|
Active Server Pages
(ASP). ASP was developed by Microsoft and works only with Microsoft servers (unless other helper software is used such as ChilliSoft). ASP are a step up from the clunky CGI-programs that have historically been used to process forms and to serve dynamic Web pages based on user selections. Unlike traditional CGI programs which must reinitialize for each request sent to it, ASP have the ability to maintain a session from page to page. This ability, coupled with its built-in ODBC features, make it an excellent tool for implementing online searchable databases.
ActiveX Control - ActiveX controls within your browser can make browsing more enjoyable by providing video, animated content, and more. These programs can, however, malfunction or give you content you don't want. In some cases, these programs can be used to collect information from your computer in ways you might not approve of, possibly damage data on your computer, install software on your computer without your consent, or allow someone else to control your computer remotely. Given these risks, you should only install ActiveX programs if you completely trust the publisher of the ActiveX code.
Knowing who is safe and who is not is the problem. Many troubles with IE
6 over the past few years have involved "active content,"
usually in the form of ActiveX controls. This Microsoft-invented
technology allowed Web sites to install code and do other nasty things
on visitors' PCs. IE 7 by default doesn't run such code, protecting
novices against attacks from untrustworthy sites. See Java
vs ActiveX
Adware - Adware is generally software that displays advertisements. Some advertisers may covertly install adware on your system and generate a stream of unsolicited advertisements that can clutter your desktop and affect your productivity. The advertisements may also contain pornographic or other material that you might find inappropriate. The extra processing required to track you or to display advertisements can tax your computer and hurt your system performance.
AIM – see Instant Message
Applet - An applet is Java application that is designed to be embedded and run in a Web browser. Java applets can be extremely sophisticated, but for security reasons they are restricted, by default, from modifying files on the machine that is running the browser. Java applets are essentially platform-independent. That means, that as long as the browser used is Java-enabled, the applet will run on any kind of operating system (Window, Mac, Unix, Linux, etc.)
Backdoor - A program that opens secret access to systems, and is often used to bypass system security. A Backdoor program does not infect other hosts files, but nearly all Backdoor programs make low-level operating system modifications (i.e. it makes changes to the registry). Backdoors usually hitch a ride in on Trojans. Once they are in place and they have executed, they hide themselves while opening a port on your computer to allow others in. Some backdoors are placed by hackers once they gain access allowing them easier entrance later, or if their original entryway is blocked.
Black-Holing – the practice of editing your computer’s hosts file to prevent connections to known malicious web sites by mapping the bad host to a
local host address, causing the connections to fail.
Blog - a website for which an individual or a group generates text, photographs, video, audio files, and/or links, typically but not always on a daily or otherwise regular basis. The term is a shortened form of weblog. Authoring a blog, maintaining a blog or adding an article to an existing blog is called "blogging". Individual articles on a blog are called "blog posts", "posts", or "entries". The person who posts these entries is called a "blogger".
Botnets - A botnet (also known as a zombie army) is an assembled network of computers that, although their owners are unaware of it, have been set up to forward transmissions (including spam or viruses) to other computers on the Internet. By turning your computer into a zombie and having their bulk mail originate from your DSL line, spammers bypass the filters of ISPs trying to thwart illegal bulk mail. Any such computer is referred to as a zombie - in effect, a computer "robot" or "bot" that serves the wishes of some master spam or virus originator. According to a report from Russian-based Kapersky Labs, botnets -- not spam, viruses, or worms -- currently pose the biggest threat to the Internet.
Browser Helper Object (BHO) - a small program that runs automatically every time you start your Internet browser; helping you browse the Internet. Most BHOs are good, but the bad guys can get you to let BHOs be installed on your system and sometimes without your knowledge. There is no restriction on what a BHO can do your system; it can do anything any other program can do: read or write (or delete) anything on your system. Bad BHOs can track which advertisements you see as you surf the Web; BHO "ad-ware" or "spyware" do things like monitor the websites you visit and report this data back
to their creators. They can also routinely conflict with other running programs, cause a variety of page faults, run time errors, and the like, and generally impede browsing performance.
Browser Hijacker - Browser hijackers are malicious programs that change a user's Web browser settings, usually altering designated default start and search pages. In addition a browser hijacker can modify nearly every aspect of a Web browser including adding bookmarks, and redirecting search traffic to alternative sites.
