An A-Z guide to the technical terms used in digital security
A malicious application that steals or encrypts the user's data or system, then demands a ransom payment to restore the data or normal system access.
Ransomware programs typically encrypt files on a computer or device, then displays a message stating that the user needs to pay a certain sum in a specified manner. The specifics of how the encryption is done, the kind of message displayed and the payment method to be used usually differ based on the ransomware family involved.
This form of extortion works on the assumption that the data is important enough to the user that they are willing to pay for recovery. There is however no guarantee of actual recovery, even after payment is made.
As encryption is usually extremely difficult to break, the best safeguard against losing access to critical data this way is to keep up-to-date backups of your files in a separate, unconnected location or device. Up-to-date antivirus protection and user caution are also key in avoiding unintentional contact with ransomware.
Remote code execution
In computer security, remote code execution means that an outside party is able to run arbitrary commands on a target machine or in a target process, almost always with malicious intent.
Remote code execution is usually the goal of a system or program exploit, as it essentially means an attacker can take complete control of the compromised machine.
An application package (APK) is a kind of software bundle that simplifies the installation and setup processes for a program (or programs) included in the package.
On the Android platform, malware is typically created by taking the APK of a legitimate, popular application, introducing additional malicious components into the package and rebundling it. The newly created APK - also known as a trojanized APK - can then be redistributed. Often, the original program's name and branding is stolen and used to promote the malicious version as well.
Repackaging malware into the APK of a known app is often done to exploit the user's desire for the app to trick them into installing malware on their own devices.
The act of creating a copy of a malicious program's code, usually in order to infect a new target, or distribute a copy to a new computer system.
Replication is an essential characteristic of certain types of malware. For example, if a program does not include a routine specifying a method for replicating its own code, it does not meet the definition of a virus or worm.
The term 'replication' is often used interchangeably with the term 'propagation'.
Useful, legitimate software that is not malicious in nature, but may pose or introduce a security risk if improperly used, or used in certain circumstances.
Examples of legitimate programs that may be considered riskware if misused include File Transfer Protocol (FTP) servers, Internet Relay Chat (IRC) clients, Network Sniffers, overeager Digital Rights Management (DRM) software and Remote Administration utilities.
When used by an authorized user in the correct context, these programs function as intended. Under other circumstances, they may be considered a risk.
An antivirus or antispyware application that does not provide the functionality claimed, and may not work at all. Rogues are often promoted by deceptive or fraudulent means.
Rogues can be deliberately fraudulent, or just substandard products that present false information. The product may claim to be a legitimate antivirus or antispyware application, but may in fact be nothing more than an inexpensive clone of unreliable software. Once purchased, the final product may not perform as claimed, or may not perform at all.
When run, many rogue applications will perform a scan of the system, or pretend to perform one. They then display misleading or outright false scan reports in order to alarm users into buying their application. This may be accompanied by alarming warning messages and constant prompts, if the user declines to purchase.
For more information, see the article Rogues.
A standalone software component that hides processes, files, registry data and network connections. The term 'rootkit' may also be used to describe cloaking or stealth techniques a malware uses to hide itself or disguise its actions.
Rootkits are often used by other malware to conceal their activities. As a type of malware, rootkits can be difficult to detect as they are activated before the machine's operating system is completely booted up, and are therefore treated as outside the system's normal security procedures; this characteristic also makes them difficult to remove.
Occasionally, legitimate software will use rootkit-like techniques, usually for software protection purposes. In this context, the techniques may be referred to as a form of Digital Rights Management (DRM). Some antivirus programs will detect these applications as 'rootkits' and potential security risks, until the rootkit-like techniques are removed or another solution is reached.
A network component responsible for directing data traffic to its correct destination between networks, or separate subnets on the same network.
A router may be a hardware device or, less commonly, a program. There are numerous types of routers, graded based on the amount of workload (traffic) they are capable of handling. The most common routers are those used by individual users for home networks, as well as larger routers dedicated to communications in businesses and large corporations. The highest capacity routers are responsible for routing major public Internet transmissions.