From eScan Wiki
||· eScan · MailScan · Technologies||· Technical Info · Security Awareness · User Guides|
An Access is the privilege / right to read data from or write data to a storage device.
An ActiveX is a component object model (COM) developed by Microsoft for Windows for signing plug-ins that add additional software to your computer when a web page is accessed.
An Adware is a software application that displays advertisements to users while they use web browsers like Internet Explorer. Some adware contains code that gives advertisers extensive access to user’s private information.
An Archive is a collection of files that have been backed up in a different folder or disk or tape.
An Authentication is verifying the identity of a user and the users eligibility to access an object. This is basically used for computer security. This is commonly done through the use of logon id and password.
BIOS is (Basic Input/Output System) part of the operation system that identifies a set of programs used to boot the computer before locating the system disk. It is located in the ROM and is usually stored permanently.
Program in the boot sector. Contains information about characteristics and contents of the disk and booting the computer. If PC is booted with a floppy disk, the system reads the boot record from the disk.
Area on the first track of disk. Contains the boot record.
Boot Sector Virus
Places its code in the boot sector. When the computer tries to read and execute the program in the boot sector, the virus lodges itself in the PC memory and gains control over the PC. From here it spreads to other drives on the system. Once the virus is running, it usually executes the normal boot program, which it stores elsewhere on the disk.
Are not viruses but are unintentional errors in programs.
A group of bits normally 8 bits in length.
. COM Files
Executable file limited to 64 KB with the extension. COM. Used by utility programs and routines. As COM files are executable, viruses can infect them.
Cache is a temporary space on the hard drive / memory to store frequently used information locally for quick retrieval.
Overwrites part of its host file without increasing the file size.
Identifying number calculated from file characteristics. Any change in a file changes the checksum.
A CLSID (Class Identifier) is a 128 bit number that represents a unique is for a software application or application component. This is a globally unique identifier for an object.
Changes directory table entries. Virus starts before other programs so they may appear to infect every program on a disk. Virus code exists in one location, but running any program runs the virus.
Code Analysis is a method to detect previously unknown computer viruses as well as new variants already in the wild.
Renames either itself or its target file to trick the user into running the virus rather than another program. For example, a companion virus attacking a file named MOVIE.EXE may rename the target file to MOVIE.EX and create a copy of itself called MOVIE.EXE.
To set up a program or computer system for a particular application.
A cookie is a computer text file given to a Web browser by a Web server. The browser stores the message in a text file. Then message is then sent back to the server each time the browser requests a page from the server.
Corel Script virus
Affects Corel SCRIPT files. Uses Corel SCRIPT macro language.
Denial of Service (DoS)
Attack preventing normal functioning of a system. Genuine users are denied access. Hackers can cause DoS attacks by destroying or modifying data or by overloading system’s servers.
Direct Action Virus
Immediately loads itself into the memory, infects other files, and then unloads itself.
A disclaimer are statements that added to the end of an email which are usually of legal characters.
A Domain can be referred to a web-site (eg. www.mwti.net) or a local network (eg. A windows Active Directory)
Process of copying a file from an online service to one’s own computer. Also refers to copying a file from a network file server to a computer on the network. The opposite of download is upload, which means to copy a file from your own computer to another computer.
A drive is a container of media like a Hard Disk Drive, USB drive etc.
A file created specifically to introduce a virus, worm or Trojan into a system. The file may be different type from the virus, worm or Trojan it introduces.
Executable file. Run by double-clicking its icon or a shortcut on the desktop, or by entering the program name at a command prompt. Are also run from other programs, batch files or various script files.
Its code begins with a decryption algorithm and continues with scrambled or encrypted code. Each time it infects, it automatically encodes itself differently, so its code is never the same.
Name that identifies an electronic post office box on a network where e-mail can be sent.
Application that runs on a personal computer or workstation and enables you to send, receive and organize e-mail. Called a client because e-mail systems are based on client-server architecture.
Program or technique that takes advantage of vulnerability in software that can be used for breaking security or otherwise attacking a host over the network.