Browser Plug-in - A browser plug-in is an application that can be installed within a user's Web browser. Plug-ins can come in the form of a toolbar that is included in your Web browser, a search or navigation feature, or extra task buttons on the browser. Although most plug-ins are designed to perform necessary functions, many plug-ins are harmful to you computer because they have complete access to your Web browser and can modify, spy and redirect any task you perform.
Cascading Style Sheets (CSS) - are a long-awaited overhaul to the rather simplistic Hypertext Markup Language (HTML). When HTML was first created, it was never intended to be used for the extensive design schemes you see on the Web today. Over the years, the HTML standard has accepted new tags to improve the design (tables, frames, font, etc.), but in many ways these were just a patch to a system that was just fundamentally too limiting. In HTML you use tags to format text. For instance, you use a list tag to define a list. However, this tag does nothing but set up a list. It has no power to decide how much list items should be indented, what font they should use, or what color they should be. With CCS, each HTML tag can be stylized. That is, we can code into the page exactly how we want our lists (our any other HTML object) to appear on a page.
Classmates.com – a free web site you may join to try to reunite with long, lost school and college friends. You pay a yearly fee to have more capabilities to email your friends. There are 200,000 schools represented with 60 million registrants.
Clickers - malicious code or exploits that redirect victim machines to specified web sites or other Internet resources. Clickers can be used for advertising purposes or to lead a victim computer to an infected resource where the machine will be attacked further by other malicious code.
Cookies - Internet browsers write and read cookies, files with small amounts of data (such as site passwords and settings) based on instructions from Web sites. In many cases, cookies provide a benefit to users. However, in some instances cookies are used to consolidate and track user behavior across different sites, which provide marketers with private information about an individual.
Dialer - A dialer is software that dials a premium rate phone number using your computer's modem, connecting to toll numbers without user awareness or permission to incur phone charges on the user's phone bill.
Downloader (Trojan) - Downloaders are Trojans infection designed to pull files from a remote website and execute the files that have been downloaded onto the user’s computer. The website being communicated with is normally controlled by the malware author and any files being downloaded can be altered numerously. The user’s registry is edited and a program runs at every Windows startup. Many of these Downloaders install other malware including viruses, other Trojans and Spyware and Adware. Downloaders are not viruses, and as such do not themselves contain any method to replicate. However they may themselves be downloaded by other viruses and/or Trojans to be installed on the user's system. Many of these additionally are mass spammed by the author to entice people into double-clicking on them. Alternatively they may be installed by visiting a malicious web page (either by clicking on a link, or by the website hosting a scripted exploit which installs the Downloader onto the user's system with no user interaction. Downloaders may run programs designed to intercept personal information, passwords or alter system configuration for other exploits.
Dynamic HTML (DHTML) – is the common name for the combination of Cascading Style Sheets and a scripting language like JavaScript, VBscript, or ECMAscript. The new DOMs (Document Object Models) defined in the Version 4 browsers allow objects in an HTML page to be modified on the fly. Using a scripting language, you can program a page to choose a new text color, move an image, re-position elements, etc. based on events taken by the user (a hyperlink is clicked, the mouse moves over an image, etc.) Because the objects on a page can be altered dynamically by such an event, it is far easier to bring a Web page to life with animation or drag and drop features.
eHarmony – eHarmony is a marriage-oriented matchmaking website co-founded by Dr. Neil Clark Warren and his son-in-law and launched Aug. 2000. Dr. Warren is an a conservative Christian and eHarmony does not offer services to those seeking same-sex partners. There are more than 8 million users, resulting in at minimum of 10,000, 47% having a bachelor's degree or higher with 72% reporting being a member of a religious group. eHarmony visitors fill out personality questionnaires and are matched with other users according to Warren's "29 dimensions" of compatibility. Dr. Warren's goal is to reduce the divorce rate in America to less than 10% (it is estimated to be 40-50%) and his company boasts to be the internet's number one paid matchmaking service based upon marriages per match. After your profile is processed, you may begin receiving matches, without having paid any fee. Although you can check out their online profiles, you can’t communicate with them without paying a fee.
Evernet – a term describing the convergence of wireless, broadband and Internet telephony technologies that will result in people's ability to be continuously connected to the Web anywhere using virtually any information device.
Exploit - computer code written to take advantage of a vulnerability or security weakness in a computer system or software.
Facebook - an anonymous online directory (facebook.com) launched Feb. 2004 that connects people through social networks at schools. There are two Facebooks: one for people in college and one for people in high school. You need a college email address to register and use the site for colleges and high schoolers use any email address. You can use Facebook to look up people at your school, see how people know each other and find people in your classes and groups.
