Cybersecurity Glossary
Terms often used in discussions of cyber security, briefly defined.
Glossary
Advanced Persistent Threat (APT)
Continuous hacking process conducted over a long period of time, often unnoticed, to gain access to a network and steal data. The targets are usually national or government institutions. In a simple attack, the intruder tries to get in and out of the system as quickly as possible. Due to the sustained period of an APT attack, the intruder employs sophisticated evasion techniques to remain unnoticed.
Advanced Persistent Threat (APT) Groups
Like other attackers, APT groups try to steal data, disrupt operations and destroy infrastructure. Unlike most cyber criminals, APT attackers pursue their objectives over months or years. They adapt to cyber defenses and frequently retarget the same victim. APT Groups receive direction and support from an established nation state.
APT39 – Suspected attribution: Iran
Target sectors: Telecommunications, Travel industry and IT firms that support it and the high-tech industry.
APT34 – Suspected attribution: Iran
Target sectors: Financial, government, energy, chemical, and telecommunications, and has largely focused its operations within the Middle East
Advanced Persistent Threat (APT)
Continuous hacking process conducted over a long period of time, often unnoticed, to gain access to a network and steal data. The targets are usually national or government institutions. In a simple attack, the intruder tries to get in and out of the system as quickly as possible. Due to the sustained period of an APT attack, the intruder employs sophisticated evasion techniques to remain unnoticed.
Adware
Adware covers programs designed to display advertisements (usually in the form of banners), redirect search requests to advertising websites, and collect marketing-type data about the user in order to display customized advertising on the computer. Other than displaying advertisements and collecting data, these types of program generally do not make their presence in the system known: there will be no signs of the program in the system tray, and no indication in the program menu that files have been installed. Often, Adware programs do not have any uninstall procedures and use technologies which border on virus technology to help the program stealthily penetrate the computer and run unnoticed.
AirDroid
Check Point researchers have revealed a vulnerability in AirDroid, a device manager application which allows users to access their Android devices through their computers. The flaw allows an attacker to steal data from unsuspecting users by the following procedure: an attacker sends an SMS or its equivalent which contain a malicious payload to his victim, masqueraded as a legitimate contact. The user then saves the contact to his device, allowing the malicious payload to exploit a vulnerability in the AirDroid application. Once exploited, the App enables the attackers to execute code on the device in order to steal data. This vulnerability affects all AirDroid users around the globe, an estimated number of 50 million.
Alman
The McDonald’s India app, McDelivery, leaked the personal data of over 2.2 million customers, including name, email address, phone number, home address and social profiles. The leak is the result of an unsecured public API. Although McDelivery acknowledged the issue on February 13, as of March 17, the fix had not yet been completed and the app was still leaking customer data.
Anonymous
A group of activist hackers first identified in 2003. Members of the group wear Guy Fawkes masks to hide their identities, and the group’s logo is an image of a man in a suit with a question mark in place of a head. Anonymous has a very loose and decentralized command structure and operates on ideas rather than directives, thus making it easy for people to identify with the group. Anonymous consists of both beginners and expert hackers. The group gained notoriety with a series of well-publicized stunts as well as DDOS attacks on government, religious and corporate websites.
Anti-Bot
Anti-Bot Software detects bot-infected machines, prevents bot damages by blocking bot C&C communications.
Antivirus
Antivirus, anti-virus, or AV software is computer software used to prevent, detect and remove malicious computer viruses. Most software described as antivirus also works against other types of malware, such as malicious Browser Helper Objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious LSPs, dialers, fraudtools, adware and spyware.
Application Firewall
An application firewall is a form of firewall which controls input, output, and/or access from, to, or by an application or service. It operates by monitoring and potentially blocking the input, output, or system service calls which do not meet the configured policy of the firewall. The application firewall is typically built to control all network traffic on any OSI layer up to the application layer. It is able to control applications or services specifically, unlike a stateful network firewall which is – without additional software – unable to control network traffic regarding a specific application.
