|
Adware : Programs
that facilitate delivery for advertising
content to the user and in some cases
gather information from the user's
computer, including information related
to Internet browser usage or other
computer habits. They can take up
your computers resources and are largely
responsible for the countless popup
ads you receive on the web.
Annoyance
: Any trojan that does not
cause damage other than to annoy a
user, such as by turning the text
on the screen upside down, or making
mouse motions erratic.
ANSI Bomb
: Character sequences that
reprogram specific keys on the keyboard.
If ANSI.SYS is loaded, some bombs
will display colorful messages, or
have interesting (but unwanted) graphical
effects.
AOL Pest::
Any password stealer, exploit, DoS
attack, or ICQ hack aimed at users
of AOL. ICQ is an instant messenger
service from mirabilis.com, now AOL.
ICQ is a favorite service among hackers,
and ICQ features are built into many
trojans (such as stealing user's passwords,
UINs, or notifying the hacker). Users
of ICQ are warned ""By using
the ICQ service and software... you
may be subject to various risks, including...
Spoofing, eavesdropping, sniffing,
spamming, breaking passwords, harassment,
fraud, forgery, 'imposturing', electronic
trespassing, tampering, hacking, nuking,
system contamination including without
limitation use of viruses, worms and
Trojan horses causing unauthorized,
damaging or harmful access and/or
retrieval of information and data
on your computer and other forms of
activity that may even be considered
unlawful."
AV Killer
: Any hacker tool intended
to disable a user's anti-virus software
to help elude detection. Some will
also disable personal firewalls.
Backdoor
: A Backdoor is a software
program that gives an attacker unauthorized
access to a machine and the means
for remotely controlling the machine
without the user's knowledge. A Backdoor
compromises system integrity by making
changes to the system that allow it
to by used by the attacker for malicious
purposes unknown to the user.
Binder : A
tool that combines two or more files
into a single file, usually for the
purpose of hiding one of them. A binder
compiles the list of files that you
select into one host file, which you
can rename. A host file is a simple
custom compiled program that will
decompress and launch the source programs.
When you start the host, the embedded
files in it are automatically decompressed
and launched. When a trojan is bound
with Notepad, for instance, the result
will appear to be Notepad, and appear
to run like Notepad, but the Trojan
will also be run.
Browser
Helper Object (BHO): BHO
is an application that extends Internet
Explorer and acts as a plug-in. Spyware
as well as browser hijackers often
use BHOs to display ads or follow
your moves across the Internet. This
can cause anything from incompatibility
issues to corrupting important system
functions making them not only a threat
to your security but to your systems
stability. BHO may not necessarily
need your permission to install and
they can be used for malicious purposes
like gathering info on your surfing
habits.
Commercial
RAT : Any commercial product
that is normally used for remote administration,
but which might be exploited to do
this without user consent or awareness.
Cracking Misc
: Any document and/or tool
that provides guidance on how to remove
copy protection.
Cracking Tool
: Any software designed to
modify other software for the purpose
of removing usage restrictions. An
example is a 'patcher' or 'patch generator',
that will replace bytes at specified
locations in a file, rendering it
a licensed version. A music file ripper
is a program that enables the user
to digitally copy songs from a CD
into many different formats such as
MP3, WAV, or AIFC.
DDoS : A
Distributed Denial of Service (DDoS)
attack is one that pits many machines
against a single victim. An example
is the attacks of February 2000 against
some of the biggest websites. Even
though these websites have a theoretical
bandwidth of a gigabit/second, distributing
many agents throughout the Internet
flooding them with traffic can bring
them down. The Internet is defenseless
against these attacks. The best defense
is for users everywhere to run PestPatrol,
and remove DDoS clients when they
are found, so that their machines
are not used as attack tools. Another
approach is for ISPs to do ""egress
filtering"": prevent packets
from going outbound that do not originate
from IP addresses assigned to the
ISP. This cuts down on the problem
of spoofed IP addresses.
Dialer : A Dialer
is a program that uses the computer's
modem to dial telephone numbers, often
without the user's knowledge and consent.
A Dialer can connect to a toll number
that adds long distance charges to
the telephone bill without the user's
knowledge or permission. Dialers may
be downloaded through exploits and
installed without notice and consent.
