ActiveX control
A sofware component of Microsof Windows that can be used to create and distribute
small applications through Internet Explorer. ActiveX controls can be developed and used
by sofware to perform functions that would otherwise not be available using normal
Internet Explorer capabilities. Because ActiveX controls can be used to perform a wide
variety of functions, including downloading and running programs, vulnerabilities discov-
ered in them may be exploited by malware. In addition, cybercriminals may also develop
their own ActiveX controls, which can do damage to a system if a user visits a Web page
that contains the malicious ActiveX control.
adware
A program that displays advertisements. While some adware can be benefcial by subsi-
dizing a program or service, other adware programs may display advertisements without
adequate consent.
backdoor trojan
A type of trojan that provides attackers with remote access to infected computers. Bots are
a sub-category of backdoor trojans. Also see botnet.
bot-herder
An operator of a botnet.
botnet
A set of computers controlled by a “command-and-control” (C&C) computer to execute
commands as directed. Te C&C computer can issue commands directly (ofen through
Internet Relay Chat [IRC]) or by using a decentralized mechanism, like peer-to-peer (P2P)
networking. Computers in the botnet are ofen called nodes or zombies.
browser modifier
A program that changes browser settings, such as the home page, without adequate con-
sent. Tis also includes browser hijackers.
CCM
Short for computers cleaned per mil (thousand). Te number of computers cleaned for
every 1,000 executions of the MSRT. For example, if the MSRT has 50,000 executions in a
particular location in January and removes infections from 500 computers, the CCM for
that location in January is 10.0. Te CCM for a multiple-month period is derived by aver-
aging the CCM for each month in the period.
clean
To remove malware or potentially unwanted sofware from an infected computer. A single
cleaning can involve multiple disinfections
disclosure
Revelation of the existence of a vulnerability to a third party. Also see responsible disclosure.
disinfect
To remove a malware or potentially unwanted sofware component from a computer or to
restore functionality to an infected program. Compare clean.
downloader/dropper
See trojan downloader/dropper.
exploit
Malicious code that takes advantage of sofware vulnerabilities to infect a computer.
firewall
A program or device that monitors and regulates trafc between two points, such as a
single computer and the network server, or one server to another.
IFrame
Short for inline frame. An IFrame is an HTML document that is embedded in another
HTML document. Because the IFrame loads another Web page, it can be used by crimi-
nals to place malicious HTML content, such as a script that downloads and installs spy-
ware, into non-malicious HTML pages hosted by trusted Web sites.
in the wild
Said of malware that is currently detected in active computers connected to the Internet,
as compared to those confned to internal test networks, malware research laboratories, or
malware sample lists.
keylogger
See password stealer (PWS).
malware
Malicious sofware or potentially unwanted sofware installed without adequate user
consent.
malware impression
A single instance of a user attempting to visit a site known to host malware, and being
blocked by the SmartScreen Filter in Internet Explorer 8. Also see phishing impression.
monitoring tool
Sofware that monitors activity, usually by capturing keystrokes or screen images. It may
also include network snifng sofware. Also see password stealer (PWS).
parser vulnerability
A vulnerability in the way an application processes, or parses, a fle of a particular format,
which can be exploited through the use of a specially crafed fle. Also see vulnerability.
password stealer (PWS)
Malware that is specifcally used to transmit personal information, such as user names and
passwords. A PWS ofen works in conjunction with a keylogger, which sends keystrokes or
screen shots to an attacker. Also see monitoring tool.
payload
Te actions conducted by a piece of malware for which it was created. Tis can include,
but is not limited to, downloading fles, changing system settings, displaying messages, and
logging keystrokes.
phishing
A method of identity thef that tricks Internet users into revealing personal or fnancial
information online. Phishers use phony Web sites or deceptive e-mail messages that mimic
trusted businesses and brands to steal personally identifable information (PII), such as
user names, passwords, credit card numbers, and identifcation numbers.
phishing impression
A single instance of a user attempting to visit a known phishing site, with Internet Explorer
7 or Internet Explorer 8, and being blocked by the Phishing Filter or SmartScreen Filter.
Also see malware impression.
potentially unwanted software
A program with potentially unwanted behavior that is brought to the user’s attention for
review. Tis behavior may impact the user’s privacy, security, or computing experience.
remote control software
A program that provides access to a computer from a remote location. Tese programs are
ofen installed by the computer owner or administrator and are only a risk if unexpected.
responsible disclosure
Te practice of disclosing vulnerabilities privately to an afected vendor so it can develop
a comprehensive security update to address the vulnerability before it becomes public
knowledge.
rogue security software
Sofware that appears to be benefcial from a security perspective but provides limited or
no security capabilities, generates a signifcant number of erroneous or misleading alerts,
or attempts to socially engineer the user into participating in a fraudulent transaction.
Sender ID Framework
An Internet Engineering Task Force (IETF) protocol developed to authenticate e-mail to
detect spoofng and forged e-mail with the typical tactic to drive users to phishing Web
sites and to download malicious sofware.
social engineering
A technique that defeats security precautions in place by exploiting human vulnerabilities.