Arp Poisoning
Sending spoofed Address Resolution Protocol (ARP) messages to manipulate the traffic flow between random machines under a local area network. This type of attack enables the operator to associate his Mac address with an IP address of a host in the network. He can then reroute traffic meant for that IP address through a malicious node, where it can be monitored, intercepted and deleted.
Asymmetric-Key Encryption
An encryption system in which two separate keys are used to encrypt and decrypt the data sent to ensure the secure transfer, also known as public key encryption. First, a user receives a public and private key pair from a legal certificate authority. Another user who wishes to send an encrypted message gets the intended recipient’s public key from a public directory. This key is used to encrypt the message and send it to the recipient. When the recipient receives the message, he decrypts it with his private key, which only he can access.
Attack
An attempt to alter, destroy, steal, expose or gain unauthorized access to an asset. There are two types or approaches: passive attacks, such as port scanning, and active attacks, such as DDoS. The attack vector is the path or means by which the attacker can perform the attack such as viruses, malicious emails, and compromised web pages. The attack mechanism is the method used to deliver the exploit, and may include a payload or container.
Backdoor
A method used to bypass the normal authentication process to gain access to a system. A programmer sometimes installs backdoors so that the program can be accessed for troubleshooting; however, attackers use backdoors to gain unauthorized access to a computer.
Bancos
Banker which steals financial information, using keylogging to record the victim’s credentials as they are entered on a targeted bank webpage. Bancos can also supplement or replace a legitimate bank login page with a fake webpage. The Trojan is active primarily in Latin America, particularly in Brazil, and is spread mostly via phishing.
Banking Trojan
A banking Trojan gathers account information about customers from banking systems, e-payments systems or credit cards. Common methods used to steal this information include man-in-the-browser keylogging or form grabbing that retrieves credentials before they get to their intended destination.
Bash
Bash is a command processor, typically run in a text window, allowing the user to type commands which cause actions. Bash can also read commands from a file, called a script. Users direct the operation of the computer by entering commands as text for a command line interpreter to execute, or by creating text scripts of one or more such commands. Bash is a Unix shell that has been distributed widely as the shell for the GNU operating system and as a default shell on Linux and Mac OS X.
BitCoin
A form of digital currency that is created and held electronically. It was invented by Satoshi Nakamoto, and no authority controls the currency or prints new bills. New BitCoins are produced by active computers around the world, an action known as mining. Payments are transferred on a peer-to-peer basis, without an intermediary or a bank. As no bank account or any other personal account requiring private information is involved, Payment via BitCoin is fast and anonymous, and is often used for illegal business and communications. The amount of BitCoins held by a particular BitCoin address during a transaction is available, but the identity of the account owner remains concealed. BitCoins are a favorite currency for ransomware demands.
BitLocker
Full-disc encryption included in post Vista versions of Windows (Ultimate version) that helps protect a machine from offline attacks. By default, BitLocker uses AES algorithms in Cypher Block Chaining Mode (CBS). BitLocker is most efficient when installed on a computer equipped with TPM (Trusted Platform Module – a chip that stores cryptographic information). When the computer is turned on, the TPM releases the key that unlocks the encrypted partitions. If there is an attempt to remove the disk from the computer, BitLocker does not unlock the files and the data remains encrypted. BitLocker can also be used without TPM: the decryption keys are stored on an external flash disk, or with user authentication mode.
BlackHat
A deceptive user who attempts to break into a computer system or computer network. BlackHat hackers are often referred to as Crackers” by the members of the security and computers industries. Their goal is to steal, destroy, or modify data on the targeted system, leaving the network inaccessible for authorized users.
BlackList
An access control mechanism which lets all entities pass except those explicitly singled out. A Blacklist contains different kinds of objects as email addresses, users, URLs, IP addresses, software, etc. Blacklists are set up to help prevent unwanted messages from entering a user’s inbox, unwanted programs from being used in a network, unwanted sites from being accessed by users etc. For example, a company can prevent employees from accessing a list of web sites.
BootKit
A BootKit infects the Master Boot Record (MBR) or Volume Boot Record (VBR.) The MBR is called by the BIOS at start-up, before the activation of the operating system, and contains information on the file system. As soon as the MBR is called, the BootKit executes its code and gains access to the operating system and files at the kernel level. It can also bypass full volume encryption. Anti-virus and operating systems have difficulty detecting and deleting BootKits, as their files are located outside of the regular file system.
