Terminology

Cookie

CAPTCHA

The Completely Automated Public Turing Test to tell Computers and Humans Apart (CAPTCHA) is a commonly used challenge-response test to prevent attackers from using computer-generated responses to perform certain repetitive actions, such as signing up for e-mail accounts, submitting online forms and so on.

This test is commonly used on websites, web-based e-mail services and other processes where an automated-response type attack may reasonably be possible. A CAPTCHA test usually involves the user attempting to solve to a challenge that current software cannot solve, most commonly by deciphering a distorted visual image to discern numbers and letters; a correct answer to the challenge results in the assumption that the user is human, and is therefore permitted to use the service.

The widespread use of CAPTCHA security precautions have, ironically, led to the development of attack techniques specifically designed to crack CAPTCHA; most of these attacks still involve human interaction at some stage.

Data Miner

A program that collects information on user browsing behavior. The collected information can include data entered into online forms, such as sensitive account details and passwords.

Once the information is collected, it is usually transmitted to an external party for further analysis and misuse. Data miners generally function without a user's knowledge or authorization.

Denial of Service (DoS)

A type of attack conducted over the Internet, in which a massive amount of data is sent to a targeted computer system or resource (e.g., a program, website or network), with the aim of overwhelming and crashing it.

A Denial of Service (DoS) attack is typically conducted by a single, or small group of, computer systems and can be performed in a variety of ways. Even if a DOS attack does not result in the target totally crashing, so much resources may have been diverted to deal with the attack that performance is significantly degraded, or other users are unable to use the system or resource until the attack has ended.

Dialer

A program that connects the computer to the Internet via a telephone line and modem. In the days before widespread broadband Internet connections, dialers were often the only way the average user could access the Internet.

Malicious dialers secretly connect the computer to premium-rate lines, greatly increasing the usage charges payable by the user.

Distributed Denial of Service (DDoS)

A type of attack conducted over the Internet, using the combined resources of many computers to bombard, and frequently crash, a targeted computer system or resource (e.g., a program, website or network).

There are various types of Distributed Denial-of-Service (DDoS) attacks, which vary based on how the attack is conducted. DDoS attacks are often performed by botnets, as the combined resources of all the computers in the network can generate an terrific amount of data, enough to overwhelm most target's defenses within seconds.

An example of how a DDoS attack is conducted: an attacker will exploit a vulnerability in one computer system and make it the DDoS master using Remote Control Software. Later, the intruder will use the master system to identify and manage zombies that can perform the attack.

Driveby Download

This term refers to the automatic download of a program onto a user's computer, almost always without their knowledge or authorization.

The term is most frequently used to describe the situation of a website forcibly and silently downloading malware onto a visitor's system, but clicking on popup ads or viewing an e-mail message may also result in the user being subjected to a driveby download.

Dropper

A malware whose primary aim is to drop other malware onto the system. Dropper malware has been almost completely superseded by trojan-droppers in today's threat landscape.

Encryption

The act of using a cipher or algorithm to transform data, such as a program's code, into an unintelligible form. Encryption usually requires that the user know a specific piece of information (a 'key') in order to transform the encrypted information back to a usable state when necessary.

There are many different ways to perform encryption, based on the algorithm or cipher used. Some examples of encryption algorithms include ROT13 and the Vigenere cipher.

Virus writers use encryption to create encrypted viruses and prevent detection of their malware by security applications.

Encryption Engine

Also known as a mutation engine, this is a programming routine that uses cryptographic principles to "scramble" the malware code at each infection, creating a constantly mutating virus that is harder for security applications to detect.

Simple encryption engines used a static decryption routine, or key, that remained the same throughout all infections; virus scanners were therefore still able to detect malware encrypted by these engines by simply detecting the key. More sophisticated engines nowadays scramble both the malware code and the key at each new infection, creating a virus that can "change appearance" potentially millions of times, while performing the exact same functions each time. The constantly mutating code and key makes it significantly more difficult for virus scanners to detect the malware.

The term "encryption engine" can also be used to describe special software used by virus writers to produce encrypted, polymorphic code.