Social engineering scams can be both online (such as receiving e-mails that ask you to
click the attachment, which is actually malware) and ofine (such as receiving a phone call
from someone posing as a representative from your credit card company). Regardless of
the method selected, the purpose of a social engineering attack remains the same—to get
the targeted user to perform an action of the attacker’s choice.
spam
Bulk unsolicited e-mail. Malware authors may use spam to distribute malware, either by
attaching the malware to the message or by sending a message containing a link to the
malware. Malware may also harvest e-mail addresses for spamming from compromised
machines or may use compromised machines to send spam.
spear phishing
Phishing that targets a specifc person, organization, or group, containing additional infor-
mation associated with that person, organization, or group to lure the target further into a
false sense of security to divulge more sensitive information.
spyware
A program that collects information, such as the Web sites a user visits, without adequate
consent. Installation may be without prominent notice or without the user’s knowledge.
SQL injection
A technique in which an attacker enters a specially crafed Structured Query Language
(SQL) statement into an ordinary Web form. If form input is not fltered and validated
before being submitted to a database, the malicious SQL statement may be executed, which
could cause signifcant damage or data loss.
tool
Sofware that may have legitimate purposes but may also be used by malware authors or
attackers.
trojan
A generally self-contained program that does not self-replicate but takes malicious action
on the computer.
trojan downloader/dropper
A form of trojan that installs other malicious fles to the infected system either by down-
loading them from a remote computer or by dropping them directly from a copy con-
tained in its own code.
virus
Malware that replicates, commonly by infecting other fles in the system, thus allowing the
execution of the malware code and its propagation when those fles are activated.
vulnerability
A weakness, error, or poor coding technique in a program that may allow an attacker to
exploit it for a malicious purpose. Also see parser vulnerability.
vulnerability broker
A company or other entity that provides sofware vendors with vulnerability information
provided to it by external security researchers. In exchange for such compensation as the
broker may provide, the security researchers agree not to disclose any information about
the vulnerability to anyone other than the broker and the afected vendor.
whaling
Phishing that targets senior executives and other high-ranking people within a company
or group.
wild
See in the wild.
worm
Malware that spreads by spontaneously sending copies of itself through e-mail or by using
other communication mechanisms, such as instant messaging (IM) or peer-to-peer (P2P)
applications.
• Microsoft Security Intelligence Report volume 6 (July - December 2008)
© 2009 WFB. All Rights Reserved.
A sofware component of Microsof Windows that can be used to create and distribute
small applications through Internet Explorer. ActiveX controls can be developed and used
by sofware to perform functions that would otherwise not be available using normal
Internet Explorer capabilities. Because ActiveX controls can be used to perform a wide
variety of functions, including downloading and running programs, vulnerabilities discov-
ered in them may be exploited by malware. In addition, cybercriminals may also develop
their own ActiveX controls, which can do damage to a system if a user visits a Web page
that contains the malicious ActiveX control.
adware
A program that displays advertisements. While some adware can be benefcial by subsi-
dizing a program or service, other adware programs may display advertisements without
adequate consent.
backdoor trojan
A type of trojan that provides attackers with remote access to infected computers. Bots are
a sub-category of backdoor trojans. Also see botnet.
bot-herder
An operator of a botnet.
botnet
A set of computers controlled by a “command-and-control” (C&C) computer to execute
commands as directed. Te C&C computer can issue commands directly (ofen through
Internet Relay Chat [IRC]) or by using a decentralized mechanism, like peer-to-peer (P2P)
networking. Computers in the botnet are ofen called nodes or zombies.
browser modifier
A program that changes browser settings, such as the home page, without adequate con-
sent. Tis also includes browser hijackers.
CCM
Short for computers cleaned per mil (thousand). Te number of computers cleaned for
every 1,000 executions of the MSRT. For example, if the MSRT has 50,000 executions in a
particular location in January and removes infections from 500 computers, the CCM for
that location in January is 10.0. Te CCM for a multiple-month period is derived by aver-
aging the CCM for each month in the period.
clean
To remove malware or potentially unwanted sofware from an infected computer. A single
cleaning can involve multiple disinfections
disclosure
Revelation of the existence of a vulnerability to a third party. Also see responsible disclosure.
disinfect
To remove a malware or potentially unwanted sofware component from a computer or to
restore functionality to an infected program. Compare clean.
downloader/dropper
See trojan downloader/dropper.
exploit
Malicious code that takes advantage of sofware vulnerabilities to infect a computer.
firewall
A program or device that monitors and regulates trafc between two points, such as a
single computer and the network server, or one server to another.
