An A-Z guide to the technical terms used in digital security
A malware is described as being 'packed' if it has been compressed with a file compression program known as a packer.
Being in a packed state reduces the size of the file and also acts as a form of protection for the malware. Analysis of such files by security experts and the average user is more difficult, as doing so carries the additional risk of accidental infection.
Palm is the platform designator F-Secure uses for malware designed specifically for the operating system (OS) designed used on the personal digital assistant (PDA) devices created by Palm Inc.
As of 2016, only a tiny handful of malware for this platform is known to exist.
A good security practice is to install patches as soon as possible after they are released. Unfortunately, for many businesses and home users, there may be a significant delay between the time the patch is released and when it is installed on the affected application or machine, leaving them vulnerable to zero-day attacks.
Much like the payload of a missile or plane, this is an action, program or code delivered to an system by a malware. Most payloads in today's threat landscape are malicious and damaging in nature.
A type of network in which each connected machine devotes some of its resources (storage, bandwidth, processing, etc) to use by other machines or peers on the network. P2P networks are most commonly used to distribute large files between peers.
A P2P network has no central server directing the operations, nor a single repository containing the desired files; instead, a file is broken down into 'segments' which are saved on various peers in the network. When downloading a particular file, the various 'segments' are transferred from a peer to the recipient machine, which then becomes a peer (hence the name of the network type).
To connect to a P2P client, a user must usually install a P2P client on their system. Using the client, they can then browse for files available for download in the network, as well as offer files for download.
Malware, particularly worms, can take advantage of the mechanics of a P2P network to distribute copies of itself to unsuspecting users. To do so, malware will typically place one or more copies of their infectious code in the P2P client's shared folder. Sometimes, they will also replace real movie or sound files with their copies.
Some botnets will also use a P2P network structure to share the instructions originating from the botherder with other infected machines in the network, making it very difficult to trace the attacker's origin.
A type of social engineering attack in which fraudulent communications are used to trick the user into giving out sensitive information, such as passwords, account information and other details. Phishing is a criminal activity in many jurisdictions.
A phishing attack usually involves a fake communication, often supposedly from a trusted corporation or institution, that requires some kind of response from the user. Usually, the subject matter is enticing or alarming, to motivate the user into complying. They are then directed to a specific (fraudulent) website in order to provide the needed details.
Phishing attempts are most commonly done via email, but attempts made by instant messages, SMS messages and even voicemail are also known. Malware may also drop these communications as part of their payload.
Phishing can often be executed using spam emails. Targeted phishing attacks can also occur. The information stolen can have considerable value to a criminal; its loss can be even more significant to the victim. Such information theft is rapidly becoming a major concern for law enforcement agencies and web service operators worldwide.
A virus that mutates, or modifies, its own code at various intervals. The changes in code typically occur each time the virus replicates, or infects a new machine.
Detection and disinfection of a polymorphic virus can be very challenging, as mutating code makes traditional signature-based detection methods ineffective. Nowadays, many antivirus programs instead use heuristic analysis to identify polymorphic viruses.
A type of data connection used by computer systems to for data transfer between two connected machines. Ports are most commonly used for communications over the Internet, using the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).
A port is identified by its port number, a specific IP address and its associated protocol. By convention, certain ports are reserved for specific functions or activities. For example, HTTP traffic uses port 80.
A port can also be a physical connection linking a machine to a peripheral device. For example, a mouse or keyboard is connected to a computer system via a physical port.
Portable Executable File (PE EXE)
A file format used on certain Windows operating systems for certain types of executable files. The term is often abbreviated as a PE EXE file, or PE file.
The 'portable' part of the name denotes that the files are capable of running in numerous environments on the system.
An application used to scan for open ports (also known as listening ports) on a computer system or resource connected to a network. A port scanner can be targeted to look for ports on single machine, or to scan multiple machines.
Port scanners may be legitimately used by authorized system administrators or other IT professionals as a tool to check the security of their networks. They can also be used by attackers to find machines that may be amenable to attack.
The probability and success of an attack depends on the how vulnerable the machine really is, how prepared the system administrators are and how competent the attackers are.
Potentially Unwanted Software (PUA)
Alternatively known as grayware, Potentially Unwanted Software (PuS) or Program (PuP), this is a general term used to describe applications that may potentially pose a potential risk to the user's system or data, but do not meet the stricter definition of malware.
Categorization of a program as a PUA is by nature highly context-sensitive, as it involves the users own preferences and behavioral patterns, as well as issues of legal/ethical usage.
Most user accounts on a computer system have a limited set of privileges that allow them to perform a specified range of actions, such as viewing or editing files or making certain system changes.
Privilege escalation involve exploiting a vulnerability or bug in the operating system or a program in order to gain more privileges than the logged-in user is entitled to, usually in order to perform unauthorized, malicious actions.
A collection of instructions for a computer system. These instructions are the 'software' that direct the physical 'hardware' components of a computer to perform useful actions.
There are many different types of programs, but these can be broadly categorized into: system software, which involves intimate control of the computer hardware (e.g., operating systems); and application software, which is more concerned with performing tasks that benefit the user (e.g., document processing, games, etc).
A program is typically created in a human-readable 'source code' form by a programmer or team of programmers; it must then be compiled into a machine-readable, executable form for the computer to 'read' it in order to execute the commands.
Proof of Concept (PoC)
PoC code often – but not always – accompanies a disclosure statement, as proof that the found vulnerability exists and is exploitable.
The act of creating a copy of a malicious program's code, usually in order to infect a new target, or distribute a copy to a new computer system.
The term 'propagation' is often used interchangeably with the term 'replication'.
A computer system or application that functions as an intermediary between clients and resources, usually to provide a layer of security and regulation.
Proxy servers are commonly used as a barrier between individual computers on an internal company network and resources on the Internet, such as websites or public ftp servers. By configuring the proxy server, a system administrator can efficiently regulate communications for the entire network, or for individual computers on the network.