Synonyms: Executable files, PE EXE files
An executable file is a program in binary code that is ready to be run by the computer without any further human intervention.
Common file extensions for executable fields in Windows include .exe, .com, .dll, .bat. An executable file that is dynamically linked to another program is called a dynamic link library.
Windows Portable Executable (PE) files are simply executable files that work across all Microsoft 32-bit operating systems, which is why the majority of malware for Windows written today is written in this format.
In Unix, executable files are marked with a special permission flag in the file attributes.
Encryption describes the process of jumbling up data in such a way that it can not be easily understood by those who are not authorized to do so. The jumbled data is stored as ‘ciphertext’. A key, known as a decryption key, is required in order to access the original data.
Encryption is used to keep prying eyes away from data that is in transit between sender and recipient (data sent over the World Wide Web during an online banking transaction, for example).
Modern encryption methods require both sender and recipient (or software installed on sender and recipient computers) to hold compatible decryption keys. This may take the form of a single shared key. Or it may be the combination of a private key created by the recipient and a public key available to anyone wishing to send data to the recipient: this is known as a PKI [Public Key Infrastructure].
Encryption is a two-way street in the computer world today. While individuals and businesses use it to protect legitimate communication, virus writers encrypt malicious programs to conceal them from anti-virus products: in this case, since the virus writer wants the user to run the encrypted attachment, he must include the key as part of the transmission (by including the password in an e-mail message, for example).
The term exploit describes a program, piece of code or even some data written by a hacker or virus writer that is designed to take advantage of a bug or vulnerability in an application or operating system. Using the exploit, an attacker gains unauthorized access to, or use of, the application or operating system.
The use of exploits by hackers and virus writers has increased during the last few years. Typically, exploit code is used to gain access to confidential data or to use the victim machine for further unauthorized use.
Exploits are often named after the vulnerability they use to penetrate systems: a buffer overflow, for example.
E-mail (short for ‘electronic mail’) is a method of sending messages electronically from one computing device to another. Plain text e-mails are normally encoded in ASCII text, although many e-mail client applications (Microsoft® Outlook®, for example) support HTML, allowing non-text messages to be sent. It is also possible to send non-text files as a binary attachment to an e-mail message.
SMTP is the standard protocol used for sending e-mail across the Internet, although the POP3 protocol is also commonly used for receiving e-mail that has been stored on a remote server (by an ISP, for example). Many web browsers (including Microsoft® Internet Explorer) also provide support for POP3.
EICAR was formally set up in September 1991 (although an inaugural meeting had taken place in the previous year), with the aim of providing a forum for technical, security and legal experts from the security industry, government and corporate bodies to combine their efforts against malicious code. EICAR was designed to complement the CARO organization, which is made up solely of anti-virus experts.
EICAR is probably best known for providing an industry-standard test file (the ‘EICAR Standard Anti-Virus Test File’) that can be used to check that anti-virus software has been installed correctly, is working and responds appropriately when a virus has been detected.
Programs (also known as executables) contain binary code in a form that is ready to be run on a computer. Programs are written using a computer language (‘C’ or ‘C++’, for example), where the programmer writes the language-specific instructions using a text editor: this is known as source code. The source code is then compiled into instructions that can be interpreted by the computer.
The most common file extension for programs in a Microsoft® Windows® environment is EXE, but there are other files that contain program code, including COM and DLL. Batch files (which have the extension BAT) are themselves text files, but they contain a list of instructions for the computer to carry out unattended.
Synonyms: Worm, Computer worm, Internet worm, Network worm
Worms are generally considered to be a subset of viruses, but with key differences. A worm is a computer program that replicates, but does not infect other files: instead, it installs itself on a victim computer and then looks for a way to spread to other computers.
From a user’s perspective, there are observable differences. In the case of a virus, the longer it goes undetected, the more infected files there will be on the victim computer. In the case of a worm, by contrast, there is just a single instance of the worm code. Moreover, the worm’s code is ‘self-standing’, rather than being added to existing files on the disk.
Like viruses, worms are often sub-divided according to the means they use to infect a system. E-mail worms are distributed as attachments to e-mail messages, IM worms are attached to messages sent using instant messaging programs (such as IRC or ICQ). P2P [peer-to-peer] worms use file-sharing networks to spread. Network worms spread directly over the LAN [Local Area Network] or across the Internet, often making use of a specific vulnerability.
The term ‘worm’ was coined by sci-fi writer John Brunner in his 1975 novel Shockwave Rider. The hero, a talented programmer, created self-replicating computer programs that tunneled their way through a worldwide network.