Threat Dictionary


Adware (advertising-supported software) is any software application which automatically plays, displays, or downloads advertising material to a user’s computer without users knowing it, or with their partial assistance. Typical features are pop-up windows or banners, persuasions to set web page as a home page, etc. Some adware enter the program with user’s permission, because in order to use the program, you have to accept presence of advertising materials.


Backdoor is a client-server type of application allowing remote access to a computer. The difference from common legitimate application with similar function is that the installation is done without user’s knowledge.

Boot sector

Boot sector viruses attack boot sector of a hard disc to make sure that they run every time the computer is started. It is relatively older group of viruses.


Dialer is a program designed to redirect user’s telephone connection to the Internet to some premium rate number. These programs can be used legally when paying for Internet services, but fraudulent dialers are often used for redirecting without user knowing it.

File viruses

File viruses – use individual files as hosts. Generally, these are always executable files, because the aim of malicious code is its replication. Most frequent are viruses with “.COM“, “:EXE“, “.BAT“ or “.SYS“ extension.

HLL viruses

HLL (High Level Languages) are viruses created in high level programming languages as Pascal, C, C++, Delphi, Basic or Visual Basic. Common viruses are created in assembler, but HLL viruses are more massive and to analyze them is very complicated. The detection by heuristic analyses is almost impossible.


Hoax (rumor) – There are many hoaxes sent via emails, spreading only thanks to human endeavor. The only way how to defend from hoaxes is heightened caution. Hoaxes are the most common with trustworthy companies ( “Microsoft warns…”, “CNN announced…”, etc.) They often inform about catastrophic consequences, e.g. devastating new viruses. What these messages have in common, is appeal for immediate forwarding to other users. This is how hoaxes are spread


Microviruses – are Macros able to copy themselves from one document to another. So called macros are common parts of applications in office packages and they can positively enlarge their functionality. But they are programmable in common languages and thus can manipulate with application data, or modify other data in computer. Viruses especially written for specific application can be spread basically only on this application. Therefore the malicious code authors are searching generally spread applications. These conditions fulfill especially programs from Microsoft Office package, like Word or Excel.

Overwriting viruses

Overwriting viruses are the simplest forms of infection. The original code is deleted and substituted by new, malicious code. Upon execution of the infected file the virus is executed as well and it can try to replicate again.

Parasitic viruses

Parasitic viruses – they attach themselves to executable file as a host leaving the contents of the host program unchanged, but attaching to the host in such a way that the virus code is run first. When the file is infected, upon execution it runs the virus as well.


Phishing is a form of criminal activity using techniques of so called social engineering. It is characterized by attempts to fraudulently acquire sensitive information, e.g. password, or credit card details, by masquerading as a trustworthy person or business in an apparently official email. Obtaining this type of personal data is very attractive because it allows an attacker to impersonate their victims and make fraudulent financial transactions.


Retroviruses are malicious applications trying to disable, delete or deactivate antivirus systems.


Riskware as a term includes all applications that upon execution comprise some security risk. Similar to spyware or adware installation, their installation can be approved in license agreement when installing the program. Dialers can be considered as a good example.


Rootkit is a special type of infiltration able to hide its “root” on the infected systemwithout system administrator even seeing it and thus escape detection. Usually it’s a malicious code package enabling attacker to exploit vulnerabilities in the system and gain full control over infected (rooted) computer. The most important thing with rootkits is the prevention – the ability to stop the infiltration proactively when trying to infiltrate into the system, before it is executed. After execution a rootkit is able to make itself “invisible” and thus exploited user gains false feeling of security.

Social engineering

Social engineering is a way of gaining personal information by deception. This method commonly uses telephones or the Internet, exploiting the gullibility by masquerading as a trustworthy business or institution.


Spyware is a program using Internet to send various user’s data without his prior knowledge. Similarly to adware, accepting the license agreement can be a part of a free program. Spyware usually sends statistical data as information about installed programs, visited sites, etc. Acquired information is usually exploited for commercial gain.

Trojan horse

Trojan horse (sometimes called Trojan) is malicious program. Unlike viruses or worms, it is not able to replicate and infect files on its own. Most often it exists in a form of executable file with .EXE or .COM extension. Basically file itself doesn’t contain anything except malicious code. The most effective method of cleaning is very simple; deletion. Trojans can also pretend to be useful programs. This type of infiltration has various functions ranging from sending keyloggers to file deletion (e.g. to format a disc).It has also special function – installing of so called backdoor.


Virus is a program able to self-replicate. It spreads by inserting copies of itself into other executable files and ensures their execution. The name is derived from similarity to behavior of biological viruses. Virus can get to your computer mainly through usage of the Internet. Additionally, viruses can spread to other computers by infecting files on LAN or when copying from data medium like floppy disc, CD, DVD, etc. There are file viruses, thus individual malicious programs, boot viruses, which attack boot sector of a hard disc to make sure that they run every time the computer is started and macroviruses, which are most often a part of documents with .DOC and .XLS extension.

Viruses can be further divided into two types, on the basis of their behavior when they get executed. Whereas non-resident viruses are started upon execution of infected object, a resident virus loads itself into memory on execution and transfers control to the host program. The virus stays active in the background and infects new hosts when those files are accessed.


Worm is an independent self-replicating program spreading its copies via Internet or LAN. Traditional viruses are passive and cannot propagate themselves whereas worms can. A worm uses a network to send copies of itself to other systems, or on the lower level it uses vulnerabilities of the operation system. A worm is able to carry other malicious programs, which can perform various malicious activities, e.g. to install a backdoor in an infected computer. Even without this payload a worm is able to cause severe damage when enormously increasing the Internet traffic. As a matter of Internet expansion, a worm is able to be distributed worldwide within few hours. Side effects can be the complete congestion of network, including the businesses’ LANs.


One Response to “Threat Dictionary”

  1. mbt Says:

    Nip ur nails in the bud.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: