|
AdTool :
AdTool are programs that facilitate
delivery for advertising content to
the user and in some cases gather
information from the user's computer,
including information related to Internet
browser usage or other computer habits.
They can take up your computers resources
and are largely responsible for the
countless popup ads you receive on
the web. AdTool is often bundled with
or embedded within freeware programs
like such as clocks, messengers, alerts,
weather, and so on.
Adware :
An Adware’s main purpose is
to display targeted ads based on the
user behavior it is tracking. Adware
are programs that facilitate delivery
of advertising content to the user
and in some cases gather information
from the user's computer, including
information related to Internet browser
usage or other computer habits. They
can take up your computers resources
and are largely responsible for the
countless popup ads you receive on
the web. Adware is often bundled with
or embedded within freeware programs
like such as clocks, messengers, alerts,
weather, and so on, and software such
as screensavers, cartoon cursors,
backgrounds, sounds, etc.
Annoyance
: Any Trojan that does not
cause damage other than to annoy a
user, such as by turning the text
on the screen upside down, or making
mouse motions erratic.
ANSI Bomb
: Character sequences that
reprogram specific keys on the keyboard.
If ANSI.SYS is loaded, some bombs
will display colorful messages, or
have interesting (but unwanted) graphical
effects.
AOL Pest
: Any password stealer, exploit,
DoS attack, or ICQ hack aimed at users
of AOL. They may subject users to
various risks, including Spoofing,
eavesdropping, sniffing, spamming,
breaking passwords, harassment, fraud,
forgery, 'importuning', electronic
trespassing, tampering, hacking, nuking,
system contamination including without
limitation use of viruses, worms and
Trojan horses causing unauthorized,
damaging or harmful access and/or
retrieval of information and data
on your computer and other forms of
activity that may even be considered
unlawful."
AV Killer
: Any hacker tool intended
to disable a user's anti-virus software
to help elude detection. Some will
also disable personal firewalls.
Backdoor
: A Backdoor is a software
program that gives an attacker unauthorized
access to a machine and the means
for remotely controlling the machine
without the user's knowledge. A Backdoor
compromises system integrity by making
changes to the system that allow it
to be used by the attacker for malicious
purposes unknown to the user.
Badjoke :
Software that is designed
to mimic the actions of a virus but
is not malicious and does not harm
the machine. Although some Low Risk
Software programs may track online
habits -- as provided for in a privacy
policy or End User License Agreement
(EULA) -- or display advertising within
the applications themselves, these
programs have only vague, minimal
or negligible effects on your privacy.
Banker :
These Trojan monitor and steal the
user's internet access and on-line
banking details such as such as bank
accounts, usernames, passwords and
credit card details from your computer
and sends it to the attacker.
Binder : A
tool that combines two or more files
into a single file, usually for the
purpose of hiding one of them. A binder
compiles the list of files that you
select into one host file, which you
can rename. A host file is a simple
custom compiled program that will
decompress and launch the source programs.
When you start the host, the embedded
files in it are automatically decompressed
and launched. When a Trojan is bound
with Notepad, for instance, the result
will appear to be Notepad, and appear
to run like Notepad, but the Trojan
will also be run.
Browser
Helper Object (BHO): BHO
is an application that extends Internet
Explorer and acts as a plug-in. Spyware
as well as browser hijackers often
use BHOs to display ads or redirect
the browser to alternate sites and
alternate search results. BHO may
not necessarily need your permission
to install and they can be used for
malicious purposes like gathering
info on your surfing habits and search
data to facilitate targeted or contextual
advertising.
Buffer Overflow:
A buffer overflow occurs when a program
writes more data in memory than it
was initially allotted (buffer space).
Clicker:
This family of Trojans redirects victim
machines to specified websites or
other Internet resources. Clickers
either send the necessary commands
to the browser or replace system files
where standard Internet urls are stored
(e.g. the 'hosts' file in MS Windows).
Clickers are used:
1. To raise the hit-count of a specific
site for advertising purposes
2. To organize a DoS attack on a specified
server or site
3. To lead the victim to an infected
resource where the machine will be
attacked by other malware (viruses
or Trojans).
Commercial
RAT : Any commercial product
that is normally used for remote administration,
but which might be exploited to do
this without user consent or awareness.
