Synonyms: System registry key, Key
In Microsoft® Windows®, registry keys are used to store configuration information: the value of a relevant key is changed every time a program is installed or when its configuration settings have been modified.
Many malicious programs change key values, or create new ones, to ensure that their code runs automatically: in addition, they can have an adverse effect on legitimate programs.
Synonyms: Blacklist, Black hole list, Realtime black list
Used as one method of filtering spam, blacklists provide a list of known sources of unwanted e-mail. Traffic from listed IP addresses is simply blocked. Several public blacklists are available, one of the best known being the Mail Abuse Prevention System [MAPS].
The use of blacklists helps to force ISPs [Internet Service Providers] to monitor their own outgoing e-mail and so avoid the negative commercial effects of being ‘blacklisted’.
A rootkit is a collection of programs used by a hacker to evade detection while trying to gain unauthorized access to a computer. This is done either by replacing system files or libraries, or by installing a kernel module. The hacker installs the rootkit after obtaining user-level access: typically this is done by cracking a password or by exploiting a vulnerability. This is then used to gather other user IDs until the hacker gains root, or administrator, access to the system.
The term originated in the Unix world, although it has since been applied to the techniques used by authors of Windows-based Trojans to conceal their activities. Rootkits have been used increasingly as a form of stealth to hide Trojan activity, something that is made easier because many Windows users log in with administrator rights.
RAM is used by the operating system and other software to hold data that is currently being used. Applications and data held on the hard disk or removable media are loaded into RAM before being processed. It’s faster to read from, and write to, RAM than a hard disk or removable media. However, RAM can be used only for temporary storage: it is cleared whenever the PC is switched off.
‘Riskware’ is the generic term used by Kaspersky Lab to describe programs that are legitimate in themselves, but that have the potential for misuse by cyber criminals: for example, remote administration utilities. Such programs have always had the potential to be misused, but they now have a higher profile. During the last few years, there has been a fusion of ‘traditional’ virus techniques with those of hackers. In the changing climate, such ‘riskware’ programs have come in to their own as a means of controlling machines for malicious purposes.
A router is a device, located at the point where one network meets another, that decides the next point to which a network packet should be passed on its way to its final destination.