DoS : An
exploit whose purpose is to deny somebody
the use of the service: namely to
crash or hang a program or the entire
system. Examples of DoS attacks include
flooding the victim with more traffic
than can be handled; flooding a service
(like IRC) with more events than it
can handle bomb; crashing a TCP/IP
stack by sending corrupt packets;
crashing a service by interacting
with it in an unexpected way; or hanging
a system by causing it to go into
an infinite loop. For example, the
Ping of Death exploit crashed machines
by sending illegally fragmented packets
at a victim. A common word for DoS
is ""nuke"", which
was first popularized by the WinNuke
program.
Downloader : Downloader
is a program typically installed through
an exploit or some other deceptive
means and that facilitates the download
and installation of other malware
and unwanted software onto a victim's
PC. Downloader may download adware,
spyware or other malware from multiple
servers or sources on the internet.
Dropper :
Spyware dropper when run will install
spyware. In other words dropper is
a carriage for malicious or spying
software. Finding it on your computer
means that your computer is infected
with Dropper and crucial data could
be endangered or even lost.
Encryption
Tool : Any software that
can be used to scramble documents,
software, or systems so that only
those possessing a valid key are able
to unscramble it. Encryption tools
are used to secure information; sometimes
unauthorized use of encryption tools
in an organization is a cause for
concern.
Error Hijacker
: Any software that resets
your browser's settings to display
a new error page when a requested
URL is not found. Hijacks may reroute
your info and address requests through
an unseen site, capturing that info.
In such hijacks, your browser may
behave normally, but be slower.
Exploit :
A way of breaking into a system. An
exploit takes advantage of a weakness
in a system in order to hack it. Exploits
are the root of the hacker culture.
Hackers gain fame by discovering an
exploit. Others gain fame by writing
scripts for it. Legions of script-kiddies
apply the exploit to millions of systems,
whether it makes sense or not. Since
people make the same mistakes over-and-over,
exploits for very different systems
start to look very much like each
other. Most exploits can be classified
under major categories: buffer overflow,
directory climbing, defaults, Denial
of Service.
Fake AntiSpyware
: A Fake AntiSpyware is software
that purports to scan and detect malware
or other problems on the computer,
but which attempts to dupe or badger
users into purchasing the program
by presenting the user with intrusive,
deceptive warnings and/or false, misleading
scan results. It typically uses aggressive,
deceptive advertising and may be installed
without adequate notice and consent,
often though exploits.
Firewall
Killer : Programs that alters/bypasses
security system that uses rules to
block or allow connections and data
transmission between your computer
and the Internet.
Flooder
: A program that overloads
a connection by any mechanism, such
as fast pinging, causing a DoS attack.
An E-Mail Flooder is a program used
to send mass e-mail to flood or disrupt
a PC or network.
FTP Server
: When installed without
user awareness, an FTP server allows
an attacker to download any file in
the user's machine, to upload new
files to that machine, and to replace
any existing file with an uploaded
file.
Hacker Tool
: Tools that can be used
by a hacker or unauthorized user to
attack, gain unwelcome access to or
perform identification or fingerprinting
of your computer.
Hacking
Tutorial : A Hacking Tutorial
explains how to break into systems.
Hijacker :
Hijackers are software programs that
modify users' default browser home
page, search settings, error page
settings, or desktop wallpaper without
adequate notice, disclosure, or user
consent. When the default home page
is hijacked, the browser opens to
the web page set by the hijacker instead
of the user's designated home page.
In some cases, the hijacker may block
users from restoring their desired
home page.
Hoax :
Not a pest, not a virus, not a worm,
not a trojan. A hoax is a worrisome
warning, usually transmitted by e-mail.
Examples of hoaxes: 'If you receive
an e-mail that has a subject line
of X, then ... This is a very bad
thing, and blah blah blah... Please
pass this on to everyone in your address
book." Before following the instructions
in the e-mail, do a simple internet
search for the subject line, the file
name, etc. to see if others regard
this as a hoax. Hoaxes are not detected
by PestPatrol. But some are included
in our Pest Encyclopedia for your
information.
Homepage Hijacker
: Any software that changes
your browser's home page to some other
site. Hijacks may reroute your info
and address requests through an unseen
site, capturing that info. In such
hijacks, your browser may behave normally,
but be slower.
Hostile ActiveX
: An ActiveX control is essentially
a Windows program that can be distributed
from a web page. These controls can
do literally anything a Windows program
can do. A Hostile ActiveX program
does something that its user did not
intend for it to do, such as erasing
a hard drive, dropping a virus or
trojan into your machine, or scanning
your drive for tax records or documents.