File Sharing Program - File sharing programs, also known as P2P (peer to peer), are popular applications used to share files of any type such as movies and music across the Internet. Many freeware and shareware file sharing programs such as Grokster, Kazaa and Bearshear bundle different types of adware and even some spyware software with them. Although most file sharing programs themselves are not harmful, the adware and spyware programs they come bundled with could be.
Firewall - A firewall is a combination hardware and software buffer that is put in place between one's home computer or office network and the Internet. A firewall allows only specific kinds of messages from the Internet to flow in and out of the computer or internal network. This protects the computer and network from intruders or hackers who might try to use the Internet to break into those systems.
Fuzzers – Fuzzers, or fuzz testers, are tools used to pinpoint security vulnerabilities by sending random input to an application. If the program contains a vulnerability that leads to an exception, crash or server error, researchers can parse the results of the test to pinpoint the cause of the crash.
Graphics Interchange Format (GIF) - Transmitting bulky graphic files electronically has always been difficult because of these files large size. Gifs, invented by CompuServe, are image files which can be compressed so that they are less bulky to transmit, and then are expanded when ready to be viewed. Gif graphics are usually smaller than other graphic formats (like JPEGs), but consequently, they are usually of lower quality. A Gif graphic has a range of only 256 colors. This is a large number of colors, but compared to a JPEG graphic that can contain 16 million colors, a Gif's abilities are limited. Because of its limited color scheme, the best way to take advantage of Gifs is to use them for line drawings or simple icons. These files will be very small and maintain good quality. Photographs or other detail-oriented images are better when using a more color-conscious format such as JPG or PNG. Gif images can also contain motion animation and simple animated gifs are the simplest method used on traditional web pages. Flash is now becoming the more mature method to produce animation.
Hijackers - Often installing as a helpful browser toolbar, hijackers may alter browser settings or change the default home page to point to some other site.
Honey pots, honey nets and honeymonkeys - Setting up an unprotected server or network that invites attackers to infect or examine the system. The honey pots are used to track the hackers and collect data on the way the intruders operate. Information collected in honey pots is typically used to power early warning and prediction systems. Millions of spam messages from around the world are caught in traps and the messages are dissected to try to understand them, where they're coming from, and build protection from them. There are Instant Message (IM) honey pots that shouldn't be receiving any IM traffic outside of spam or malware so when we detect any activity on those IMs, it sets off a warning. Symantec has previously warned that an IM virus could infect as many as half a million users in as little as 30 to 40 seconds. Data from these honey pots can be used to create a knowledge base of viruses and worms and an alerts-and-notification mechanism (by e-mail and IM) of new and emerging threats for subscribers. There are some legal issues concerning entrapment and collection of private communications. Microsoft Corp. is developing a network of Windows XP "honeymonkeys" to help detect rogue Web sites that exploit security holes to install malware on client machines. A HoneyMonkey is a network in which multiple Windows XP machines, some unpatched and some fully updated, trawl the seedier side of the Web to attract browser-based exploits.
Hyper Text Markup Language (HTML) - HTML is a language used to create web pages and the code looks like text with tag codes. It was invented to link multiple kinds of media (text, images, sound, etc.) across multiple computer platforms. Two great selling points of HTML are that it is platform independent (will look the same on Windows, Macs, etc.) and that it is fairly easy to use. Mark-up languages like HTML aren't as complex as other computer programming languages and requires only a knowledge of the HTML tags and when to use them. The majority of an HTML page is nothing but common, everyday English. The browser interprets the text code and tags and renders the web page for proper viewing format.
ICQ – see Instant Message
Image
Spam - sending spam information within an image so spam detection
programs won't catch it
Instant Message – Software system that allows users to form ad-hoc discussion groups, chat with one another, and exchange files. Popular instant message systems are: ICQ, AOL Instant Messenger, Microsoft MSN Messenger, Yahoo Messenger and Internet Relay Chat (IRC.) Primarily using computer desktops, instant messaging systems are finding their way onto handheld devices and cell phones, allowing users to chat from virtually anywhere. Most IM systems were designed with scalability rather than security in mind. Virtually all freeware IM programs lack encryption capabilities and most have features that bypass traditional corporate firewalls, making it difficult for administrators to control instant messaging usage inside an organization. Many of these systems have insecure password management and are vulnerable to account spoofing and denial-of-service (DoS) attacks. Finally, IM systems meet all the criteria required to make them an ideal platform for rapidly spreading computer worms and blended threats: they are ubiquitous; they provide a communications infrastructure; they have integrated directories (buddy lists) that can be used to locate new targets; and most can be controlled by easily written scripts. Even worse, no firewall on the market today can scan instant messaging transmissions for viruses.