Excel formula virus
Affects MS Excel 5 or later running on any operating system. Uses Excel formula language. When an infected document is opened the viral formula sheet is copied into a file in the XLSTART directory. This is automatically loaded into other documents when they are opened.
FAT (File Allocation Table)
Stores the addresses of all the files contained on a disk. In MSDOS and Windows the FAT is located in the boot sector of the disk. Viruses and normal use can damage the FAT. If damaged or corrupt, the operating system is unable to locate files on the disk.
Replace or attach themselves to COM and EXE files. They also infect files with extensions: SYS, DRV, BIN, OVL and OVY. They can be resident or non-resident, the most common being resident or TSR (terminate-and-stay-resident) viruses. Many nonresident viruses infect other files when an infected file runs.
A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. A firewall is considered a first line of defense in protecting private information.
FTP (File Transfer Protocol)
A FTP Protocol used to send files on the Internet.
Points of entrance and exit from a communications network. Viewed as a physical entity, a gateway is the node that translates between two otherwise incompatible networks or network segments. Gateways perform code and protocol conversion to facilitate traffic between data highways of differing architecture.
Behavior-based analysis of a computer program by anti-virus software to identify a potential virus. Anti Virus software sends alerts when a file has suspicious code or content.
An attack where an active and legitimate session is intercepted and taken over. Remote hijacking can occur via the Internet.
Are not viruses, but are deliberate or unintentional e-messages, warning people about a virus or other malicious software program. They create as much trouble as viruses by causing massive amounts of unnecessary e-mail.
File to which a virus attaches itself. Virus is launched when the host file is run.
HTTP (Hypertext Transfer Protocol)
Main protocol used by the World Wide Web. Defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. For example, when you enter a URL in your browser, this actually sends an HTTP command to the Web server directing it to fetch and transmit the requested Web page.
Also known as an IP address. Is a 32-bit hardware-independent address assigned to hosts using the TCP/IP protocol suite.
Size of viral code inserted into a program by a virus. If it is a worm or Trojan horse the length represents the file size.
IP (Internet Protocol)
Networking protocol for providing connectionless services to the higher transport protocol. It is responsible for discovering and maintaining topology information and for routing packets across homogeneous networks. Combined with TCP, it is commonly known as the TCP/IP platform.
Uniquely identifies each host on a network or Internet.
These are not viruses, but may contain a virus if infected or otherwise altered.
The Windows Registry uses keys to store computer configuration settings. When a new program is installed or the configuration settings are altered, values of these keys change. Virus modifies these keys and cause damages.
LAN (Local Area Network)
Network that interconnects devices over a geographically small area, typically in one building or part of a building. The most popular LAN type is Ethernet, a 10 Mbps standard that works with 10BaseT, 10Base2, or 10Base5 cables.
Contains groups of frequently used computer code shared by different programs. Developers use these codes to make their programs smaller. A virus infecting a library file may appear to infect any program using the library file. In Windows systems, the most common library file is the Dynamic Link Library with extension .DLL.
Take advantage of flaws in networking code to gain unauthorized access to remote computers running Linux. They can spread rapidly between computers permanently connected to the Internet because they require no user intervention to function.
To make a computer system or network recognize you so that you can begin a computer session. Most personal computers have no log-on procedure -- you just turn the machine on and begin working. For larger systems and networks, however, you usually need to enter a username and password before the computer system will allow you to execute programs.
Set of mini programs that simplify repetitive tasks within a program such as Microsoft Word, Excel or Access. Macros run when a user opens the associated file. Viruses can infect macros.
Many e-mails (thousands of messages) or one large message, sent to the system to make it crash.
A mail-server program which is responsible for receiving, routing or delivering e-mail messages.
A malware (also know as Malicious Software) is a software designed to infiltrate or damage a computer system without the owner’s informed consent.
Master Boot Record
A 340-byte program in the master boot sector. It reads the partition table, determines what partition to boot and transfers control to the program stored in the first sector of that partition. There is only one master boot record on each physical hard disk.
Master Boot Sector
First sector of a hard disk located at sector 1, head 0, and track 0. Contains the master boot record.
