Securelist / Glossary

Kaspersky Security Network (KSN)

webmaster@securelist.com () — 28 Apr 2010 21:50:00 +0400

is a distributed system that collects data about existing threats in real time. In addition, it effectively identifies unknown threats and their sources and reacts quickly to protect users against them.

Toolkit

webmaster@securelist.com () — 28 Apr 2010 21:50:00 +0400

is a set of tools or utilities designed to achieve a particular goal. In the case above, a toolkit is used to create and manage a botnet that is then used to steal users’ online banking credentials.

ITW (In-the-Wild) samples

webmaster@securelist.com () — 28 Apr 2010 21:48:00 +0400

are instances of malicious programs that are found ‘In the Wild’ on a user’s system and are evidence of infection.

Crimeware

webmaster@securelist.com () — 28 Apr 2010 21:46:00 +0400

is a type of malware developed especially to commit financial crimes automatically. This category of malware includes other categories with similar malicious behavior, such as Banker Trojans and PSW Trojans, etc. You can learn more about crimeware and malware classification here.

Keylogger

webmaster@securelist.com () — 06 Dec 2006 19:04:00 +0400

A keylogger can be used by a third-party to obtain confidential data (login details, passwords, credit card numbers, PINs, etc.) by intercepting key presses. Backdoor Trojans typically come with a built-in keylogger; and the confidential data is relayed to a remote hacker to be used to make money illegally or gain unauthorized access to a network or other company resource.

World Wide Web

webmaster@securelist.com () — 20 Jun 2006 14:59:00 +0400

The World Wide Web (or WWW for short) was developed by Tim Berners-Lee, a British software consultant who was looking for a way to track associations between pieces of information using a computer (much like a thesaurus does manually). His initial program for doing this was called ‘Enquire’, developed in the 1980s.

He subsequently developed the idea, and the standards, to allow the sharing of data across the Internet. He created HTML as the standard method for coding web content. He designed an addressing scheme (contained in the URL) for locating web content. And he created HTTP as the protocol for transferring web content across the Internet.

The World Wide Web as we now know it appeared in 1991 and has grown exponentially since. Tim Berners-Lee founded the World Wide Web Consortium [the W3C], the body that sets WWW standards. The W3C defines the World Wide Web as ‘the universe of network-accessible information, an embodiment of human knowledge’.

WildList

webmaster@securelist.com () — 20 Jun 2006 14:58:00 +0400

The WildList was established in July 1993 by anti-virus researcher Joe Wells, was subsequently published monthly by the WildList Organization and is now published by ICSA Labs (part of TrueSecure Corporation). It aims to keep track of which viruses are spreading in the real world (the WildList FAQ cites the WildList as ‘the world’s authority on which viruses users should really be concerned with’).

Detection of 'in the wild' viruses, as defined by the WildList, has become the de facto measure by which anti-virus products are judged. Fee-based anti-virus certification tests, most notably ICSA Labs. and West Coast Labs, are based on detection of WildList samples. In addition, the Virus Bulletin ‘VB100%’ is awarded on the basis of a product's ability to detect WildList viruses.

However, in today’s wired world, there’s a higher risk of being hit by new malware, with around 80% of new malicious programs being found in the field, not just in so-called ‘zoo’ collections. As a result, the WildList has become somewhat outmoded as a measure of the real threat.

WiFi

webmaster@securelist.com () — 20 Jun 2006 14:57:00 +0400

WiFi (short for ‘wireless fidelity’) is the name commonly given to wireless networks that conform to the 802.11 specification laid down by IEEE [Institute of Electrical and Electronic Engineers]. WiFi provides for fast data transfer rates (up to 11Mbs) and has become increasingly popular in recent years. Today, many PCs and mobile devices are fitted with wireless cards that enable them to connect to a wireless network. WiFi has become a more common way of connecting to a network and wireless access points, or ‘hot spots’, can be found in businesses, homes, hotels, airports and even fast food outlets.

By design, no wires are required to connect to a wireless network. If the wireless network is unsecured, it can be accessed easily by hackers or other users wishing to obtain free Internet access: so-called ‘war driving’ or ‘war chalking’.

Whitelist

webmaster@securelist.com () — 20 Jun 2006 14:56:00 +0400

Used as one method of filtering spam, a whitelist provides a list of legitimate e-mail addresses or domain names: all messages from whitelisted addresses or domains are automatically passed through to the intended recipient.

Web browser

webmaster@securelist.com () — 20 Jun 2006 14:55:00 +0400

A web browser is an application that lets a user access and display content from the World Wide Web.