Constructor
: Virus writers use constructor
utilities to create new malicious
programs and Trojans. It is known
that constructors to create macro-viruses
and viruses for Windows are in existence.
Constructors can be used to generate
virus source code, object modules
and infected files.
Some constructors come with a user
interface where the virus type, objects
to attack, encryption options, protection
against debuggers and disassembles,
text strings, multimedia effects etc.
can be chosen from a menu. Less complex
constructors have no interface, and
read information about the type of
virus to be built from the configuration
file.
Cracking Tool
: Any software designed to
modify other software for the purpose
of removing usage restrictions. An
example is a 'patcher' or 'patch generator’,
which will replace bytes at specified
locations in a file, rendering it
a licensed version. A music file ripper
is a program that enables the user
to digitally copy songs from a CD
into many different formats such as
MP3, WAV, or AIFC.
DDoS :
A distributed denial of service
attack (DDoS) occurs when multiple
compromised systems flood the
bandwidth or resources of a targeted
system, usually a web server(s).
Script kiddies use them to deny the
availability of well known websites
to legitimate users. More
sophisticated attackers use DDoS
tools for the purposes of extortion
— even against their business rivals
Dialer : A Dialer
is a program that uses the computer's
modem to dial telephone numbers, often
without the user's knowledge and consent.
A Dialer can connect to a phone number
that adds long distance charges to
the telephone bill without the user's
knowledge or permission. Dialers may
be downloaded through exploits and
installed without notice and consent.
DoS : DoS
is Denial of Service Trojan. This
is a DDoS (Distributed Denial of Service)
Trojan. It conducts a SYN Flood attack
on a number of servers in the bootcom.com
domain. It works under Windows NT.
When launched, it creates a service
named Secure transactions provider,
which covertly starts each time the
system boots up. The service launches
five threads, each of which sends
TCP packets to one of the servers
under attack at high frequency, with
SYN flags set. This will cause the
network to slow noticeably. Always
run in DOS mode.
Downloader : Downloader
is a program typically installed through
an exploit or some other deceptive
means and that facilitates the download
and installation of other malware
and unwanted software onto a victim's
PC. Downloader may download adware,
spyware or other malware from multiple
servers or sources on the internet.
DNSChanger
: The DNSChanger Trojan is
usually a small file (about 1.5 kilobytes)
that is designed to change the 'NameServer'
Registry key value to a custom IP
address. This IP address is usually
encrypted in the body of a Trojan.
As a result of this change a victim's
computer will contact the newly assigned
DNS server to resolve names of different
webservers. And some of the resolved
names will not point to legitimate
websites - they will point to fake
websites that look like real ones,
but are created to steal sensitive
information (like credit card numbers,
logins and passwords).
Dropper :
Spyware dropper when run will install
spyware. In other words dropper is
a carriage for malicious or spying
software. Finding it on your computer
means that your computer is infected
with Dropper and crucial data could
be endangered or even lost.
Encryption
Tool : Any software that
can be used to scramble documents,
software, or systems so that only
those possessing a valid key are able
to unscramble it. Encryption tools
are used to secure information; sometimes
unauthorized use of encryption tools
in an organization is a cause for
concern.
Error Hijacker
: Any software that resets
your browser's settings to display
a new error page when a requested
URL is not found. Hijacks may reroute
your info and address requests through
an unseen site, capturing that info.
In such hijacks, your browser may
behave normally, but be slower.
Exploit :
Exploits use vulnerabilities in operating
systems and applications to achieve
the same result. Or in other words,
this is a type of malware containing
a piece of software, a chunk of data,
or sequence of commands that take
advantage of a bug, glitch or vulnerability
in order to cause unintended or unanticipated
behavior to occur on computer software.
This frequently includes such things
as gaining control of a computer system
or allowing privilege escalation or
a denial of service attack.
Fake Anti
Spyware : A Fake Anti Spyware
is software that purports to scan
and detect malware or other problems
on the computer, but which attempts
to dupe or badger users into purchasing
the program by presenting the user
with intrusive, deceptive warnings
and/or false, misleading scan results.
They spuriously warn users that their
computers have been infected with
spyware, directing them to purchase
programs which do not actually remove
spyware or even worse, may add more
spyware of their own. It typically
uses aggressive, deceptive advertising
and may be installed without adequate
notice and consent, often though exploits.