IFrame
Short for inline frame. An IFrame is an HTML document that is embedded in another
HTML document. Because the IFrame loads another Web page, it can be used by crimi-
nals to place malicious HTML content, such as a script that downloads and installs spy-
ware, into non-malicious HTML pages hosted by trusted Web sites.
in the wild
Said of malware that is currently detected in active computers connected to the Internet,
as compared to those confned to internal test networks, malware research laboratories, or
malware sample lists.
keylogger
See password stealer (PWS).
malware
Malicious sofware or potentially unwanted sofware installed without adequate user
consent.
malware impression
A single instance of a user attempting to visit a site known to host malware, and being
blocked by the SmartScreen Filter in Internet Explorer 8. Also see phishing impression.
monitoring tool
Sofware that monitors activity, usually by capturing keystrokes or screen images. It may
also include network snifng sofware. Also see password stealer (PWS).
parser vulnerability
A vulnerability in the way an application processes, or parses, a fle of a particular format,
which can be exploited through the use of a specially crafed fle. Also see vulnerability.
password stealer (PWS)
Malware that is specifcally used to transmit personal information, such as user names and
passwords. A PWS ofen works in conjunction with a keylogger, which sends keystrokes or
screen shots to an attacker. Also see monitoring tool.
payload
Te actions conducted by a piece of malware for which it was created. Tis can include,
but is not limited to, downloading fles, changing system settings, displaying messages, and
logging keystrokes.
phishing
A method of identity thef that tricks Internet users into revealing personal or fnancial
information online. Phishers use phony Web sites or deceptive e-mail messages that mimic
trusted businesses and brands to steal personally identifable information (PII), such as
user names, passwords, credit card numbers, and identifcation numbers.
phishing impression
A single instance of a user attempting to visit a known phishing site, with Internet Explorer
7 or Internet Explorer 8, and being blocked by the Phishing Filter or SmartScreen Filter.
Also see malware impression.
potentially unwanted software
A program with potentially unwanted behavior that is brought to the user’s attention for
review. Tis behavior may impact the user’s privacy, security, or computing experience.
remote control software
A program that provides access to a computer from a remote location. Tese programs are
ofen installed by the computer owner or administrator and are only a risk if unexpected.
responsible disclosure
Te practice of disclosing vulnerabilities privately to an afected vendor so it can develop
a comprehensive security update to address the vulnerability before it becomes public
knowledge.
rogue security software
Sofware that appears to be benefcial from a security perspective but provides limited or
no security capabilities, generates a signifcant number of erroneous or misleading alerts,
or attempts to socially engineer the user into participating in a fraudulent transaction.
Sender ID Framework
An Internet Engineering Task Force (IETF) protocol developed to authenticate e-mail to
detect spoofng and forged e-mail with the typical tactic to drive users to phishing Web
sites and to download malicious sofware.
social engineering
A technique that defeats security precautions in place by exploiting human vulnerabilities.
Social engineering scams can be both online (such as receiving e-mails that ask you to
click the attachment, which is actually malware) and ofine (such as receiving a phone call
from someone posing as a representative from your credit card company). Regardless of
the method selected, the purpose of a social engineering attack remains the same—to get
the targeted user to perform an action of the attacker’s choice.
spam
Bulk unsolicited e-mail. Malware authors may use spam to distribute malware, either by
attaching the malware to the message or by sending a message containing a link to the
malware. Malware may also harvest e-mail addresses for spamming from compromised
machines or may use compromised machines to send spam.
spear phishing
Phishing that targets a specifc person, organization, or group, containing additional infor-
mation associated with that person, organization, or group to lure the target further into a
false sense of security to divulge more sensitive information.
spyware
A program that collects information, such as the Web sites a user visits, without adequate
consent. Installation may be without prominent notice or without the user’s knowledge.
SQL injection
A technique in which an attacker enters a specially crafed Structured Query Language
(SQL) statement into an ordinary Web form. If form input is not fltered and validated
before being submitted to a database, the malicious SQL statement may be executed, which
could cause signifcant damage or data loss.
tool
Sofware that may have legitimate purposes but may also be used by malware authors or
attackers.
trojan
A generally self-contained program that does not self-replicate but takes malicious action
on the computer.
trojan downloader/dropper
A form of trojan that installs other malicious fles to the infected system either by down-
loading them from a remote computer or by dropping them directly from a copy con-
tained in its own code.
virus
Malware that replicates, commonly by infecting other fles in the system, thus allowing the
execution of the malware code and its propagation when those fles are activated.
vulnerability
A weakness, error, or poor coding technique in a program that may allow an attacker to
exploit it for a malicious purpose. Also see parser vulnerability.
vulnerability broker
A company or other entity that provides sofware vendors with vulnerability information
provided to it by external security researchers. In exchange for such compensation as the
broker may provide, the security researchers agree not to disclose any information about
the vulnerability to anyone other than the broker and the afected vendor.
whaling
Phishing that targets senior executives and other high-ranking people within a company
or group.
wild
See in the wild.
worm
Malware that spreads by spontaneously sending copies of itself through e-mail or by using
other communication mechanisms, such as instant messaging (IM) or peer-to-peer (P2P)
applications.
• Microsoft Security Intelligence Report volume 6 (July - December 2008)
© 2009 WFB. All Rights Reserved.
Comments
Post a Comment