Bosuoa
Android malware, which disguise itself as a legitimate mobile application, but instead sends multiple premium SMS messages to certain predefined numbers, which lead to significant costs.
Bot
Short for “robot,” a computer that has been infected with a Trojan horse or virus that allows a third party to control some or all of the machine’s functions. Synonymous with zombie.
Botnet
A botnet is a network of computers, usually controlled via a command and control (C&C) server, for illicit purposes such as DDoS attacks, mining Bitcoins, mail spam, etc. A single compromised computer in the network is referred to as a bot when it executes malware that has penetrated the system.
Brute Force (Brute Force Attack)
A cryptanalytic attack that can be used against encrypted data, and is conducted mostly when other vulnerabilities cannot be exploited. The attacker tries a list of different passwords, words, or letters until he manages to break into the targeted system or account. A simple attack may use a dictionary of all words or commonly used passwords which are tried sequentially until access is gained. A complex attack tries every key combination until the correct password is found.
Buffer Overflow
When a program writing data to a buffer exceeds the buffer’s limit and overwrites neighboring memory locations. This is a special case of memory safety violation, which is the basis of many software vulnerabilities and can be maliciously exploited. Buffer overflows can be triggered by inputs that are designed to execute code, or modify the way the program operates. These actions might result in unpredictable program behavior, including memory access errors, incorrect results, a crash, or a breach of system security as information stealing. Buffer overflows can be prevented by bounds checking of data written to a buffer.
Bug
A software bug is an error, flaw, failure, or fault in a computer program or system that causes it to produce an incorrect or unexpected result, or to behave in unintended ways. Some bugs have only a subtle effect on the program’s functionality, and may thus lie undetected for a long time. More serious bugs may cause the program to crash or freeze. Others qualify as security bugs and might for example enable a malicious user to bypass access controls in order to obtain unauthorized privileges.
Cache Poisoning
Malicious or misleading data from a remote name server is saved [cached] by another name server. Typically used with DNS cache poisoning attacks.
Carberp
Sophisticated Banking Trojan botnet which targets remote banking and payment systems. Carberp is designed to steal user credentials and monitor user browsing activities, and is based on modules, which can be downloaded separately to the victim machine. It is estimated that the botnet was coded by a group of highly skilled Russian actors. In 2013, the Carberp source code was leaked and made available for download on various forums.
Catfish
A fake online profile or identity. For example, someone could create a fake profile on an online dating website to have online relationships with one or more people and ultimately extort money from them.
Cerber
An offline ransomware, meaning that it does not need to communicate with its C&C server before encrypting files on an infected machine. It is spread mostly via malvertising campaigns which leverage exploit kits, but also through spam campaigns. It is operated by its author as a ransomware as-a-service; the author recruits affiliates to spread the malware for a share of the ransom payment.
Certificate (Certification), (Digital Certificate)
An electronic document that allows a person, computer or organization to exchange information securely over the Internet using the public key infrastructure (PKI). This document contains information about the key, the owner’s identity, and the digital signature of an entity that has verified that the certificate’s contents are correct. The Transport Layer Security (TLS, sometimes called by its older name SSL, Secure Sockets Layer) uses certificates to prevent an attacker from impersonating a secure website or other server. Certificates may also be used as a verification tool in different applications as email encryption and code signing.
Certificate Authority
A trusted entity that issues digital certificates. Although anyone who wishes can produce digital certificates and secure its own communications, most e-commerce websites use certificates issued by trusted and known certificate authorities. The longer a certificate authority is active, the more browsers and devices trust its certificates. The certificate authority is actually a third-party object trusted by both sides of the communication.
Cipher
An algorithm for encrypting or encoding data. The cipher usually depends on a unique piece of information, called a key. A ciphertext is the result from encoding readable data with a cipher. Without knowledge of the key, it is extremely difficult, if not impossible, to decrypt the ciphertext into readable plaintext. Examples of well-known ciphers are Caesar, RSA and AES.
