potentially hazardous since these environments allow scripts unrestricted access to machine resources (file system, registry, etc.) and application objects.

Joke Programs

These are not viruses, but may contain a virus if infected or otherwise altered. Also: Practical Joke Programs

Key

The Windows Registry uses keys to store computer configuration settings. When a user installs a new program or the configuration settings are otherwise altered, the values of these keys change. If viruses modify these keys, they can produce damaging effects.

Library File

Library files contain groups of often-used computer code that different programs can share. Programmers who use library code make their programs smaller since they do not need to include the code in their program. A virus that infects a library file automatically may appear to infect any program using the library file.

In Windows systems, the most common library file is the Dynamic Link Library; its extension is DLL.

Logic Bomb

A logic bomb is a type of trojan horse that executes when specific conditions occur. Triggers for logic bombs can include a change in a file, by a particular series of keystrokes, or at a specific time or date. See: Time Bomb

Macro

A macro is a series of instructions designed to simplify repetitive tasks within a program such as Microsoft Word, Excel or Access. Macros execute when a user opens the associated file. Microsoft's latest macro programming language is simple to use, powerful, and not limited to Word documents. Macros are in mini-programs and can be infected by viruses. See Also: Macro Virus

Macro Virus

A macro virus is a malicious macro. Macro viruses are written a macro programming language and attach to a document file (such as Word or Excel). When a document or template containing the macro virus is opened in the target application, the virus runs, does its damage and copies itself into other documents. Continual use of the program results in the spread of the virus.

Mailbomb

n. Excessively large e-mail (typically many thousands of messages) or one large message sent to a user's e-mail account, for the purpose of crashing the system, or preventing genuine messages from being received.

v. To send a mailbomb.

Malicious Code

A piece of code designed to damage a system or the data it contains, or to prevent the system from being used in its normal manner.

Malware

A generic term used to describe malicious software such as: viruses, trojan horses, malicious active content, etc.

Mapped Drives

Network drives assigned local drive letters and locally accessible. For example, the directory path \\MAIN\JohnDoe\ might be mapped as drive G: on a computer.

Master Boot Record

The 340-byte program located in the master boot sector. This program reads the partition table, determines what partition to boot and transfers control to the program stored in the first sector of that partition. There is only one master boot record on each physical hard disk. Also: MBR, Partition Table; See Also: Boot Record

Master Boot Sector

The first sector of a hard disk. This sector is located at sector 1, head 0, track 0. The sector contains the master boot record. See Also: Master Boot Record

Master Boot Sector Virus

Master boot sector viruses infect the master boot sector of hard disks, though they spread through the boot record of floppy disks. The virus stays in memory, waiting for DOS to access a floppy disk. It then infects the boot record on each floppy disk DOS accesses. Also: Master Boot Record Virus; See Also: Boot Record

MBR

See: Master Boot Record

Memory-resident Virus

A memory-resident virus stays in memory after it executes and infects other files when certain conditions are met. In contrast, non-memory-resident viruses are active only while an infected application runs.

MP3 File

Moving Picture Experts Group Audio Layer 3 File. MP3 files are highly compressed audio tracks, and are very popular on the Internet. MP3 files are not programs, and viruses cannot infect them. This file type has the extension MP3.

MS-DOS

The Microsoft Disk Operating System. The operating system Microsoft developed for the IBM platform before Windows. Windows 3.x, 95 and 98 rely heavily on MS-DOS and can execute most MS-DOS commands.

Multipartite Virus

Multipartite viruses use a combination of techniques including infecting documents, executables and boot sectors to infect computers. Most multipartite viruses first become resident in memory and then infect the boot sector of the hard drive. Once in memory, multipartite viruses may infect the entire system.

Removing multipartite viruses requires cleaning both the boot sectors and any infected files. Before you attempt the repair, you must have a clean, write-protected Rescue Disk.

Mutant

See: Variant

Mutating Virus

A mutating virus changes, or mutates, as it progresses through its host files making disinfection more difficult. The term usually refers to viruses that intentionally mutate, though some experts also include non-intentionally mutating viruses. See Also: Polymorphic Virus

Newsgroup

An electronic forum where readers post articles and follow-up messages on a specified topic. An Internet newsgroup allows people from around the globe discuss common interests. Each newsgroup name indicates the newsgroup's subject in terms of increasingly narrow categories, such as alt.comp.virus.

Not In The Wild

Viruses "not in the wild" are in real world but fail to spread successfully. See Also: In The Wild, Zoo Virus

NTFS:

NT File System; a Windows NT file system used to organize and keep track of files. See Also: FAT

On-access Scanner