Internet addiction disorder (IAD) is a theorized disorder, identified by a pattern of Internet use, leading to clinically significant impairment or distress
IP
Spoofing - Spoofing is a method commonly used to masquerade a
person's identity. This fakes the address the user appears to be
connecting from and often appears to be from a "trusted" source. Most
good firewalls will protect against IP spoofing and simply drop the
offender.
Java / Javascript - Java is a programming language with roots to C and C++. Originally Java was designed to be small so it could run inside of household appliances (microwaves, toaster ovens, etc.), but its ability to operate with low overhead also made it ideal for running applications on the Web. Additionally, the ability of browsers to "embed" Java "Applets" – small programs - inside an HTML document gave it instant popularity. Java Server Pages are very similar to Microsoft's Active Server Pages but make use of Java technology rather than Microsoft's Visual Basic. In many ways
JavaScript is a scaled down, interpreted version of Java. Much of the functionality is the same, as is its object-oriented nature. A major difference is that Java is a complied programming language. That means it must be pre-compiled, before it is run. JavaScript is interpreted, which means it runs its code "on the fly." Unlike Java, JavaScript was designed to interact with Web browsers and HTML. JavaScript can be used to modify a page's appearance like producing mouse rollovers, massage HTML forms, or control navigational menus.
See Java vs ActiveX
Joint Photographic Experts Group (JPG or JPEG) – a popular image file format. While a GIF graphic is limited to a range of only 256 colors, a JPEG image can have millions of colors. Like GIF files, JPEGs undergo compression to speed delivery across the Internet. GIF files have high compression with lower quality. JPEGs have higher quality with decent compression. JPEG files are typically reserved for images that require exceptional detail (such as photographs). Simple drawings such as clipart, icons, buttons, etc., should be rendered as GIFs.
Key Logger - A key logger program runs in the background, recording all the keystrokes made by a user. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped secretly raw to the attacker via email or over the Internet. A Commercial Key Logger is a program that is installed by a user of a computer to explicitly monitor the activity of other users. These types of program can be installed using stealth tactics to hide themselves from other users. In addition these programs can be purchased from commercial organizations for this
use.
Low Risk Adware - Low risk adware is an adware application that is designed to display advertisements via popups. However, this type of adware program is installed with the user's knowledge and conforms to the programs EULA that is usually presented to the user prior to download and during installation. A low risk adware program will not transmit personal or identifiable information.
Malware
- all
malicious program code or unwanted software, including worms, viruses,
adware and spyware....anything that you did not ask for that attempts to
harm your computer data, operating system, applications; steal your
personal information, financial accounts or identity.
MySpace - a free, anonymous, social networking internet service (myspace.com) launched July 2003 which allows you to create a private community where you can share photos, journals and profile interests with your growing network of mutual friends. As of late-2005 there are over 40 million MySpace members, very popular in the college crowd. You can meet other singles and people of like interests by joining groups. Many people enjoy the freedom in MySpace to express themselves by customizing their profiles. Unfortunately, this freedom permits disruptive web page code that can make unreadable text, unruly loud music, may strain system resources or even crash the web browser. While most malicious code is filtered out, some users have still found ways to insert disruptive HTML and infectious Worms. Other problems are the use of chain letters, violent content, nudity or other pornographic images -although it is against the rules.
NII -
see PII
Net-Bot -
see Zombie
Parasite - A term for “unsolicited commercial software” you receive without your intended permission.
Parental Control - A program feature that is configurable to prevent access to certain levels of undesirable content on the Internet.
Pharming – to redirect as many users as possible from the legitimate commercial websites they'd intended to visit and lead them to malicious ones. The bogus sites, to which victims are redirected without their knowledge or consent, will likely look the same as a genuine site. But when users enter their login name and password, the information is captured by criminals.
