Tools
Terminology
ActiveX Controls
A type of browser plug-in used with the Microsoft Internet Explorer browser that allows users to view and use interactive content.
Certain Web pages require the user to download and install custom-built ActiveX Controls from the website itself in order to view them correctly; these components can pose a security risk if they are malicious and the browser's security settings allow them to be automatically and silently installed on the user's system.
As ActiveX Controls are able to access the hard disk and have a significant amount of control over system operations, malicious ActiveX Controls can cause major damage.
Alternate Data Stream
An extension to Microsoft's Windows NT File System (NTFS) that provides compatibility with files created using Apple's Hierarchical File System (HFS).
Applications must write special code if they want to access and manipulate data stored in an alternate stream. Some applications use these streams to evade detection.
Brute-force
A type of attack typically targeting authentication mechanisms such as password protection. A brute-force attack is an exhaustive, trial-and-error attempt that involves rapidly cycling through a comprehensive list of possible passwords or decryption keys, until the correct one is entered.
Often, a brute-force attack is combined with a dictionary attack, which uses a long list of words taken from dictionaries and popular culture references. Unlike a standard brute force attack, a dictionary attack uses words that are thought to be have the highest chances of success.
Brute-force attacks commonly succeed due to weak passwords and/or human error or laxness.
Bug
A programming error in an application's code. A bug usually results in one or more undesirable effects, ranging from barely detectable quirks in an application's performance, to completely crippling it.
Bot
A malicious program that, on being installed onto a computer system, allows the attacker to enslave the system into a network of similarly affected systems known as a botnet. The individual computers in a botnet may also be referred to as a bot or a zombie.
A special type of bot known as an IRCBot is a program that connects to an Internet Relay Chat (IRC) channel as a normal user, but is used by an attacker to control a zombie or a botnet.
The term "bot" is also used in more general situations for programs that perform automated tasks, such as scanning Web pages, calculating statistics and so on. Such programs are generally not considered malicious.
Botnet
A botnet (a portmanteau formed from the words robot and network) is a network of bot-infected computers that can be remotely controlled from a command-and-control (C&C) server. Each infected computer is known as a zombie computer, or zombie.
An attacker, or group of attackers, can harness the collective resources of a botnet to perform major malicious actions, such as sending millions of spam e-mails, performing a Distributed Denial-of-Service (DDoS) attack and much more.
Browser
A program that allows users to easily view and interact with Web page content on websites on the World Wide Web, or a local network.
Browsers are indispensable to the modern Internet and there are many different browsers available for almost every computing platform — Microsoft Internet Explorer, Mozilla Firefox, Opera, Apple's Safari, Google Chrome, et cetera.
Despite their ubiquity, browsers can pose a significant security risk as they are one of the major conduits for malicious software onto a computer system. Attackers can use specially created codes or programs to exploit vulnerabilities in the browser program or the operating system, in order to gain access to a vulnerable system's data and/or resources, often for further malicious or criminal use.
Browser Helper Object
A browser plug-in specifically designed for use with the Microsoft Internet Explorer browser.
A Browser Helper Object (BHO) executes automatically every time the browser is launched and may pose a security risk if they track the user's browsing behavior without authorization, are poorly written and inadvertently introduce security risks into the system, or are specifically designed to perform malicious actions (e.g. silently downloading malware onto the system).
Browser Plug-in
A program that provides additional functionality to an Web browser. Depending on the browser, a browser plug-in may also be known as a Browser Helper Object (BHOs), as for Microsoft Internet Explorer, or an extension, for Mozilla Firefox.
Browser plug-ins may pose a security risk if they perform potentially unwanted behaviors, such as redirecting search results or monitoring user browsing behavior. For this reason, some antivirus programs will label a browser plug-in as "riskware", unless the user authorizes its installation and use.
Buffer Overflow
A vulnerability in programs which do not adequately manage memory allocation. In certain circumstances, exploit code can use excessive amounts of data to exploit this vulnerability and force the program to write data beyond their specified memory allocations.
Technically, there are a few types of buffer overflows, depending on how the program handles the data overflow. In practical terms, all buffer overflows can force the targeted program to crash, delete data, or allow the attacker to transform the computer into a zombie.
BE SURE