As with other Trojans, a Hostile ActiveX
control will normally appear to have
some other function than what it actually
has.
Hostile Java
: Browsers include a ""virtual
machine"" that encapsulates
the Java program and prevents it from
accessing your local machine. The
theory behind this is that a Java
""applet"" is
really content -- like graphics --
rather than full application software.
However, as of July, 2000, all known
browsers have had bugs in their Java
virtual machines that would allow
hostile applets to ""break
out"" of this ""sandbox""
and access other parts of the system.
Most security experts browse with
Java disabled on their computers,
or encapsulate it with further sandboxes/virtual-machines.
Hostile Script :
A script is a text file with a .VBS,
.WSH, .JS, .HTA, .JSE, .VBE extension
that is executed by Microsoft WScript
or Microsoft Scripting Host Application,
interpreting the instructions in the
script and acting on them. A hostile
script performs unwanted actions.
HTTP Server : When
installed without user awareness,
an HTTP server allows an attacker
to use a web browser to view and thus
retrieve information collected by
other software placed in the user's
machine.
Installer
: A utility that copies system
software or an application from floppy
disks or a CD-ROM to your hard disk.
An Installer may also decompress the
new files, remove obsolete files,
place extensions and control panels
in their proper folders, and/or create
new folders. Spyware Installers installs
spyware which is bundled with the
installer.
IRC War : Any
tool that uses Internet Relay Chat
for spoofing, eavesdropping, sniffing,
spamming, breaking passwords, harassment,
fraud, forgery, 'imposturing', electronic
trespassing, tampering, hacking, nuking,
system contamination including without
limitation use of viruses, worms and
Trojan horses causing unauthorized,
damaging or harmful access and/or
retrieval of information and data
on your computer and other forms of
activity that may even be considered
unlawful.
Joke Programs
: Programs that alter or
interrupt the normal behavior of your
computer, creating a general distraction
or nuisance.
Key Generator
: Any tool designed to break
software copy protection by extracting
internally-stored keys, which can
then be entered into the program to
convince it that the user is an authorized
purchaser.
Key Logger (Keystroke Logger):
A key logger is a program
that captures and logs keystrokes
on the computer without the user's
knowledge and consent. The logged
data may be encrypted and is typically
sent to a remote attacker. The key
logger is usually hidden from the
user and may use cloaking (rootkit)
technology to hide from other software
in order to evade detection by anti-malware
applications.
Loader : Any
program designed to load another program.
Mail Bomber
: Software that will flood
a victim's inbox with hundreds or
thousands of pieces of mail. Such
mail generally does not correctly
reveal its source.
Mailer :
A program that creates and sends email
with forged headers, so that the source
of the mail it sends cannot be traced.
Malware :
Malware is a category of malicious
code that includes viruses, worms,
and Trojan horses. Destructive malware
will utilize popular communication
tools to spread, including worms sent
through email and instant messages,
Trojan horses dropped from web sites,
and virus-infected files downloaded
from peer-to-peer connections. Malware
will also seek to exploit existing
vulnerabilities on systems making
their entry quiet and easy.
Mass Mailer
: Infects target computer,
then distributes itself from via mass
emailing to other computers using
the target computer's address book.
Misc Tool : Any tool
that might be used in planning an
attack on a system, developing tools
for such an attack, or performing
it.
Notifier : Any tool
designed for stealth notification
of an attacker that a victim has installed
and run some pest. Such notification
might be done by FTP, SMS, SMTP, or
other method, and might contain a
variety of information. Often used
in combination with a Packer, a Binder
and a Downloader.
Nuker : A program
that disables a machine through damage
to the registry, key files, the file
system, etc.
P2P (Peer-to-peer):
A method of file sharing over a network
in which individual computers are
linked via the Internet or a private
network to share programs/files, often
illegally. Users download files directly
from other users' computers, rather
than from a central server. Many P2P
programs bundle third-party advertising
programs, and are currently the second
largest source of virus, Trojan and
data mining infections.
Packer : A utility
which compresses a file, encrypting
it in the process. It adds a header
that automatically expands the file
in memory, when it is executed, and
then transfers control to that file.
Some packers can unpack without starting
the packed file. Packers are ""useful""
for trojan authors as they make their
work undetectable by anti-virus products.
Password Capture :
A variant of the Key Logger that captures
passwords as they are entered or transmitted.
Some password capture trojans impersonate
the login prompt, asking the user
to provide their password.