Phishing - Typically, a fraudulent email or instant message attempting to trick the recipient into giving out sensitive information by pretending to be someone you know or a web site or business you deal with. The word "phishing" comes from the analogy that Internet scammers use email lures to "fish" for passwords and financial data from the sea of Internet users. The term was coined in the 1996 timeframe by hackers who were stealing America On-Line accounts by scamming passwords from unsuspecting AOL users. "Ph" is a common hacker replacement for "f", and is a nod to the original form of hacking, known as "phreaking". Phreaking was coined by the first hacker, John Draper (aka. "Captain Crunch"). John invented "hacking" by creating the infamous Blue Box, a device that he used to hack telephone systems in the early 1970s. This first form of hacking was known as "Phone Phreaking". The blue box emitted tones that allowed a user to control the phone switches, thereby making long distance calls for free, or billing calls to someone else's phone number, etc. This is in fact the origin of a lot of the "ph" spelling in many hacker pseudonyms and hacker organizations. By 1996, hacked accounts were called "phish", and by 1997 phish were actually being traded between hackers as a form of currency. Hackers would routinely trade 10 working AOL phish for a piece of hacking software that they needed. Over the years, phishing attacks grew from simply stealing AOL dialup accounts into a more sinister criminal enterprise. Phishing attacks now target users of online banking, payment services such as PayPal, and online e-commerce sites. These attacks have grown quickly in number and sophistication.
PII - Personally-Identifiable Information that may include name, social security number, date of birth, place of birth, employment status, results of fingerprint tests, Driver’s license numbers, medical information. The term
NPI refers to Non-public Personal Information.
Podcast - podcasting is radio on demand. It is a push technology allowing you to subscribe to and download whatever free programming you want and listen to it whenever and wherever you want. You also generally have full access to the audio archives for the programs you like. This removes time, use, and content restraints. Podcasting enables independent producers to create self-published, syndicated "radio shows and feeds have been used to deliver video files as well as audio, and other media such as photographs and text. The term "podcast", however, still refers largely to audio content distribution. A podcast is not the same as a webcast, which normally refers to a show distributed by streaming media. Video-Conferencing is used for interactive, real-time audio-video broadcasting.
See: http://www.apple.com/itunes/podcasts/
and http://www.oneplace.com/Help/Podcasting/Podcasting.asp
Polymorphic
Virus - an advanced self-mutating virus that is capable of changing
its byte pattern each time it infects a file, making detection by a
simple signature string-scanning antivirus scanner difficult.
Portable Network Graphics (PNG) - is a lossless bitmap image format. PNG was created to both improve upon and replace the GIF format with an image file format that does not require a patent license to use. PNG is officially pronounced as "ping" but it is often just spelled out — possibly to avoid confusion with the internet tool ping. On most images, PNG can achieve greater compression than GIF and PNG gives a much wider range of transparency options than GIF, including alpha-channel transparency. PNG gives a much wider range of color depths than GIF (true color compared to 256-color), allowing for greater color precision, smoother fades etc. GIF supports animation while PNG does not (but see animation section, above). PNG compresses but not as well as JPEG image format.
Port
Scanning - A common way for a hacker to gain access to your systems
is by finding open ports on your network to access. Port scanning allows
the hacker to scan thousands of ports in a few minutes to obtain a list
of open ports. Many firewalls will recognize a port scan and drop this
connection. Additionally, a firewall configured in a "best practices"
method will close any unneeded ports and will not allow connections to
access those ports. This is the basic function of a firewall. Port
scanning is also used to find applications with known weaknesses.
Portable Document Format (PDF) - PDF's are platform-independent documents that preserve specific formatting on things like reports, technical manuals, and forms that HTML cannot easily mimic. If you want to present a formatted document on the Web exactly as you created it (say, for instance, with lots of mathematical symbols, specific page margins, page breaks, or font sizes), you can't easily use HTML because HTML has only a loose, rather simple formatting structure. PDF files are files that can be read on any operating system that has a PDF reader. The most common PDF reader is Adobe's Acrobat Reader, which it provides freely from its website.
Privacy Control - A program feature that you configure to block personal information found on your computer or typed in from being transmitted on the Internet without your consent; information such as name and address, telephone number, account numbers.
Ransomware - A type of computer extortion crime, where malware collects, zips up and encrypts the user’s hard drive data files before erasure, followed by a ransom note and a way to make a payment before supposedly receiving the password to unlock your “kidnapped” data. This can be accomplished by the user opening a file attachment in an email from the extortionist.
