An A-Z guide to the technical terms used in digital security


The term 'zero-day' refers to the period between when a vulnerability is first publicly disclosed, and when a patch for the flaw is released. 

Even after a patch becomes publicly available, there is often an additional time lag before most companies or homes users can install the patch on a vulnerable machine, which gives additional opportunity for a zero-day attack to be effective.

Due to the high chance of attackers targeting a vulnerability that has been recently announced, many security researchers will work quietly with vendors to create and release the patch for a vulnerability before publishing the news to the general public.


A computer, server or mobile device that has been infected with specialized malware known as a bot, which allows an attacker to control it. A zombie machine is also often known as a bot.

Zombie or bot machines are usually roped into a network of similarly infected devices, known as a botnet. This collective group of controlled machines is under the control of the attacker(s), who can be referred to as the botnet controller, operator or botherder.

Instructions from the botherder to a zombie in the botnet - or to all of them - are usually sent via a Command and Control (CnC) server, which relays the commands. The CnC server could be a server, a malicious or compromised website or even a hijacked social media account. Some botnets also use a Peer-to-Peer (P2P) command structure, so that instructions are relayed between infected machines, making it much harder to trace to attacker(s).

The collective resources of all the machines in the botnet are often used for malicious activity, such as launching Distributed Denial of Service (DDoS) attacks, sending out spam and so on. Often, the legitimate owner or user of a zombie machine has no idea that the device has been hijacked and put to nefarious use.

For more information, see the article Botnets.


A collection of malware held by an antivirus vendor or security research team in a laboratory and used only for testing purposes.

A zoo collection may also serve as an archive, as it will often contain programs that are no longer 'in-the-wild' (essentially extinct outside the laboratory).

To test the effectiveness of their products, most antivirus vendors will ensure their software can identify both zoo malware and threats found in-the-wild.

Scan for free

F-Secure Online Scanner will scan and clean your PC in just a few minutes for free

Go Scanner

What is malware?

A term commonly used in digital security to refer to 'malicious software'

Read More