Password Cracker : A
tool to decrypt a password or password
file. PestPatrol uses the term both
for programs that take an algorithmic
approach to cracking, as well as those
that use brute force with a password
cracking word list. Password crackers
have legitimate uses by security administrators,
who want to find weak passwords in
order to change them and improve system
security.
Password Cracking
Word List : A list of words
that a brute force password cracker
can use to muscle its way into a system.
Phreaking
Tool : Any
executable that assists in hacking
the phone system, such as by using
a sound card to imitate various audible
tones.
Port Scanner : In
hacker reconnaissance, a port scan
attempts to connect to all 65536 ports
on a machine in order to see if anybody
is listening on those ports. Ports
scans are not illegal in many places,
in part because they don't actually
compromise the system, in part because
they can easily be spoofed, so it
is hard to prove guilt, and in part
because virtually any machine on the
Internet can be induced to scan another
machine. Many people think that port
scanning is an overt hostile act and
should be made illegal. An attacker
will often sweep thousands (or millions)
of machines rather than a single machine
looking for any system that might
be vulnerable. Port scans are always
automated through tools called Port
Scanners.
Probe Tool
: A tool that explores another
system, looking for vulnerabilities.
While these can be used by security
managers, wishing to shore up their
security, the tools are as likely
used by attackers to evaluate where
to start an attack. An example is
an NT Security Scanner.
Proxy :
Any firewall that blocks and re-creates
a connection between two points. As
a defensive tool, a proxy in an organization
hides a user from the outside world.
As a pest, a proxy hides an attacker
from a user. As a pest, a proxy is
a tool that can be used to anonymize
a connection between an attacker and
your machine, making the connection
more difficult to trace. The attacker
interacts with the proxy; the proxy
translates the interaction and interacts
with your machine. As attack tools,
SMTP and FTP proxies are often used
in conjunction with Firewall Killers,
Downloaders, RATs, and Trojans.
RAT : A Remote Administration
Tool, or RAT, is a Trojan that when
run, provides an attacker with the
capability of remotely controlling
a machine via a ""client""
in the attacker's machine, and a ""server""
in the victim's machine. Examples
include Back Orifice, NetBus, SubSeven,
and Hack'a'tack. What happens when
a server is installed in a victim's
machine depends on the capabilities
of the trojan, the interests of the
attacker, and whether or not control
of the server is ever gained by another
attacker -- who might have entirely
different interests. Infections by
remote administration Trojans on Windows
machines are becoming as frequent
as viruses. One common vector is through
File and Print Sharing, when home
users inadvertently open up their
system to the rest of the world. If
an attacker has access to the hard-drive,
he/she can place the trojan in the
startup folder. This will run the
trojan the next time the user logs
in. Another common vector is when
the attacker simply e-mails the trojan
to the user along with a social engineering
hack that convinces the user to run
it against their better judgment.
Search Hijacker:
Any software that resets your browser's
settings to point to other sites when
you perform a search. Hijacks may
reroute your info and address requests
through an unseen site, capturing
that info. In such hijacks, your browser
may behave normally, but be slower.
Search results when such a hijacker
is running will sometimes differ from
non-hijacked results.
Sniffer :
A wiretap that eavesdrops on computer
networks. The attacker must be between
the sender and the receiver in order
to sniff traffic. This is easy in
corporations using shared media. Sniffers
are frequently used as part of automated
programs to sift information off the
wire, such as clear-text passwords,
and sometimes password hashes (to
be cracked).
SPAM Tool
: Any software designed to
extract email addresses from web sites
and other sources, remove ""dangerous""
or ""illegal""
addresses, and/or efficiently send
unsolicited (and perhaps untraceable)
mail to these addresses.
Spoofer :
To spoof is to forge your identity.
Attackers use spoofers to forge their
IP address (IP spoofing). The most
common use of spoofing today is smurf
and fraggle attacks. These attacks
use spoofed packets against amplifiers
in order to overload the victim's
connection. This is done by sending
a single packet to a broadcast address
with the victim as the source address.
All the machines within the broadcast
domain then respond back to the victim,
overloading the victim's Internet
connection. Since smurfing accounts
for more than half the traffic on
some backbones, ISPs are starting
to take spoofing seriously and have
started implementing measures within
their routers that verify valid source
addresses before passing the packets.
Spyware:
Programs that have the ability to
scan systems or monitor activity and
relay information to another computer
or locations in cyber-space.