See RANSOMWARE
RAT - A Remote Administration Tool (RAT) is a Trojan type of software that when run, provides an attacker with the capability of remotely controlling a user's computer (victim) over the Internet. The attacker usually has full access to functions on the victim's computer. The victim's computer usually listens on the Internet for the attacker's commands.
Remote Installer - A remote installer is a program that is installed on a user's computer mostly via a stealth install. Once the program is installed it will connect to a remote server and download additional programs and files, installing them on the computer without the user's knowledge.
Rootkits - Kernel Rootkits - A rootkit is a specially formulated piece of malware that gives a hacker full administrator rights to an infected PC, allowing them to change and copy data at will. A bigger threat are Kernel rootkits that modify the kernel component of an operating system and are able to intercept queries or "system calls" that are passed to the kernel and filter out queries generated by the rootkit software. The result is that typical signs that a program is running, such as an executable file name, a named process that uses some of the computer's memory, or configuration settings in the operating system's registry, are invisible to administrators and to detection tools. Reinstall of OS may be required to remove these stealth threats. Read
more details: Rootkits.
Security Patches - A patch is like a band aid, issued to correct a bug or defect in a software program or operating system. In the case of discovered security vulnerability, these interim fixes should be applied immediately.
SMiShing
- (phishing via SMS) using cell phones or other PDAs to spread malware
threats.
SPAM - Originally just a canned sandwich filler product, spamming is the sending of unsolicited copies of the same message to a large number of email accounts or newsgroups. It can be electronic junk mail, unsolicited ads, deceptive scams or virus threats.
SPAM
island hopping - hackers operate from remote islands to use obscure
domain names that are not in spam filters.
SPEAR PHISHING – a highly targeted phishing attempt to solicit information via an attacker who selectively chooses the target victim and usually has a thorough understanding of the target’s command or organization.
SPIM – Instant Message SPAM
SPIT – spam over internet telephony; the ability to send out telemarketing voicemail messages which annoys and causes strain on network resources when millions of 100-KB voicemail messages are transmitted, compared with 5- or 10-KB for e-mails.
Spoofing
- see IP Spoofing
Spyware - Spyware's (malware, trackware, hijackware, scumware, snoopware or thiefware) primary purpose is to collect demographic and usage information from your computer, usually for advertising purposes. Spyware usually 'sneaks' onto a system and performs activities hidden to the user. Spyware programs are usually bundled as a hidden component and downloaded from the Internet. These modules are almost always installed on the system secretively and try to run surreptitiously as well.
Trojan Horses - Trojan horses slip into an individual’s system and run without the user’s knowledge. They can have many functions. For example, some use a computer's modem to dial long-distance, generating huge phone bills for the computer owner. Unlike viruses and worms, Trojan horses do not make copies of themselves.
Typosquatting - The registration of domain names that are minor typographical variations on well-known names in which the registrant lacks any legal right, to trick web surfers into going to the alternate site, possibly for financial gain in advertising or for evil intent to install Trojan viruses.
URL – Uniform Resource Locator, the global address of documents and other resources on the World Wide Web. The first part of the address indicates what protocol to use, and the second part specifies the IP address or the domain name where the resource is located.
For example, the two URLs below point to two different files at the domain pcwebopedia.com. The first specifies an executable file that should be fetched using the FTP protocol; the second specifies a Web page that should be fetched using the HTTP protocol:
ftp://www.pcwebopedia.com/stuff.exe
http://www.pcwebopedia.com/index.html
Virus - A program or a part of program code that replicates - that is, "infects" another program, boot sector, partition sector, or document that supports macros, by inserting itself or attaching itself to that medium. Most viruses only replicate, though, many do a large amount of damage as well.
Worm - A self-contained program (or set of programs) that is able to spread functional copies of itself or its segments to other computer systems. The propagation usually takes place via network connections or email attachments. The worm may do damage and compromise the security of the computer. It may arrive in the form of a joke program or software of some sort.
Zero-day Attack - the malicious (and surprise) exploitation of previously unknown vulnerabilities. "Zero-day" attack refers to the number of days from public disclosure of the vulnerability to exploitation of the vulnerability. "Zero-day" could be a malware author who manages to construct and launch a worm the same day that the patch came out, or that the discoverer launched an attack without publicly disclosing the vulnerability.
Zombie – an assembled network of computers that, although their owners are unaware of it, are under control of a hacker or program, that sets it up to forward transmissions of spam, denial of service attacks or
Trojans to other computers over the Internet or network. See
ZOMBIES
|