Master Boot Sector Virus
Infects the master boot sector of hard disks. They spread through the boot record of floppy disks. The virus stays in memory and infects the boot record of floppy read by DOS.
A prefix to denote viruses that infect the middle of a file.
Mime (Multipurpose Internet Mail Extensions)
Specification for formatting non-ASCII messages so that they can be sent over the Internet. Many e-mail clients now support MIME, which enables them to send and receive graphics, audio, and video files via the Internet mail system. In addition, MIME supports messages in character sets other than ASCII.
MPEG (Moving Picture Experts Group)
Pronounced m-peg is a working group of ISO. Term refers to the family of digital video compression standards and file formats developed by the group. MPEG generally produces better-quality video than competing formats, such as Video for Windows, Indeo and QuickTime. MPEG files can be decoded by special hardware or software.
A multipartite Virus infect documents, executables and boot sectors. They first become resident in system memory and then infect the boot sector of the hard drive and the entire system.
A mutating virus changes or mutates as it runs through its host files. Disinfection is more difficult.
MWL (MicroWorld Winsock Layer)
MWL technology introduced and used by MicroWorld technologies Inc. MWL is placed above the Winsock layer and acts as a secure blanket between the Internet and your system. Any type of data exchanged through your system is monitored by MWL. This stops potential threats from entering your system. While other products allow threats to enter your system and then try to diffuse them, MWL technology has the key advantage of barring them from entering.
NETBIOS (Network Basic Input/Output System)
NetBIOS is an acronym for Network Basic Input/Output System. The NetBIOS API allows applications on separate computers to communicate over a local.
Group of computers connected to each other within an organization. Organization may be spread across a wide geographical area.
NIC (Network Interface Card)
A NIC is an Ethernet adapter card installed in the computer required when connecting to a group of other computers in a LAN.
NILP (Non Intrusive Learning Pattern)
NILP from MicroWorld is an advanced, next generation technology that detects Spam and Phishing mails using unique algorithms.
The process of informing/alerting about an action to the user or the recipient.
The underlying software that allows you to interact with the computer. It controls the computer storage, communications and task management functions. Examples: MS-DOS, MacOS, Linux, Windows 98, UNIX etc.
Secret series of characters that enables a user to access a file, computer, or program. Password can be a combination of numbers and alphabets in a random sequence.
Phishing is a type of deception designed to steal your valuable personal data, such as credit card numbers, passwords, account data, or other information. Phishing is typically carried out using e-mail (where the communication appears to come from a trusted website) or an instant message, although phone contact has been used as well.
A computer program / software required for a host application to provide a certain specific on-demand function.
Creates varied copies of itself to avoid detection from anti-virus software. Some use different encryption schemes and require different decryption routines. So the same virus may look completely different on different systems or even within different files. Other polymorphic viruses vary instruction sequences and use false commands to mislead anti-virus software. Some use mutation-engines and random-number generators to change their virus code and decryption routine.
POP (Post Office Protocol)
Protocol used to retrieve e-mails from a mail server. Most email applications (sometimes called an e-mail client) use the POP protocol.
Interface of a computer from where an application or physical devices connect.
A set of condition(s) which must me fulfilled before the required action to take place.
A product key is a software-based key (also known as License key) to run a software program.
Formal set of conventions governing the formatting and relative timing of message exchange between two communicating systems.
To move an infected file, such as a virus, into an area where it cannot cause more harm. Antivirus software’s come with quarantine options so that the user also can keep track of virus activity.
A rating is a designation / value assigned to an object.
An email relay means an SMTP server configured in such a way that it allows anyone on the Internet to send e-mail through it.
RFC (Request for Comments)
A series of notes about the Internet organized and published by IETF.
RBL (Realtime Blackhole list)
An RBL is a list of IP addresses which is used for email-spam relay.
RSACi (The Recreational Software Advisory Council)
The RSACi is a part of the Family Online Safety Institute which aims to protect children from potentially harmful content while preserving free speech on the internet.