War driving

webmaster@securelist.com () — 20 Jun 2006 14:55:00 +0400

War driving refers to the act of driving round a city or town to locate wireless access points, or ‘hot spots’, in order to gain unauthorized access to unsecured wireless networks. The specific process of mapping Bluetooth devices is referred to as ‘war nibbling’.

War chalking

webmaster@securelist.com () — 20 Jun 2006 14:53:00 +0400

War chalking refers to the act of walking round a city or town to locate wireless access points, or ‘hot spots’, in order to gain unauthorized access to unsecured wireless networks. It is so-called from the act of indicating the hot-spot using a chalk mark.

Vulnerability

webmaster@securelist.com () — 20 Jun 2006 14:52:00 +0400

A vulnerability is a bug or security flaw in an application or operating system that provides the potential for a hacker or virus writer to gain unauthorized access to, or use of, a user’s computer. The hacker does this by writing specific exploit code.

Once a vulnerability has been discovered (either by the developer of the software or someone else) the vendor of the application typically creates a ‘patch’ or ‘fix’ to block the security hole. As a result, vendors, security experts and virus writers are engaged in a never-ending race to find vulnerabilities first.

During recent years, the time-lag between the discovery of a vulnerability and the creation of exploit code that makes use of it has diminished. The worse-case scenario, of course, is a so-called ‘zero-day exploit’, where the exploit appears immediately after the vulnerability has been discovered. This leaves almost no time for a vendor to create a patch, or for IT administrators to implement other defensive measures.

*source: CVE - Common vulnerabilites and Exposures

VoIP [Voice over IP]

webmaster@securelist.com () — 20 Jun 2006 14:52:00 +0400

VoIP is a technology that lets subscribers to the VoIP service make telephone calls using a computer network that supports IP [Internet Protocol]. VoIP converts the analog signal used in a converntional telephone, into a digital signal that can be carried over the Internet in packets (and converts it back again at the other end).

This means that users with a broadband Internet connection can replace their existing telephone connection with VoIP. Some VoIP services only allow telephone calls to people using the same service. Others allow calls to any number. Some VoIP services work just through the computer. Others require a special VoIP telephone or a VoIP adapter fitted to a conventional telephone.

VBS [Visual Basic Script]

webmaster@securelist.com () — 20 Jun 2006 14:51:00 +0400

VBS is a script language developed by Microsoft�. Like JavaScript is often used in the development of web pages. For specific tasks, it’s often easier to write a script than to use a formal programming language like ‘C’ or ‘C++’.

However, as with a formal program, it’s also possible to use VBS to create malicious code. Since a script can be easily embedded in HTML, a virus author can embed a malicious script within an HTML e-mail: and when the user reads the e-mail, the script runs automatically.

Virus definition

webmaster@securelist.com () — 20 Jun 2006 14:50:00 +0400

Virus definitions (or signatures) contain a unique sequence of bytes used by an anti-virus program to identify each piece of malicious code. Signature analysis is one of the key methods used to find and remove malicious code.

VPN [Virtual Private Network]

webmaster@securelist.com () — 20 Jun 2006 14:48:00 +0400

A VPN is used to provide remote users with secure access to the private network of a corporation or other organization, over the Internet (rather than using an expensive dedicated leased line). Privacy is maintained by implementing encryption and other security features, preventing unauthorized access to the private network.

Variant

webmaster@securelist.com () — 20 Jun 2006 14:47:00 +0400

The term variant refers to a modified version of an existing piece of malicious code. Virus writers are often quick to create new versions of a virus, worm or Trojan that has been ‘successful’, or if the source code for the malware has been published.

Upload

webmaster@securelist.com () — 20 Jun 2006 14:47:00 +0400

Where a file is transferred from one computer to another, the sender is said to upload the file. For example, anti-virus updates are uploaded by an anti-virus vendor to their server, to make them available for users of their software.

USB [Universal Serial Bus]

webmaster@securelist.com () — 20 Jun 2006 14:44:00 +0400

USB provides a ‘plug-and-play’ standard for connecting many peripheral devices to a computer simultaneously, without the need for a specific device adapter card for each device. USB allows up to 127 devices to connect to a single computer and allows for rapid transfer of data.

USB 1.1 (the original USB specification, developed by Compaq, IBM, DEC, Intel, Microsoft and Northern Telecom) supports data speeds of up to 12Mbps. USB 2.0 (developed by Compaq, Hewlett Packard, Intel, Lucent, NEC and Philips) supports data transfer speeds of up to 480Mbps.