Firewall
Killer : Programs that alters/bypasses
security system that uses rules to
block or allow connections and data
transmission between your computer
and the Internet.
Flooder
: A program that overloads
a connection by any mechanism, such
as fast pinging, causing a DoS attack.
An E-Mail Flooder is a program used
to send mass e-mail to flood or disrupt
a PC or network.
FraudTool
: These are programs which look like
any legitimate program but usually
download without users permission,
entice users into buying them by showing
fake results to improve users PC performance.
They may also download spyware and
other unwanted programs.
FTP Server
: When installed without
user awareness, an FTP server allows
an attacker to download / upload any
file on the user's machine.
GameThief
: A threat that attempts
to steal vital information from the
user with regards to online gaming
activity and is capable of connecting
to a remote site to download possible
updates of its application.
HackTool
: HackTool is a utility designed
to penetrate remote computers. These
types of malware connect to the remote
machines and use them as zombies without
any giving prior information to the
owner. Many hacktools download malicious
programs on the victim machines.
Hijacker :
Hijackers are software programs that
modify users' default browser home
page, search settings, error page
settings, or desktop wallpaper without
adequate notice, disclosure, or user
consent. When the default home page
is hijacked, the browser opens to
the web page set by the hijacker instead
of the user's designated home page.
In some cases, the hijacker may block
users from restoring their desired
home page.
Hoax :
Hoax shows fake security warnings
that are quite annoying. The aim of
this spyware is to trick a computer
user to download third-party cleaning
utilities, usually anti-spyware scanners.
Homepage Hijacker
: Any software that changes
your browser's home page to some other
site. Hijacks may reroute your info
and address requests through an unseen
site, capturing that info. In such
hijacks, your browser may behave normally,
but be slower.
Hostile ActiveX
: An ActiveX control is essentially
a Windows program that can be distributed
from a web page. These controls can
do literally anything a Windows program
can do. A Hostile ActiveX program
does something that its user did not
intend for it to do, such as erasing
a hard drive, dropping a virus or
Trojan into your machine, or
scanning your drive for tax records
or documents.
Hostile Java
: Browsers include a ""virtual
machine"" that encapsulates
the Java program and prevents it from
accessing your local machine. The
theory behind this is that a Java
""applet"" is
really content -- like graphics --
rather than full application software.
However, as of July, 2000, all known
browsers have had bugs in their Java
virtual machines that would allow
hostile applets to ""break
out"" of this ""sandbox""
and access other parts of the system.
Most security experts browse with
Java disabled on their computers,
or encapsulate it with further sandboxes/virtual-machines.
Hostile Script :
A script is a text file with a .VBS,
.WSH, .JS, .HTA, .JSE, .VBE extension
that is executed by Microsoft WScript
or Microsoft Scripting Host Application,
interpreting the instructions in the
script and acting on them. A hostile
script performs unwanted actions.
HTTP Server : When
installed without user awareness,
an HTTP server allows an attacker
to use a web browser to view and thus
retrieve information collected by
other software placed in the user's
machine.
IM :
A threat that is capable to cause
Denial-Of-Service attacks against
other instant messenger client systems.
Installer
: A utility that copies system
software or an application from floppy
disks or a CD-ROM to your hard disk.
An Installer may also decompress the
new files, remove obsolete files,
place extensions and control panels
in their proper folders, and/or create
new folders.
IRC War : Any
tool that uses Internet Relay Chat
for spoofing, eavesdropping, sniffing,
spamming, breaking passwords, harassment,
fraud, forgery, 'imposture', electronic
trespassing, tampering, hacking, nuking,
system contamination including without
limitation use of viruses, worms and
Trojan horses causing unauthorized,
damaging or harmful access and/or
retrieval of information and data
on your computer and other forms of
activity that may even be considered
unlawful.
Joke Program
: A Joke Program is software
that is designed to mimic the actions
of a virus but is not malicious and
does not harm the machine. Although
some Low Risk Software programs may
track online habits -- as provided
for in a privacy policy or End User
License Agreement (EULA) -- or display
advertising within the applications
themselves, these programs have only
vague, minimal or negligible effects
on your privacy.
