W32 is the platform designator for the version of Microsoft Windows designed to run on computers systems with a 32-bit processor chip.
More recent versions of Windows are also designed to to run on computers using 64-bit processor chips.
The converse of blacklisting, whitelisting was originally used to filter spam email by only accepting traffic from a list of known and approved email addresses.
Nowadays, whitelisting is used not only to filter spam, but also applications and web traffic. Many antivirus products today allow users to control a whitelist of applications permitted to send traffic over a network.
Most also include content filtering capabilities, which are used in conjunction with the web browser to evaluate website contents and display only approved content for selected users.
See also: blacklist.
The WildList identifies malware reported in the real world during the past month. Programs found in the WildList are known as ‘in-the-wild’ malware, as they are threats that are actively circulating on user’s systems at the time.
Compilation of the list is performed by a collaborative group of antimalware experts known as the WildList Organization. Antivirus vendors regularly verify the effectiveness of their products by testing them against both in-the-wild and zoo malware.
See also: Zoo.
A directory found in later versions of Microsoft Windows operating systems that contains details on the settings and options selected for the operating system, most applications and hardware, users and their preferences and other critical information.
A 'registry key' is essentially an identifier that specifies which item is being affected; while a 'registry value' refers to the setting or option that is being affected.
Most malware will make modifications to the registry in order to replicate and perform other malicious routines. For example:
- A Trojan may alter or add a registry key that automatically executes the malicious file each time the computer system starts, or
- A virus may alter or disable a registry key preventing antivirus applications from scanning the computer.
These changes may also unintentionally affect other legitimate programs.
A program that replicates by sending copies of itself from one infected system to other systems or devices accessible over a network.
Unlike a virus, a worm does not integrate itself into a host file and does not need the host file to be executed in order to replicate; it exists and replicates as an independent unit.
Unlike a trojan, a worm usually does not camouflage itself by performing any superficially beneficial functions. Most commonly, it will simply focus on sending out copies of itself over the network. A worm may include a payload, but this is not a defining feature.
A worm's defining characteristic is its preoccupation with replicating, or spreading copies of itself. Worms propagate by sending copies of themselves to other systems on a network, which is why they are sometimes known as 'network worms'.
A worm is usually categorized based on the vector it uses to propagate, such as via e-mail, IRC chat channels, peer-to-peer networks, Bluetooth or SMS. For example. there are:
Spreads over the Bluetooth network, most commonly on mobile phones with Bluetooth functionality.
Spread copies of itself using e-mail messages and infected file attachments.
Spreads through Internet Relay Chat (IRC) channels.
Propagates over networks, most commonly a Local Area Network (LAN) or the Internet.
Scans the Internet for, and infects, webservers running Microsoft Internet Information Server (IIS) software.
Propagates using the Short Message System (SMS) of telecommunications networks.
Today, there are also numerous worms which can propagate using multiple vectors.
Worms used to be considered more benign than trojans and viruses, as they didn't usually contain malicious payloads. Instead, their negative impact was usually limited the degrading the network itself, as worms replicating themselves over a network would consume bandwidth and so on.
Nowadays however, worms are increasingly designed to include malicious payloads, and can be as destructive as a trojan or a virus.
About Detection Names
A quick guide to Detections - why they are important, how they work and how to read them. Also includes Generic Detections and how they differ from traditional Detections.