Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Terminology

 

W32

 
W32 is the platform designator for the version of Microsoft Windows designed to run on computers systems with a 32-bit processor chip.

More recent versions of Windows are also designed to to run on computers using 64-bit processor chips.

 


Whitelisting

The converse of blacklisting, whitelisting was originally used to filter spam email by only accepting traffic from a list of known and approved email addresses.

Nowadays, whitelisting is used not only to filter spam, but also applications and web traffic. Many antivirus products today allow users to control a whitelist of applications permitted to send traffic over a network.

Most also include content filtering capabilities, which are used in conjunction with the web browser to evaluate website contents and display only approved content for selected users. 

See also: blacklist.

 



WildList

The WildList identifies malware reported in the real world during the past month.  Programs found in the WildList are known as ‘in-the-wild’ malware, as they are threats that are actively circulating on user’s systems at the time.

Compilation of the list is performed by a collaborative group of antimalware experts known as the WildList Organization. Antivirus vendors regularly verify the effectiveness of their products by testing them against both in-the-wild and zoo malware.

See also: Zoo.

 

 

Windows Registry

A directory found in later versions of Microsoft Windows operating systems that contains details on the settings and options selected for the operating system, most applications and hardware, users and their preferences and other critical information.

A 'registry key' is essentially an identifier that specifies which item is being affected; while a 'registry value' refers to the setting or option that is being affected.

Most malware will make modifications to the registry in order to replicate and perform other malicious routines. For example:

  • A Trojan may alter or add a registry key that automatically executes the malicious file each time the computer system starts, or
  • A virus may alter or disable a registry key preventing antivirus applications from scanning the computer.

These changes may also unintentionally affect other legitimate programs.

 

 

Worm

A program that replicates by sending copies of itself from one infected system to other systems or devices accessible over a network.

Unlike a virus, a worm does not integrate itself into a host file and does not need the host file to be executed in order to replicate; it exists and replicates as an independent unit.

Unlike a trojan, a worm usually does not camouflage itself by performing any superficially beneficial functions. Most commonly, it will simply focus on sending out copies of itself over the network. A worm may include a payload, but this is not a defining feature.

Characteristics

A worm's defining characteristic is its preoccupation with replicating, or spreading copies of itself. Worms propagate by sending copies of themselves to other systems on a network, which is why they are sometimes known as 'network worms'.

A worm is usually categorized based on the vector it uses to propagate, such as via e-mail, IRC chat channels, peer-to-peer networks, Bluetooth or SMS. For example. there are:

  • Bluetooth-Worm
    Spreads over the Bluetooth network, most commonly on mobile phones with Bluetooth functionality.
  • Email-Worm
    Spread copies of itself using e-mail messages and infected file attachments.
  • IRC-Worm
    Spreads through Internet Relay Chat (IRC) channels.
  • Net-Worm
    Propagates over networks, most commonly a Local Area Network (LAN) or the Internet.
  • IIS-Worm
    Scans the Internet for, and infects, webservers running Microsoft Internet Information Server (IIS) software.
  • SMS-Worm
    Propagates using the Short Message System (SMS) of telecommunications networks.

Today, there are also numerous worms which can propagate using multiple vectors.

Social Impact

Worms used to be considered more benign than trojans and viruses, as they didn't usually contain malicious payloads. Instead, their negative impact was usually limited the degrading the network itself, as worms replicating themselves over a network would consume bandwidth and so on.

Nowadays however, worms are increasingly designed to include malicious payloads, and can be as destructive as a trojan or a virus.

 

 

Classifications

Malware

A classification term used by F-Secure to indicate the potential severity of threat a program may pose to the user's computer system and/or confidential information.

 

Articles

About Detection Names

A quick guide to Detections - why they are important, how they work and how to read them. Also includes Generic Detections and how they differ from traditional Detections.