Keygen :
Keygen is a type of software which
does not belong to particular legitimate
software company but it generates
key or more specifically cracks for
legitimate software. Many times such
types of software are bundled with
Spyware.
Keylogger (Keystroke Logger):
A keylogger is a program
that captures and logs keystrokes
on the computer without the user's
knowledge and consent. The logged
data is typically sent to a remote
attacker. The keylogger is usually
hidden from the user and may use cloaking
(Rootkit) technology to hide from
other software in order to evade easy
detection by anti-Spyware applications.
KillAV : KillAV
is a Trojan that tries to terminate
and/or remove any antivirus software
that is running on the computer.
Loader : Any
program designed to load another program.
Mail Bomber
: Software that will flood
a victim's inbox with hundreds or
thousands of pieces of mail. Such
mail generally does not correctly
reveal its source.
Mailer :
A program that creates and sends email
with forged headers, so that the source
of the mail it sends cannot be traced.
Mailfinder
: A tool which finds email
addresses on the internet for one
or more domains.
Malware :
Malware is a generic term for any
malicious software designed to
disrupt the working of a network.
Virus, worms and Trojans fall under
the category of Malware. Malware utilize popular communication
tools to spread, including worms sent
through email and instant messages,
Trojan horses dropped from web sites,
and virus-infected files downloaded
from peer-to-peer connections. Malware seek to exploit existing
vulnerabilities on systems making
their entry quiet and easy.
Mass Mailer
: Mass mailer can spread
through email by sending copies of
itself to everyone in the user's address
book. A mass mailer may consume a
large amount of system resources and
cause the machine to become noticeably
sluggish and unreliable.
Monitor :
Monitoring tools record each and every
activity that user does on his PC
by taking frequent snapshots and mailing
them to the designated email address.
NetTool : These are
programs which enables you to remotely
work on a computer in real time. Malware
programs take control of users’
PC and can view, send, read any other
program or information.
Notifier :
Any tool designed for stealth notification
of an attacker that a victim has installed
and run some pest. Such notification
might be done by FTP, SMS, SMTP, or
other method, and might contain a
variety of information. Often used
in combination with a Packer, a Binder
and a Downloader.
Nuker : Nuker is
a generic term for several TCP/IP
DoS attacks. In some cases, it selects
some folders and deletes them. Through
TCP/IP it sends packets to targeted
computers containing malicious programs
which may destroy some specified data.
P2P (Peer-to-peer):
Peer-to-peer (P2P) is a method of
file sharing over a network in which
individual computers are linked via
the Internet or a private network
to share programs/files, often illegally.
Many P2P programs bundle third-party
advertising programs, and are currently
the second largest source of virus,
Trojan and data mining infections.
Packed : Spyware
files which are compressed as they
make their work undetectable by anti-virus
products.
Packer :
A utility which compresses a file,
encrypting it in the process. It adds
a header that automatically expands
the file in memory, when it is executed,
and then transfers control to that
file.
Password Capture :
A variant of the keylogger that captures
passwords as they are entered or transmitted.
Some password captures Trojans impersonate
the login prompt, asking the user
to provide their password.
Password Cracker : A
tool to decrypt a password or password
file. Password crackers have legitimate
uses by security administrators, who
want to find weak passwords in order
to change them and improve system
security.
Password Cracking
Word List : A list of words
that a brute force password cracker
can use to muscle its way into a system.
Phreaking
Tool : Any
executable that assists in hacking
the phone system, such as by using
a sound card to imitate various audible
tones.
Ping-of-Death attack: A
ping of death (abbreviated “POD”) is
a type of attack on a computer that
involves sending a malformed or
otherwise malicious ping to a
computer. A ping is normally 64
bytes in size; many computer systems
cannot handle a ping larger than the
maximum IP packet size, which is
65,535 bytes. Sending a ping of this
size often crashes the target
computer.
Traditionally, this bug has been
relatively easy to exploit.
Generally, sending a 65,536 byte
ping packet is illegal according to
networking protocol, but a packet of
such a size can be sent if it is
fragmented; when the target computer
reassembles the packet, a buffer
overflow can occur, which often
causes a system crash. For more
information on this attack read RFC
791
Pornware : Pornware
is the generic term used to describe
malware-related programs that either
use the computer’s modem to
connect to pornographic pay-to-view
services, or download pornographic
content from the web, without the
consent of the user.