Cloud Hopper
Malware campaign associated to a known Chinese APT group dubbed APT10 and aimed to gain network access and persistence for sensitive information gathering by targeting managed security service providers (MSSP), as an entry point to their customers networks. The malware is deployed based on remote access to the organization network, and the obtained access is leveraged by the attackers to collect sensitive data.
Cloud Security
Cloud security refers to the technologies, policies, controls, and services that protect the data, applications, and infrastructure in the cloud from insider and cyber threats. Though cloud providers extend certain security features and services, supplemental cloud security solutions aid in securing network, workloads, applications and data, to prevent your cloud environments from breaches, data leaks, and targeted attacks. According to the Shared Responsibility Model, the provider is responsible for the security, maintenance and management of the cloud provider’s infrastructure, compute and storage, while the cloud consumer is responsible for securing their own workloads, applications, and data in the cloud.
Conficker
Worm that allows remote operations and malware download. The infected machine is controlled by a botnet, which contacts its Command & Control server to receive instructions.
Cryptoload
Downloader, used mainly to download ransomware to the victim machine. Cryptoload is usually sent within archive files as attachments in spam campaigns, and has been previously used to download Cryptowall ransomware, TeslaCrypt ransomware and Locky ransomware, as well as Fareit Info-stealer.
CryptoWall
Ransomware that started as a Cryptolocker doppelgänger, but eventually surpassed it. After the takedown of Cryptolocker, CryptoWall became one of the most prominent ransomwares to date. CryptoWall is known for its use of AES encryption and for conducting its Command & Control communications over the Tor anonymous network. It is widely distributed via exploit kits, malvertising and phishing campaigns.
Cyber Attack
A cyber attack is a strike against a computer system, network, or internet-enabled application or device. Hackers use a variety of tools to launch attacks, including malware, ransomware, exploit kits, and other methods.
Cybersecurity
Cybersecurity refers to the use of network architecture, software, and other technologies to protect organizations and individuals from cyber attacks. The objective of cybersecurity is to prevent or mitigate harm to – or destruction of – computer networks, applications, devices, and data.
Data Loss Prevention (DLP)
Data loss or data leak prevention solution is a system that is designed to detect potential data breach / data ex-filtration transmissions and prevent them by monitoring, detecting and blocking sensitive data while in-use (endpoint actions), in-motion (network traffic), and at-rest (data storage). In data leakage incidents, sensitive data is disclosed to unauthorized personnel either by malicious intent or inadvertent mistake. Such sensitive data can come in the form of private or company information, intellectual property (IP), financial or patient information, credit-card data, and other information depending on the business and the industry.
Denial-of-service attack (DoS)
An attempt to make a single machine, web server or network resource unavailable to its intended users. The attack results in interrupted or suspended services of a host connected to the Internet. The most common type of DoS attack is the distributed denial-of-service (DDoS), in which there is more than one attack source and often thousands of unique IP addresses. The use of such a massive attack resource usually depends on a botnet network. Even though a DoS attack does not usually result in the theft of information, it can cost the targeted enterprise or person a great deal of time and money.
Dorkbot
IRC-based Worm designed to allow remote code execution by its operator, as well as download additional malware to the infected system, with the primary motivation being to steal sensitive information and launch denial-of-service attacks. It install a user-mode rootkit to prevent viewing or tampering with its files and modifies the registry to ensure that it executes each time the system starts. It will send messages to all of the infected user’s contacts, or hijack an existing thread, to contain a link to the worm’s copy.
Dorvku
Malware which targets Windows operating system users. Dorvku collects system information and sends it to a remote server. It also collects sensitive information from targeted web browsers, and accepts commands to perform malicious activities on the infected system.
DoS Defense System
More focused on the problem than IPS, a DoS Defense System (DDS) is able to block connection-based DoS attacks and those with legitimate content but bad intent. A DDS can also address both protocol attacks (such as Teardrop and Ping of death) and rate-based attacks (such as ICMP floods and SYN floods).
Dridex
Banking malware that leverages macros in Microsoft Office to infect systems. Once a computer is infected, Dridex attackers steal banking credentials and other personal information to gain access to the user’s financial records. It is spread through malicious spam e-mail with a Microsoft Word document attachment. Dridex first steals banking credentials and then attempts to generate fraudulent financial transactions.
