A disassembler is a program used to convert binary code into assembler language, a human-readable version of machine code. It’s a form of reverse engineering, used by programmers to debug code.
Virus researchers use various tools (including purpose-built, bespoke programs) to disassemble malicious code and determine how it works.
Broadband (delivered through a Digital Subscriber Line [DSL]) is generally applied to telecommunications in which a wide range of frequencies is available for transmission of data, typically voice and data together. So broadband provides an always-on connection, allowing home user to access the Internet while still being able to use the telephone. Clearly this is more efficient than using a dial-up connection, which makes exclusive use of a telephone line. In addition, broadband typically also provides a faster connection, of 512Kbps, 1Mbps, 2Mbps or more.
Synonyms: Command line, Command Line Prompt, CLI [Command Line Interface], Command Prompt
The command line provides a keyboard-driven interface between a computer and the user. The user types in a command and the computer processes the appropriate instruction for that command, after which it displays a specified prompt indicating to the user that the system is ready for further commands.
MS-DOS was a command line driven system. Microsoft® Windows®, by contrast, offers a Graphical User Interface [GUI] and the means to input instructions using a mouse (in addition to command line access. Most Unix-based operating systems also offer both command line and GUI interfaces.
A DoS attack is designed to hinder or stop the normal functioning of a web site, server or other network resource. There are various ways for hackers or virus writers to achieve this. One common method is simply to flood a server with more network traffic than it is able to handle. This prevents it from carrying out its normal functions and in some circumstances crashes the server completely.
A DDoS attack differs only in the fact that the attack is conducted using multiple machines. The hacker or virus writer typically use one compromised machine as the ‘master’ and co-ordinates the attack across other, so-called ‘zombie’, machines. Both master and zombie machines are typically compromised by exploiting a vulnerability in an application on the machine, to install a Trojan or other piece of malicious code.
A dial-up connection is one that makes exclusive use of a standard telephone line to send and receive data. The connection is made using a modem.
A DHA is one method used by spammers to collect valid e-mail addresses. Spammers either target these addresses directly in their own spam attack, or to sell them on to other spammers.
The spammer first selects a domain (let’s say ‘victim_domain.com’) and then sends speculative e-mail messages to possible addresses within that domain (for example, ‘jack@victim_domain.com’, ‘jill@victim_domain.com’, etc.). If the e-mail server at ‘victim_domain.com’ doesn’t reject the e-mail, the spammer knows that a given e-mail address is valid and can be used as a target in a spam attack.
A DDoS attack is broadly similar to a DoS attack, designed to hinder or stop the normal functioning of a web site, server or other network resource. A DDoS attack differs only in the fact that the attack is conducted using multiple machines. The hacker or virus writer typically use one compromised machine as the ‘master’ and co-ordinates the attack across other, so-called ‘zombie’, machines. Both master and zombie machines are typically compromised by exploiting a vulnerability in an application on the machine to install a Trojan or other piece of malicious code.
Domain names are used to locate an organization on the Internet. Each domain name maps to a specific IP address.
So, for example, in the URL www.kaspersky.com, the ‘com’ part of the domain name is the top-level and indicates the general purpose of the organization, in this case ‘commercial’ (others include ‘org’, ‘net’, or geographic domains like ‘co.uk’).
The ‘kaspersky’ part of the domain name is the second-level and is a descriptor for the organization itself: this can be thought of as a human readable version of the IP address. Second-level domain names must be unique (and are registered through ICANN [Internet Corporation for Assigned Names and Numbers]).
The ‘www’ part of the domain name indicates the server (in this case, web server) that handles Internet request.
The translation of domain names into IP addresses is carried out by DNS servers located throughout the Internet. When a user types in a URL, a nearby DNS server will map the domain to an IP address or pass it to another DNS server. There is also a sort of ‘mini DNS server’ stored within Microsoft® Windows® operating systems, called the hosts file.
Synonyms: DNS poisoning
DNS servers located throughout the Internet are used to map domain names to IP addresses. When a user types in a URL, a nearby DNS server will map the domain to an IP address or pass it to another DNS server. In fact, there are a relatively small number of very big DNS servers. These provide many smaller DNS servers with DNS entries that are stored in the cache of the smaller DNS servers.
DNS poisoning is the manipulation of IP addresses for entries stored in the cache of a smaller DNS server: the aim is to make the DNS server respond, not with the correct IP address, but with one that contains malicious code. Here’s an example. If a user types the URL ‘www.kaspersky.com’ in the web browser, the DNS server should respond with the IP address 220.127.116.11. However, a poisoned DNS server would map this domain name to an IP address that contains malicious code.
DNS poisoning is only possible where there is a vulnerability or other security weakness in the operating system running on the DNS server.
DNS servers located throughout the Internet are responsible for the translation of domain names into IP addresses. When a user types in a URL, a nearby DNS server will map the domain to an IP address or pass it to another DNS server. There is also a sort of ‘mini DNS server’ stored within Microsoft® Windows® operating systems, called the hosts file.
Where a file is transferred from one computer to another, the receiver is said to download the file. For example, anti-virus updates are downloaded to a user’s computer from an anti-virus vendor’s server.
A sector is an area on a PC disk (hard disk or floppy disk) used to store data. Sectors, which resemble the slices of a cake, are laid down on the disk when it is prepared for use, or formatted. The size of each sector varies depending on the operating system and is defined in the disk’s boot sector.
A disk is also divided into cylinders (or tracks) and heads (or sides). Data on a disk is accessed, at a low-level, according to its cylinder, head and sector number. Of course, the user doesn’t need to worry about this low-level information, since the operating system handles the storage and retrieval of data in a user-friendly way.