Port Scanner
: In hacker reconnaissance,
a port scan attempts to connect to
all 65536 ports on a machine in order
to see if anybody is listening on
those ports. Port scans
are always automated through tools
called Port Scanners.
Probe Tool
: A tool that explores another
system, looking for vulnerabilities.
While these can be used by security
managers, wishing to shore up their
security, the tools are as likely
used by attackers to evaluate where
to start an attack. An example is
an NT Security Scanner.
Proxy :
Proxy Trojan turns the victim's computer
into a proxy server. This gives the
attacker the opportunity to do everything
from your computer, including the
possibility of conducting credit card
fraud and other illegal activities,
or even to use system to launch
malicious attacks against other networks.
Normally, it:
1. Connect to some proxy site
2. Has proxy related information into
it
3. Sends mails via this proxy. So has
mail related info. Or SMTP port
4. Sending data out. (SYN_SENT)
PSW:
This family of Trojans steals passwords,
normally system passwords from victim
machines. They search for system files,
which contain confidential information
such as passwords and Internet access
telephone numbers and then send this
information to an email address coded
into the body of the Trojan. The ‘master’
or user of the illegal program will
then retrieve and misuse this information.
Most common behavior:
1. Ask for password using fake window
2. Change ICQ, MSN and AOL configuration
3. Get cached Windows passwords
PUP:
PUP or Potentially unwanted program
is a term used to describe unwanted
programs such as Trojans, Spyware
and Adware which come bundled along
with other malware.
RAT : A Remote Administration
Tool, or RAT, is a Trojan that when
run, provides an attacker with the
capability of remotely controlling
a machine via a ""client""
in the attacker's machine, and a ""server""
in the victim's machine.
RemoteAdmin
: These are programs which
enables you to remotely work on a
computer in real time. Malware programs
take control of users’ PC and
can view, send, read any other program
or information.
RiskTool :
This is an application that is not
necessarily harmful if properly installed
by the user or administrator of the
PC, but which could be harmful or
disruptive to the user, PC, or network
if deployed by unauthorized parties
for potentially malicious purposes.
Rootkit :
A Rootkit is a collection of tools
(programs) that enable administrator-level
(root) access to a computer or computer
network. A Rootkit may consist of
spyware and other programs that: monitor
traffic and keystrokes; create a "backdoor"
into the system for the hacker's use;
alter log files; attack other machines
on the network; and alter existing
system tools to escape detection.
They are usually hidden and difficult
to clean as they ingranulate deeply
within the Registry and system files.
Search Hijacker:
Any software that resets your browser's
settings to point to other sites when
you perform a search. Hijacks may
reroute your info and address requests
through an unseen site, capturing
that info. In such hijacks, your browser
may behave normally, but be slower.
Search results when such a hijacker
is running will sometimes differ from
non-hijacked results.
SMS :
This malware pretends to allow users
to visit WAP sites without using a
WAP connection or other programs by
sending and receiving free SMSs but
in fact sends SMS at premium rate
numbers at $5-$6 per SMS.
Sniffer :
A program and/or device that monitors
data traveling over a network. Sniffers
can be used both for legitimate network
management functions and for stealing
information off a network. Unauthorized
sniffers can be extremely dangerous
to a network's security because they
are virtually impossible to detect
and can be inserted almost anywhere.
Sniffer may be able to read the data
in the packet as well as the source
and destination addresses.
SpamTool :
This program is designed to send spam
to email addresses harvested from
the victim computer. In addition to
wasting people's time with unwanted
e-mail, spam also eats up a lot of
network bandwidth. When sending spam
e-mails, the Trojan can generate fake
senders e-mail addresses automatically.
It is remotely controlled and can
upgrade its file from Internet.
Spoofer :
To spoof is to forge your identity. These attacks
use spoofed packets against amplifiers
in order to overload the victim's
connection. This is done by sending
a single packet to a broadcast address
with the victim as the source address.
All the machines within the broadcast
domain then respond back to the victim,
overloading the victim's Internet
connection. Since smurfing accounts
for more than half the traffic on
some backbones, ISPs are starting
to take spoofing seriously and have
started implementing measures within
their routers that verify valid source
addresses before passing the packets.