Encapsulation
The inclusion of one data structure within another structure so that the first data structure is hidden for the time being.
Encryption
Cryptographic transformation of data (called “plaintext”) into a form (called “cipher text”) that conceals the data’s original meaning to prevent it from being known or used.
Exploit
An exploit (from the English verb to exploit, meaning “using something to one’s own advantage”) is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). Such behavior frequently includes things like gaining control of a computer system, allowing privilege escalation, or a denial-of-service attack.
Fireball
Browser-hijacker that can be turned into a full-functioning malware downloader. It is capable of executing any code on the victim machines, resulting in a wide range of actions from stealing credentials to dropping additional malware.
Gamarue
Used to download and install new versions of malicious programs, including Trojans and Adware, on victim computers.
Hacker Defender
User-mode Rootkit for Windows, can be used to hide files, processes and registry keys, and also implements a backdoor and port redirector that operates through TCP ports opened by existing services. This means it is not possible to find the hidden backdoor through traditional means.
Hacktivism
Derived from combining the words ‘Hack’ and ‘Activism’, hacktivism is the act of hacking, or breaking into a computer system, for politically or socially motivated purposes. The individual who performs an act of hacktivism is said to be a hacktivist.
Hiddad
Android malware which repackages legitimate apps and then released them to a third-party store. Its main function is displaying ads, however it is also able to gain access to key security details built into the OS, allowing an attacker to obtain sensitive user data.
HummingBad
Android malware that establishes a persistent rootkit on the device, installs fraudulent applications, and with slight modifications could enable additional malicious activity such as installing a key-logger, stealing credentials and bypassing encrypted email containers used by enterprises.
Intrusion Prevention Systems
Intrusion Prevention Systems (IPS), also known as Intrusion Detection and Prevention Systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it.
iSpy
Keylogger which is sold on various underground forums. iSpy captures passwords, collects passwords stored in web browsers and records webcams and Skype sessions. The malware is spread mainly via spam campaigns carrying malicious attachments.
Jadtre
Virus which targets the Windows platform. It modifies system files, collects private information from the infected host and redirects to compromised sites to spread additional malware. In addition, Jadtre provides backdoor access to infected hosts. Jadtre is usually spread by freeware or spam email campaigns and can propagate itself by infecting executable files accessible through network drives.
Jaff
Ransomware which began being distributed by the Necrus botnet in May 2017, via spam emails containing a PDF attachment which contains an embedded DOCM file. As the malware first emerged, it was massively spread at an infection rate of approximately 10,000 emails sent per hour.
Kazy
Dropper designed to install malware onto infected computer systems. Kazy can be used by criminals to install practically any kind of malware onto their victims’ machines including banking malware, info-stealers and spyware.
Kelihos
Botnet mainly involved in bitcoin theft and spamming. It utilizes peer-to-peer communications, enabling each individual node to act as a Command & Control server.
Keylogger
Software (or in some cases, hardware) that records your typing, trying to capture login names, passwords or personal data.
KINS
Also dubbed ZeusVM, KINS is a variant of the infamous Zeus Trojan. It is a banking Trojan that was offered for sale as a service on a closed Russian underground forums. The malware consists of a dropper and a variety of modules such as Remote Desktop Protocol module that allows bot managers to remotely access compromised machines. On 2015, the KINS builder and the source code of its management panel were leaked online.
Kometaur
Trojan that targets Windows users. It contacts a remote server and sends information about the targeted system. It can also attempt to update itself.
LdPinch
Trojan that targets Windows users. The malware is designed to delete, block, modify, or copy data and disrupt computer or network performance. The malware masquerades as a legitimate file or software.
Locky
Ransomware which started its distribution in February 2016, and spreads mainly via spam emails containing a downloader disguised as an Word or Zip attachment, which then downloads and installs the malware that encrypts the user files.
Lotoor
Hack tool that exploits vulnerabilities on Android operating system in order to gain root privileges on compromised mobile devices.
