An A-Z guide to the technical terms used in digital security
A type of scripted 'operation' found in some applications thats allows users to automate certain functions or instructions.
Properly functioning macros can be extremely useful as they make using certain applications far less complex than it might be. For example, the familiar 'copy-paste' function in many document editing programs is a type of macro.
Macros are most commonly associated with Microsoft Office applications, but many other programs include them. Many programs also allow customizable macros, which the user can tailor to their own needs. In a sense, they become 'mini-executables' that affect a particular program.
Despite their legitimate use, macros can also be misused to deliver, execute and hide malware. Because they can function like executable files, macros can be subverted to act like malicious software. Viruses which infect and spread using macros are often referred to as 'macro viruses'.
A series of operating systems (also known as the 'Classics') from Apple that precede the current Mac OSX. A sizable percentage of Apple computers still run on these older operating systems, which can be referred to as MacOS.
Unlike 'riskware', which is used to refer to a program that may be legitimate, 'malware' denotes a program that has been specifically designed with malicious intent.
Man in the middle (MITM)
A type of attack that involves an undetected third party actively eavesdropping and controlling communications between two systems.
The specific technical details of how the attack is performed varies depending on the type of communication being intercepted (wireless, Internet, mail, etc), but for it to be successful, the attacker must be able to impersonate each side of the dialogue and convince them that the communication is private and authentic.
MITM attacks are usually done in order to intercept or modify messages sent between the two systems, or to inject false information.
Master Boot Record (MBR)
The dedicated area of a storage device - such as a hard drive or a floppy disk - that contains critical information for starting the main operating system (OS). The information saved in the MBR is used by a boot program to start the main OS whenever the user switches on the computer (a process known 'booting the OS', or similar).
Back when DOS was the major operating system on most computers, the MBR was a favored target of virus writers, leading to the creation of boot viruses. By affecting the MBR, a virus writer didn't need to bother with stealth techniques and other tactics to evade detection, as most security programs at the time weren't able to scan the MBR to detect such malicious changes.
Fortunately, changes by operating system vendors successfully reduced the ability of these malware to modify the MBR, leading to boot viruses becoming far less common.
A malware that remains in a computer system's memory after its original program has been executed and closed is said to be 'resident' in the memory.
To understand how a malware becomes resident in the memory, it helps to know how a program normally works. When a file is executed, it is loaded temporarily into the RAM memory, where temporary instructions related to the program can be stored. When the user closes the program, it is unloaded from the memory, clearing the space for use by another program.
A malware loaded into memory in the usual way exploits this process by 'hooking' an interrupt vector, a special area of the memory, and inserting its own separate instructions. After the original program is closed, the instructions in the interrupt are still active, leading to the malware being 'resident' in the memory. From this position, the malware can infect any other programs that are launched and loaded into memory.
A virus that rewrites its own code at each iteration, so that each succeeding version appears different from the preceding one. Despite the changes, the malware's functionalities remain the same.
Fortunately, the technical challenges involved in creating a functioning metamorphic virus is quite high, making them very rare creations.
The Type designation 'Monitor' was previously used by F-Secure to identify a program that can monitor and record all computer activities, including each keystroke typed on the keyboard.
With changes in the threat landscape today, programs previously identified as 'Monitor' have been reclassified under the Riskware Category, with the Type designation 'Monitoring-Tool'. The better clarifies the program's overall security profile in the current, more complex threat landscape.
Multimedia Message Service (MMS)
A standard used by telecommunications networks for transmitting multimedia content between mobile devices.
Though the acronym MMS refers to the name of the standard (Multimedia Message Service) used to determine the logistics of transmitting a message, it is often used by the general public to refer to the message itself, much like the term 'email' is now used to refer to the message sent rather than the network/technology it is sent on.
This popular communication channel is also a popular vector for spam and more rarely, messages containing links to malicious sites.
A multi-segmented virus that is able to infect multiple target types – for example, both the boot sector and the system files – in such a way that every section of the virus must be removed before the system can be considered clean and free from the possibility of reinfection.
Fortunately, the technical challenges involved in creating a functioning multipartite virus is quite high, making them very rare creations.
In computer programming, mutex is the short form for mutual exclusion object, and refers to an program object that negotiates access to a shared resource, such as memory space, between multiple program threads so that only one thread can access the resource at any one time.
A mutex with a unique name is created when a program is first started, with a defined 'lock/unlock' state. Subsequently, when a thread requires resource access, it must first lock the mutex, thereby excluding other threads from using the resource. Once the resource is no longer needed, the mutex is 'unlocked' so that other threads may use it.
In a malicious context, malware can use mutexes to prevent multiple infections of the same system. Some simpler malware families will use the same mutex for all its variants; presence of the known malicious mutex on the system is therefore considered a sign of infection.