Surveillance
: Any software designed to
use a webcam, microphone, screen capture,
or other approaches to monitor and
capture information. Some such software
will transmit this captured information
to a remote source.
Telnet Server
: Software that allows a
remote user of a Telnet client to
connect as a remote terminal from
anywhere on the Internet and control
a computer in which the server software
is running.
Toolbar :
A Toolbar is a type of browser plug-in
that adds a third-party utility bar
to the web browser, usually just below
or next to the browser's address bar.
A Toolbar typically has a search function
and provides search results for paid
advertisers.
Tracking Cookies
: Tracking cookies allow
multiple web sites to store and access
records that may contain personal
information (including surfing habits,
user names and passwords, areas of
interest, etc.), and subsequently
share this information with other
web sites and marketing firms.
Trackware
: Programs that track system
activity, gather system information,
or track user habits and relay this
information to third-party organizations.
Trojan : Any
program with a hidden intent. Trojans
are one of the leading causes of breaking
into machines. If you pull down a
program from a chat room, new group,
or even from unsolicited e-mail, then
the program is likely trojaned with
some subversive purpose. The word
Trojan can be used as a verb: To trojan
a program is to add subversive functionality
to an existing program. For example,
a trojaned login program might be
programmed to accept a certain password
for any user's account that the hacker
can use to log back into the system
at any time. Rootkits often contain
a suite of such trojaned programs.
Trojan Creation
Tool : A program designed
to create Trojans. Some of these tools
merely wrap existing Trojans, to make
them harder to detect. Others add
a trojan to an existing product (such
as RegEdit.exe), making it a Dropper.
Trojan Horse
: A Trojan Horse portrays
itself as something other than what
it is at the point of execution. While
it may advertise its activity after
launching, this information is not
apparent to the user beforehand. A
Trojan Horse neither replicates nor
copies itself, but causes damage or
compromises the security of the computer.
A Trojan Horse must be sent by someone
or carried by another program and
may arrive in the form of a joke program
or software of some sort. The malicious
functionality of a Trojan Horse may
be anything undesirable for a computer
user, including data destruction or
compromising a system by providing
a means for another computer to gain
access, thus bypassing normal access
controls.
Trojan Source
: Source code is written
by a programmer in a high-level language
and readable by people but not computers.
Source code must be converted to object
code or machine language before a
computer can read or execute the program.
Trojan Source can be compiled to create
working trojans, or modified and compiled
by programmers to make new working
trojans.
Usage Track
: Usage tracks permit any
user (or their software agent) with
access to your computer to see what
you've been doing. Such tracks benefit
you if you have left the tracks, but
might benefit another user as well.
Virus Creation
Tool : A program designed
to generate viruses. Even early virus
creation tools were able to generate
hundreds or thousands of different,
functioning viruses, which were initially
undetectable by current scanners.
Virus Source : Source
code is written by a programmer in
a high-level language and readable
by people but not computers. Source
code must be converted to object code
or machine language before a computer
can read or execute the program. Virus
Source can be compiled to create working
viruses, or modified and compiled
by programmers to make new working
viruses.
Virus Tutorial
: We don't think there is
much need for viruses in today's offices,
so we don't think there is much need
to learn how to create them. Virus
Tutorials explain 'how to'.
War Dialer : (demon-dialing,
carrier-scanning) War-dialing was
popularized in the 1983 movie War
Games. It is the process of dialing
all the numbers in a range in order
to find any machine that answers.
Many corporations have desktop computers
with attached modems; attackers can
dial in order to break into the desktop,
and thereafter the corporation. Similarly,
many companies have servers with attached
modems that aren't considered as part
of the general security scheme. Since
most security emphasis these days
is on Internet-related attacks, war-dialing
represents the ""soft underbelly""
of the security infrastructure that
can be exploited.
Worm : A
Worm is a malicious program that spreads
itself without any user intervention.
Worms are self-replicate. Worms spread
without attaching to or infecting
other programs and files. A Worm can
spread across computer networks via
security holes on vulnerable machines
connected to the network. Worms can
also spread through email by sending
copies of itself to everyone in the
user's address book A Worm may consume
a large amount of system resources
and cause the machine to become noticeably
sluggish and unreliable.
Worm Creation
Tool : A program designed
to generate worms. Worm creation tools
can often generate hundreds or thousands
of different, functioning worms, most
of which are initially undetectable
by current scanners.
|
Submit
a Threat
Request
for Software to be Removed from our Database