Macro Virus
A virus that infects a document processing application and causes a sequence of actions to be performed automatically when the application is started or something else triggers it.
Malicious Code
Software that appears to perform a useful or desirable function, but actually gains unauthorized access to system resources or tricks a user into executing other malicious logic.
Malware
A generic term for a number of different types of malicious code.
Mobile Remote Access Trojan (mRAT)
Mobile Remote Access Trojan is similar to Remote Access Trojan (RAT), malware that allows an attacker to remotely control an infected PC or “bot”. mRat attacks bypass two-step authentication and access SMS functions and the user’s contact list. mRat may be part of an APT-operated attack or a known virus attack. Known variants for this attack are OmniRAT and DroidJack.
naKocTb
Downloader, programmed to allow its operators to download and upload files to a victim’s computer in a way that is transparent to the victim. The malware can be delivered to users via spam campaigns or bundled with free program installers that are published on suspicious websites.
Necurs
Botnet used to spread malware by spam emails containing a malicious attachment, mainly Ransomware and Banking Trojans such as the Locky ransomware, Jaff ransomware and Dridex banking malware.
Nivdort
Multipurpose bot, also known as Bayrob, that is used to collect passwords, modify system settings and download additional malware. It is usually spread via spam emails with the recipient address encoded in the binary, thus making each file unique.
Polymorphic Virus
A virus that uses code that mutates the program while keeping the original algorithm intact. That is, the code changes itself each time it runs, but the function will not change. Encryption is the most common method to hide code.
Pykspa
Worm that spreads itself by sending instant messages to contacts on Skype. It extracts personal user information from the machine and communicates with remote servers by using a Domain Generation Algorithms (DGA).
Ramnit
A banking Trojan designed to steal banking credentials, FTP passwords, session cookies and personal data. Upon infection, Ramnit also allows remote control when the machine is connected to the internet.
Ransomware
Ransomware is a type of malicious software that prevents the victims from accessing their documents, pictures, databases and other files by encrypting them and demanding a ransom to decrypt them back. A deadline is assigned for the ransom payment, and if the deadline passes, the ransom demand doubles or files are permanently locked. Ransomware is an ever-increasing threat worldwide, claiming a new victim every 10 seconds.
RedLeaves
Malware used in a campaigns which targeted users in the Healthcare, Energy, Critical Manufacturing and Information Security sectors worldwide. The malware consists of an executable, a loader and a Remote Access Tool (RAT) which collects various types of information from the victim system, such as system architecture and privileges, and sends it to its Command & Control server.
RIG Exploit Kit
Exploit Kit first introduced in 2014. RIG delivers Exploits for Flash, Java, Silverlight and Internet Explorer. The infection chain starts with a redirection to a landing page that contains JavaScript that checks for vulnerable plug-ins and delivers the exploit.
Rootkit
A rootkit is a type of malware designed to burrow deep into your computer, avoiding detection by security programs and users. For example, a rootkit might load before most of Windows, burying itself deep into the system and modifying system functions so that security programs can’t detect it. A rootkit might hide itself completely, preventing itself from showing up in the Windows task manager.
Rootnik
Android malware which uses a customized open-source root tool called “Root Assistant” to gain root access to Android devices, and maintains persistence by installing several APK files. The malware can than download executable files from remote servers and execute them on the infected device for various purposes, and steal sensitive user information.
RoughTed
Large-scale malvertising used to deliver various malicious websites and payloads such as scams, adware, exploit kits and ransomware. It can be used to attack any type of platform and operating system, and utilizes ad-blocker bypassing and fingerprinting in order to make sure it delivers the most relevant attack.
Sality
Virus that allows remote operations and downloads of additional malware to infected systems by its operator. Its main goal is to persist in a system and provide means for remote control and installing further malware.
Slammer
Memory resident worm targeted to attack Microsoft SQL 2000. By propagating rapidly, the worm can cause a denial of service condition on affected targets.
Social Engineering
A euphemism for non-technical or low-technology means – such as lies, impersonation, tricks, bribes, blackmail, and threats – used to attack information systems.
Spoof
Attempt by an unauthorized entity to gain access to a system by posing as an authorized user.