Spyware:
Any software that covertly gathers
user information through the user's
Internet connection without his or
her knowledge, usually for advertising
purposes. Spyware applications are
typically bundled as a hidden component
of freeware or shareware programs
that can be downloaded from the Internet.
Once installed, the spyware monitors
user activity on the Internet and
transmits that information in the
background to someone else. Spyware
can also gather information about
e-mail addresses and even passwords
and credit card numbers.
StartPage:
This Trojan modifies the
configuration of Microsoft Internet
Explorer without the knowledge or
consent of the user.
Surveillance
: Any software designed to
use a webcam, microphone, screen capture,
or other approaches to monitor and
capture information. Some such software
will transmit this captured information
to a remote source.
Telnet Server
: Software that allows a
remote user of a Telnet client to
connect as a remote terminal from
anywhere on the Internet and control
a computer in which the server software
is running.
Toolbar :
A Toolbar is a type of browser plug-in
that adds a third-party utility bar
to the web browser, usually just below
or next to the browser's address bar.
A Toolbar typically has a search function
and provides search results for paid
advertisers.
Tracking Cookies
: Tracking cookies allow
multiple web sites to store and access
records that may contain personal
information (including surfing habits,
user names and passwords, areas of
interest, etc.), and subsequently
share this information with other
web sites and marketing firms.
Trackware
: Programs that track system
activity, gather system information,
or track user habits and relay this
information to third-party organizations.
Trojan : A
destructive program that masquerades
as a benign application. Unlike viruses,
Trojan horses do not replicate themselves
but they can be just as destructive.
One of the most insidious types of
Trojan horse is a program that claims
to rid your computer of viruses but
instead introduces viruses onto your
computer.
Trojan Horse
: A Trojan Horse portrays
itself as something other than what
it is at the point of execution. While
it may advertise its activity after
launching, this information is not
apparent to the user beforehand. A
Trojan Horse neither replicates nor
copies itself, but causes damage or
compromises the security of the computer.
A Trojan Horse must be sent by someone
or carried by another program and
may arrive in the form of a joke program
or software of some sort. The malicious
functionality of a Trojan Horse may
be anything undesirable for a computer
user, including data destruction or
compromising a system by providing
a means for another computer to gain
access, thus bypassing normal access
controls.
Usage Track
: Usage tracks permit any
user (or their software agent) with
access to your computer to see what
you've been doing. Such tracks benefit
you if you have left the tracks, but
might benefit another user as well.
VirTool :
Any program intended to be used to
create viruses, accepting user input
to make the created viruses different
from others created by the program.
Virus Creation
Tool : A program designed
to generate viruses. Even early virus
creation tools were able to generate
hundreds or thousands of different,
functioning viruses, which were initially
undetectable by current scanners.
Virus: A computer
virus is a computer program that can
copy itself and infect a computer
without permission or knowledge of
the user. A virus might corrupt or
delete data on your computer, use
your e-mail program to spread itself
to other computers, or even erase
everything on your hard disk. It often
attaches itself to an executable file
or an application. A computer virus
is not standalone and needs a host
file or program to work or replicate.
War Dialer : (demon-dialling,
carrier-scanning) War-dialing was
popularized in the 1983 movie War
Games. It is the process of dialing
all the numbers in a range in order
to find any machine that answers.
Many corporations have desktop computers
with attached modems; attackers can
dial in order to break into the desktop,
and thereafter the corporation.
WebToolbar
: A group of buttons which
perform common tasks. A toolbar for
Internet Explorer is normally located
below the menu bar at the top of the
form. Toolbars may be created by Browser
Helper Objects. They allow malware
programs to monitor internet activities.
Worm : A
Worm is a malicious program that spreads
itself without any user intervention.
Worms are self-replicating. Worms
spread without attaching to or infecting
other programs and files. A Worm can
spread across computer networks via
security holes on vulnerable machines
connected to the network. Worms can
also spread through email by sending
copies of itself to everyone in the
user's address book. A Worm may consume
a large amount of system resources
and cause the machine to become noticeably
sluggish and unreliable.
Worm Creation
Tool : A program designed
to generate worms. Worm creation tools
can often generate hundreds or thousands
of different, functioning worms, most
of which are initially undetectable
by current scanners.
|
Submit
a Threat
Request
for Software to be Removed from our Database
