learn Definitions

Unwanted programs that, once installed, bombard users with unwanted advertizing.  Often those pushing the adware programs get paid for every machine they manage to recruit.  Some adware poses as fake computer security software which can be very hard to remove.

A hacker that uses his or her skills for explicitly criminal or malicious ends.  Has been used to mean the writers of destructive viruses or those that use attacks to knock websites offline.  Now as likely to refer to those that steal credit card numbers and banking data with viruses or by phishing.

The name given to an individual computer in a larger botnet and which is more than likely a home PC running Windows.  The name is an abbreviation of “robot” to imply that it is under someone else’s control.

A large number of hijacked computers under the remote control of a single person via net-based command and control system. The machines are often recruited via a virus that travels via email but increasingly drive-by downloads and worms are also used to find and recruit victims.  The biggest botnets can have tens of thousands of hijacked computers in them.  Research suggests they can be hired from as little as 4 cents per machine.

One of the names for the controller or operator of a botnet.

A sophisticated phishing attack that exploits weaknesses in the legitimate sites of financial institutions to make attempts to trick people into handing over confidential details more plausible.  A successful use of cross-site scripting will make it look like all the transactions are being done on the website of the real bank or financial institution.

A hijacked PC or server used to store all the personal data stolen by keyloggers, malware or viruses.  Criminal hackers prefer to keep their distance from this data as its possession is incriminating.  Dead drops are usually found and shut down within a few days of the associated phishing emails being sent out.

Abbreviation for Distributed Denial of Service.  This is an attack in which thousands of separate computers, which are usually part of a botnet, bombard a target with bogus data to knock it off the internet. DDoS attacks have been used by extortionists who threaten to knock a site offline unless a hefty ransom is paid.

Malicious programs that automatically install when a potential victim visits a booby-trapped website.  Exploited vulnerabilities include Microsoft’s Internet Explorer browser, Adobe Acrobat Reader, Adobe Acrobat Flash Player, and Oracle (formerly Sun) Java, and are leveraged to install the malicious programs.

Sometimes it is obvious that a drive-by download has occurred as they can lead to bookmarks and start pages of the browser being replaced. Others install unwanted toolbars.  Increasingly criminals are using drive-bys to install keyloggers that steal login and password information.

A bug or vulnerability in software that malicious (blackhat) hackers use to compromise a computer or network.  Exploit code is the snippet of programming that actually does the work of penetrating via this loophole.

Either a program or a feature built into hardware, which sits between a computer and the internet.  Its job is to filter incoming and outbound traffic.  Firewalls stop network-born attacks, such as worms, from reaching your PC.

An individual computer or a network of machines set up to look like a poorly protected system but which records every attempt, successful or otherwise, to compromise it.  Often the first hints of a new rash of malicious programs comes from the evidence collected by honeypots. Now cyber criminals are tuning their malware to spot when it has compromised a honeypot and to leave without taking over.

The numerical identifier that every machine attached to the internet needs to ensure the data it requests returns to the right place.  IP stands for Internet Protocol and the technical specification defines how this numerical system works.

Abbreviation for Internet Relay Chat, one of the internet’s hugely popular text chat systems. The technology is also used by botnet herders to keep tabs on and control their flock of machines.

A program installed on a victim’s machine that records every keystroke that a user makes. These tools can obviously be very useful for stealing login and password details.

Any malicious software installed without your knowledge that allows a hacker to remotely steal information from your computer or use it to attack other computers.

A sophisticated attack in which a criminal hacker intercepts traffic sent between a victim’s computer and the website of the organization, usually a financial institution, that they are using.  Used to lend credibility to attacks or simply steal information about online accounts. Can be useful to defeat security measures that rely on more than just passwords to grant entry to an account, such as two-factor authentication.

The practice of examining the individual packages of data received by a computer on a network in order to learn more about what type of traffic or information the machine is using.  Often login names and passwords are sent in plain text within data packets and can easily be extracted.

A secret code that allows you to access your private information that you have setup for a particular use.  Such uses include your personal and private email, files, grades, financial records, and social network information.

Similar to a password, but significantly longer and more complex.

PHISHING  [Take the phishing test]
A targeted email asking for your password or account information, claiming to be from a legitimate source you trust.  Often the email will direct people to another website that looks like that of the bank or financial institution the email purports to have come from. Anyone handing over details could rapidly have their account plundered.

The virtual door that network-capable programs open to identify where the data they request from the network should be directed to once it reaches a computer.  Web browsing traffic [http] typically passes through port 80, secure web traffic [https] through port 443, email [smtp] through port 25.

An unskilled hacker who originates nothing but simply steals code, techniques and attack methods from others.  Many viruses and worms on the web today are simply patched together from other bits of code that malicious hackers share.

Malicious program that, once installed on a target machine, steals personal and confidential information.  Distinct from adware, spyware can be contracted many different ways.  Increasingly it arrives on a PC via a web download and often uses a keylogger to grab information. Some are now starting to record mouse movements in a bid to foil the latest security measures.  Some fake security programs pose as spyware cleaners.

Abbreviation for Transmission Control Protocol, the series of specifications which define the format of data packets sent across the internet.

Like the wooden horse of legend this is a type of program or message that looks benign but conceals a malicious payload.  Many of the attachments on virus-bearing email messages carry trojans.

A process that requires another piece of information in addition to your password to enable access to your account.  PCI-DSS requires the use of two-factor authentication, which is why you have to enter more than one value or confirm a piece of private information before you can access your bank account.

A malicious program that usually requires action to successfully infect a victim.   For example, the malicious programs inside email attachments usually only strike if the recipient opens them. Increasingly the word is used as a general term for all malicious programs, those that users must interact with or those that find their own way around the internet.

A hacker that uses his or her skills for positive ends and often to thwart malicious hackers.  Many whitehat security professionals spend their time looking for and closing the bugs in code that blackhats are keen to exploit.

A self-propigating, malicious program that scours the web seeking new victims.  It is distinguished from a virus because it does not require user interaction to compromise a machine.  Worms can infect and take over computers without any help.

An newly discovered vulnerability whose weakness can be exploited by malicious code available on the internet the same day the vulnerability is discovered.  Since most of the damage is done by exploiting bugs after the first few days they become public, software firms usually move quickly to patch zero day vulnerabilities.

Another name for a hijacked computer that is a member of a botnet.