Spyware
Programming that is put in someone’s computer to secretly gather information about the user and relay it to advertisers or other interested parties.
SQL Injection
A common code injection technique used to attack data driven web applications. The attack is performed on web pages with data insertion fields, on which user inserted data is not properly filtered and sanitized from SQL language syntax. Such web applications allow an attacker to execute undesirable SQL queries on a remote database, which could lead to exposure of sensitive data stored on the database, data modification, loss or corruption. With a successful SQL injection, the attacker can modify highly sensitive data such as account balance and planned transactions, medical test results and other medical information, and such.
Tinba
A Trojan that steals the victim’s credentials using web-injects, activated as the users try to login to their bank website.
Torpig
Information stealing Trojan which collects sensitive information and banking credentials from the infected host and sends this information to a remote server without user permission. Machines infected by Torpig also form a massive botnet
TorrentLocker
Ransomware that encrypts user documents, pictures and other type of files. Victims are requested to pay up to 4.1 Bitcoins (approximately US $1800) to the attackers to decrypt their files.
Triada
Modular Backdoor for Android which grants superuser privileges to downloaded malware, as helps it to get embedded into system processes. Triada has also been seen spoofing URLs loaded in the browser.
Trojan
A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.
URL Filtering
Content-control software, content filtering software, secure web gateways, censorware, Content Security and Control, web filtering software, content-censoring software, and content-blocking software are terms describing software designed to restrict or control the content a reader is authorized to access, especially when utilized to restrict material delivered over the Internet via the Web, e-mail, or other means. Content-control software determines what content will be available or perhaps more often what content will be blocked.
Virus
A hidden, self-replicating section of computer software, usually malicious logic, that propagates by infecting – i.e., inserting a copy of itself into and becoming part of – another program. A virus cannot run by itself; it requires that its host program be run to make the virus active.
Vulnerability
In computer security, a vulnerability is a weakness which allows an attacker to reduce a system’s information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface.
WannaCry
Ransomware which was spread in a large scale attack in May 2017 utilizing a Windows SMB exploit called EternalBlue in order to propagate within and between networks.
Winnti
Backdoor that installs a rootkit on victim’s system, and hooks critical functions and system driver of the infected Windows system. It collects system information and sends the data to a remote server, from which it also receives further instruction. Winnti might inject malicious payload into various processes, and it has been reported that some variants of this Backdoor might be signed with a legitimate certificate.
Worm
A computer program that can run independently, can propagate a complete working version of itself onto other hosts on a network, and may consume computer resources destructively.
XcodeGhost
A compromised version of the iOS developer platform, Xcode. This unofficial version of Xcode was altered so that it injects malicious code into any app that was developed and compiled using it. The injected code sends app information to a Command & Control server, allowing the infected app to read the device clipboard.
Zerghelper
iOS malware which targets Chinese users, and therefore displays different behaviors according to the device’s location in the world. The malware was able to bypass Apple’s security. Once installed on a device in China, the app uses social engineering to install two configuration profiles, based on which applications that did not go through Apple’s review, and may contain malicious code, can be downloaded to the infected device.
Zero Day
The “Day Zero” or “Zero Day” is the day a new vulnerability is made known. In some cases, a “zero day” exploit is referred to an exploit for which no patch is available yet. (“Day One” – day at which the patch is made available).
Zeus
A sophisticated family of Banking Trojan that uses man-in-the-browser keystroke logging and form grabbing in order to steal banking information and victim accounts. Zeus targets popular operating systems such as Windows and Android and is usually distributed to end-users through social engineering tactics such drive-by downloads and phishing emails.
Zombie
A zombie computer (often shortened as zombie) is a computer connected to the Internet that has been compromised by a hacker, a computer virus, or a trojan horse. Generally, a compromised machine is only one of many in a botnet, and will be used to perform malicious tasks of one sort or another under remote direction. Most owners of zombie computers are unaware that their system is being used in this way. Because the owner tends to be unaware, these computers are metaphorically compared to zombies.
Ztorg
Trojan that uses root privileges to download and install applications on the mobile phone without the user’s knowledge.