An A-Z guide to the technical terms used in digital security
An isolated, tightly controlled virtual environment that mimics a normal computer system. Sandboxes are usually virtual machines installed as a completely contained entity on a host, or 'real' machine.
In a security laboaratory, researchers often use sandboxes run and examine suspect, untested or malicious code without risking damage to their actual systems. Modern antivirus programs also use a sandbox, in which they can run suspicious programs found on a device being scanned in order to examine the program's behavior. If the suspect program performs a harmful routine within the sandbox, it can be identified as malicious; without affecting the actual machine.
As malware are constantly evolving, some sophisticated threats are now 'VM-aware'. They first check for the presence of a virtual machine or sandbox on the system and if found, they refuse to run or even uninstall themselves, as a precaution against detection.
A small program or piece of code used to automate minor tasks. Scripts can be used in applications or on websites to add extra functionalities.
Search Engine Optimization (SEO) Attack
A type of attack that involves altering, poisoning or hijacking a website's listing in a search engine's search results.
Most websites try to gain more traffic by carefully crafting their webpages so that search engines display them more prominently in the search engine results, where they are more likely to be viewed by users. Unscrupulous website promoters or attackers exploit this engine-website-reader relationship in order to redirect users who click on the site's listing in the search results to an unsolicited site (which may also contain other threats).
Attackers can poison a website's ranking either by cross site scripting (XSS), or more commonly by using an iframe exploit to inject a redirect script into the site. The site's actual contents may or may not be affected. The sites affected by SEO attacks can range from major corporations (both online and brick-and-mortar businesses) and personal sites.
A small program used to provide an interface for users, which is then often used to control or manipulate an operating system or a process. A shell is also known as a 'commandshell'.
Creating a shell on a target machine is often the objective of shellcode and is associated with the exploitation of a vulnerability.
Short Message Service (SMS)
A communication protocol for tranmitting short text messages between mobile devices connected to a telecommunications network.
SMS is one of the most heavily used data services in the world today, with an estimated 3.5 billion regular users at the end of 2010. In many countries, SMS is used not only for personal communication, but for critical financial transactions and other useful services.
Like many popular services, SMS is also a target for attackers engaged in various undesirable activities, such as sending out spam (often containing links to unsolicited or malicious sites), spreading worms, stealing data and so on.
A sufficiently unique section of code that can be used by an antivirus application as a program's identifying marker. A signature may also be known as a 'detection' or 'definition'.
All antivirus programs contain a list of signatures in a database. When an antivirus scans a device, it compares the scanned programs against all the signatures and any file found with matching code is flagged as a security risk. As new malware are found every day, the antivirus signature database should be kept up-to-date to ensure the device is protected against the most recently identified threats.
Signature-based detection is a basic form of malware detection and is effective if the threat has been previously identified; it does not work against new and unknown malware, which have not yet been analyzed. To complement signature-based detection, antivirus programs use more sophisticated heuristic analysis technology to look for and identify the harmful behavior of new, unidentified malware.
Simple Mail Transfer Protocol (SMTP)
A protocol used for transmitting email messages over a TCP/IP network. It is one of three protocols (the others are IMAP and POP3) commonly used for email transmissions.
SMTP is capable of sending email messages, but has limited capability for receiving them, resulting in the common practice of using SMTP for sending messages, and another protocol for receiving messages.
Many worms include an SMTP-based engine in their own code dedicated to sending out copies of their code.
A general term used to describe attacks that leverage on psychological or social pressures to dupe an unsuspecting victim into providing sensitive information such as passwords, account details and so on.
Social engineering attacks can take place both online and offline. Online social engineering attacks usually take the form of phishing or pharming attempts, which present unsuspecting users with legitimate-looking emails or websites in order to convince to part with important information or money.
Another form of online social engineering involves convincing a user to download a file, usually in the guise of a security or application update, game or other desired program. Once downloaded and run however, the file turns out to be something entirely different, and almost always malicious.
Despite the simplicity of many social engineering attacks, they tend to be consistently effective, as they exploit natural human tendencies based on trust, desire or curiosity.
The human-readable form of a program's code.
A programmer or team of programmers will typically write a program's source code in a programming language (e.g., C or Python). The programmer(s) then use a separate compiler program to transform it into an executable form known as binary code that only a computer system can 'read' to execute the commands.
A communication that is unsolicited and sent out in massive amounts. Spam can be sent out over email, fax, SMS or any other communication medium.
Spam is mainly used for commercial promotion. The products or services typically being offered tend to be of a somewhat dubious nature. They may also be used for mass communication, generally seeking credulous participants willing to take part in activities that may turn out to be fraudulent or criminal. Spam may also be used to distribute malware or to direct users to sites that host malware.
Spam is often considered a nuisance as it clogs up communications networks and requires time and effort to counter. It may also have a significant financial or personal impact, through malware infection of a company network or loss of personal data or money through fraud.
Nowadays, spam is commonly sent out by botnets, which can generate thousands, if not millions of emails every day. The botnet may be created specifically for this purpose but increasingly, spam operations are simply renting use of these botnets from other (presumably criminal) organizations.
The act of sending spam is legally a 'grey area' in many countries; there is usually insufficient legislation or police enforcement to prevent it. In some countries, spam operations have been successfully shut down and prosecuted; in others, these operations can operate with practical impunity.
The act of falsifying characteristics or data, usually in order to conduct a malicious activity. For example, if a spam email's header is replaced with a false sender address in order to hide the actual source of the spam, the email header is said to be 'spoofed'.
An attack can also involve elements of spoofing, as it prevents or complicates the process of identifying the correct source of the attack. There are many kinds of such 'spoofing attacks': email spoofing, Internet Protocol spoofing, URL spoofing and so on.
A program that may compromise a user's personal or confidential information. Spyware may be installed on a system without a user's authorization or knowledge.
Spyware can vary widely in the kinds of actions they perform. Some common actions include displaying unsolicited pop-ups, hijacking a browser's home or search pages, redirecting browsing results and monitoring user activities. Depending on the context, these actions may be considered to border on, or are, malicious.
Spyware is sometimes considered a 'gray' area in terms of ethics and legality. Depending on the specific action, context of use and applicable laws, spyware may be legal and acceptable; dubious but unlegislated; or outright illegal and unethical.
Complicating the issue is that some spyware are not intentionally designed as such. Instead, programming errors may result in them performing actions that would class them as spyware. Once the flaws are corrected, the program may then be reclassified.
A type of attack that exploits poor user-input filtering to inject and run executable commands in the improperly configured Structured Query Language (SQL) databases underpinning the form. Technically, a few types of SQL injection attacks are possible, but the end result of all successful SQL injection attacks is that an attacker can manipulate or even gain total control over the database.
SQL databases are a common feature of many applications. Often, companies will use such databases for vital operations such as payrolls and customer records. The most commonly reported attacks however are usually launched against databases that can be accessed via a website, simply because these databases are much easier for a hacker to reach. SQL databases are commonly used on websites with dynamic content, making them popular targets for hackers.
SQL injection attacks only work against databases that don't sanitize user input properly. Whenever a user interacts with a database, for example by trying to log into the 'Members Only' section of a website, any input they provide should be 'sanitized', or checked to make sure it doesn't contain invalid characters. Poor or improper checking of the data input that may cause programming errors, which an alert or malicious user can then further exploit.