The SafeSurf Rating Standard is a voluntary rating system designed to protect children, as well as the first amendment rights of their parents. It was developed with input from thousands of parents and Net citizens, worldwide.
A Self-encrypting Virus conceal themselves from anti-virus programs. Most anti-virus programs attempt to find viruses by looking for certain patterns of code (known as virus signatures) that are unique to each virus. Self-encrypting viruses encrypt these text strings differently with each infection to avoid detection.
A Self-garbling Virus attempts to hide from anti-virus software by garbling its own code. When these viruses spread, they change the way their code is encoded so anti-virus software cannot find them. A small portion of the virus code decodes the garbled code when activated.
A Sparse-infector Virus uses conditions before infecting files. Examples include files infected only on the 12th execution or files of 128kb.
A Stealth Virus conceal their presence from anti-virus software. Many stealth viruses intercept disk-access requests, so when an anti-virus application tries to read files or boot sectors to find the virus, the virus feeds the program a "clean" image of the requested item. Other viruses hide the actual size of an infected file and display the size of the file before infection. Stealth viruses must be running to exhibit their stealth qualities.
SMTP (Simple Mail Transfer Protocol)
SMTP protocol for sending e-mail messages between servers. Most e-mail systems that send mail over the Internet use SMTP to send messages from one server to another; the messages can then be retrieved with an e-mail client using either POP or IMAP. In addition, SMTP is generally used to send messages from a mail client to a mail server. This is why you need to specify both the POP or IMAP server and the SMTP server when you configure your e-mail application.
A Spam Electronic junk mail, junk newsgroup postings or unsolicited mail.
SPF (Sender Policy Framework)
SPF is an attempt to control forged email. It is about giving domain owners a way to say which mail sources are legitimate for their domain.
A malicious software that obtains information from a user’s computer without the user’s knowledge or consent.
SURBL (Spam URI Real Block Lists)
SURBL are lists of Uniform Resource Identifier (URI) hosts, typically web site domains that appear in unsolicited messages.
TCP/IP (Transmission Control Protocol/Internet Protocol)
Also known also as the Internet protocol suite. Combines both TCP and IP. Widely used applications, such as Telnet, FTP and SMTP, interface to TCP/IP.
A Trojan is a malicious program that appears to perform a desirable function but in fact performs undisclosed malicious functions.
UNC (Universal Naming Convention)
Is the standard for naming network drives. For example, UNC directory path has the following form: \\server\microworld\\subfolder\filename.
Program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are manmade. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems.
A unique string of bits, or the binary pattern, of a virus. The virus signature is like a fingerprint in that it can be used to detect and identify specific viruses. Anti-virus software uses the virus signature to scan for the presence of malicious code.
Characteristic of a system that will allow someone to keep it from operating correctly, or that will let unauthorized users take control of the system.
WAN (Wide Area Network)
Network that typically spans nationwide distances and usually utilizes public telephone networks.
WinSock (Windows Socket)
Is an Application Programming Interface (API) for developing Windows programs that can communicate with other machines via the TCP/IP protocol.Windows 95 and Windows NT comes with Dynamic Link Library (DLL) called winsock.dll that implements the API and acts as the glue between Windows programs and TCP/IP connections.
A program or algorithm that replicates itself over a computer network and usually performs malicious actions, such as using up the computer’s resources and possibly shutting the system down.
XML (Extensible Markup Language)
A specification developed by the W3C. XML is a pared-down version of SGML, designed especially for Web documents. It allows designers to create their own customized tags, enabling the definition, transmission, validation, and interpretation of data between applications and between organizations.
Type of memory resident virus. Plays the tune Yankee Doodle when activated.
A computer that has been implanted with a daemon that puts it under the control of a malicious hacker without the knowledge of the computer owner. Zombies are used by malicious hackers to launch DoS attacks. The hacker sends commands to the zombie through an open port. On command, the zombie computer sends an enormous amount of packets of useless information to a targeted Web site in order to clog the site’s routers and keep legitimate users from gaining access to the site. The traffic sent to the Web site is confusing and therefore the computer receiving the data spends time and resources trying to understand the influx of data that has been transmitted by the zombies.