Glossary

This glossary is a brief dictionary of some of the technical terms used when talking about computer viruses and antivirus programs. It will help users better understand how viruses work, their characteristics, they techniques they use to infect computers and transmit themselves, etc.
 

A

ActiveX: This technology is used, among other things, to improve the functionality of web pages (adding animations, video, 3D browsing, etc). ActiveX controls are small programs that are inserted in these pages. Unfortunately, as they are programs, they can also be targets for viruses.

Address Book: A file with WAB extension. This is used to store information about other users such as e-mail addresses etc.

Administrator: A person or program responsible for managing and monitoring  an IT system or network, assigning permissions etc.

Administrator rights: These rights allow certain people to carry out actions or operations on networked computers.

ADSL: This is a kind of technology that allows data to be sent at very high speed across an Internet connection. It requires a special ADSL modem.

Adware: Programs that display advertising using any means: pop-upsbanners, changes to the browser home page or search page, etc. Adware can be installed with the user consent and awareness, but sometimes it is not. The same happens with the knowledge or lack o knowledge regarding its functionalities.

Algorithm: A process or set of rules for calculating or problem-solving.

Alias: Although each virus has a specific name, very often it is more widely-known by a nickname that describes a particular feature or characteristic of the virus. In these cases, we talk about the virus ‘alias’. For example, the virus CIH is also known by the alias Chernobyl.

ANSI (American National Standards Institute): Is a voluntary organization that sets standards, particularly for computer programming.

Anti-Debug / Anti-debugger: These are techniques used by viruses to avoid being detected.

Antivirus / Antivirus Program: These are programs that scan the memory, disk drives and other parts of a computer for viruses.

API (Application Program Interface): This is a function used by programs to interact with operating systems and other programs.

Armouring: This is a technique used by viruses to hide and avoid detection by the antivirus.

ASCII: Is a standard code -American Standard Code for Information Interchange- for representing characters (letters, numbers, punctuation marks, etc.) as numbers.

ASP (Active Server Page): These are particular types of web pages that allow a site to be personalized according to user profiles. This acronym can also refer to Application Service Provider.

Attributes: These are particular characteristics associated to a file or directory.

Autoencryption: The way in which a virus codifies (or encrypts) part or all of itself, making it more difficult to analyze or detect to analyze.

AutoSignature: This is normally a short text including details like name, address etc. that can be automatically added to new e-mail messages.
[Top]
B

Backdoor: This is a program that enters the computer and creates a backdoor through which it is possible to control the affected system without the user realizing.

Banker Trojan: A malicious program, which using different techniques, steals confidential information to the customers of online payment banks and/or platforms.

Banner: An advert displayed on a web page, promoting a product or service that may or may not be related to the host web page and which in any event links directly to the site of the advertiser.

Batch files / BAT files: Files with a BAT extension that allow operations to be automated.

BBS (Bulletin Board System): A system or service on the Internet that allows subscribed users to read and respond to messages written by other users (e.g. in a forum or newsgroup).

BHO (Browser Helper Object): A plugin that is automatically runs long with the Internet browser, adding to its functionality. Some are used for malicious ends, such as monitoring the web pages viewed by users.

BIOS (Basic Input / Output System): A group of programs that enable the computer to be started up (part of the boot system).

Bit: This is the smallest unit of digital information with which computers operate.

Boot / Master Boot Record (MBR) : Also known as the Boot sector, this is the area or sector of a disk that contains information about the disk itself and its properties for starting up the computer.

Boot disk / System disk: Disk (floppy disk, CD-ROM or hard disk) that makes it possible to start up the computer.

Boot virus: virus that specifically affects the boot sector of both hard disks and floppy disks.

Bot: A contraction of the word ‘robot’. This is a program that allows a system to be controlled remotely without either the knowledge or consent of the user.

Bot herder: A person or group that controls the botnet. They are also known as ‘bot master’ or ‘zombie master’.

Botnet: A network or group of zombie computers controlled by the owner of the bots. The owner of the botnets sends instructions to the zombies. These commands can include updating the bot, downloading a new threat, displaying advertising or launching denial of service attacks.

Browser: A browser is the program that lets users view Internet pages. The most common browsers are: Internet Explorer, Netscape Navigator, Opera, etc.

Buffer: This is an intermediary memory space used to temporarily save information transferred between two units or devices (or between components in the same system).

Bug: This is a fault or error in a program.

Bus: Communication channel between different components in a computer (communicating data signals, addresses, control signals, etc).

Byte: This is a unit of measurement of digital information. One byte is equal to 8 bits.
[Top]
C

Cache: This is a small section of the computer’s memory.

Category / Type (of virus): As there are many different types of viruses, they are grouped in categories according to certain typical characteristics.

Cavity: Technique used by certain viruses and worms to make them more difficult to find. By using this technique, the size of the infected file doesn’t change (they only occupy cavities in the file affected).

Chat / Chat IRC / Chat ICQ: These are real-time text conversations over the Internet.

Client: IT system (computer) that requests certain services and resources from another computer (server), to which it is connected across a network.

Cluster: Various consecutive sectors of a disk.

CMOS (Complementary Metal Oxide Semiconductor): This is a section of the computer’s memory in which the information and programs needed to start up the system are kept (BIOS).

Code: Content of virus files -virus code, written in a certain programming language-. Can also refer to systems for representing or encrypting information.

In its strictest sense, it can be defined as a set of rules or a combination of symbols that have a given value within an established system.


Common name: The name by which a virus is generally known.

Companion / Companion virus / Spawning: This is a type of virus that doesn’t insert itself in programs, but attaches itself to them instead.

Compressed / Compress / Compression / Decompress: Files, or groups of files, are compressed into another file so that they take up less space.

Cookie: This is a text file which is sometimes sent to a user visiting a web page to register the visit to the page and record certain information regarding the visit.

Country of origin: This generally refers to the country where the first incidence of virus was first recorded.

Cracker: Someone who tries to break into (restricted) computer systems.

CRC (CRC number or code): A unique numeric code attached to files that acts as the files ID number.

Crimeware: All programs, messages or documents used directly or indirectly to fraudulently obtain financial gain to the detriment of the affected user or third parties.

CVP - Content Vectoring Protocol: Protocol  developed in 1996 by Check Point which allows antivirus protection to be integrated into a firewall server.

Cylinder: Section of a disk that can be read in a single operation.
[Top]
D

Damage level: This is a value that indicates the level of the negative effects that a virus could have on an infected computer. It is one of the factors used to calculate the Threat level.

Database: A collection of data files and the programs used to administer and organize them. Examples of database systems include: Access, Oracle, SQL, Paradox, dBase, etc.

DDoS / Distributed Denial of Service: This is a Denial of Service (DoS) attack where multiple computers attack a single server at the same time. Compromised computers would be left vulnerable, allowing the attacker to control them to carry out this action.

Debugger: A tool for reading the source code of programs.

Deleted items: A folder in e-mail programs that contains messages which have been deleted (they have not been eliminated completely from the computer). After deleting a message containing a virus, it is advisable to delete it from this folder as well.

Detection updated on: The latest date when the detection of a malware was updated in the Virus Signature File.

Dialer: This is a program that is often used to maliciously redirect Internet connections. When used in this way, it disconnects the legitimate telephone connection used to hook up to the Internet and re-connects via a premium rate number. Often, the first indication a user has of this activity is an extremely expensive phone bill.

Direct action: This is a specific type of virus.

Directory / Folder: Divisions or sections used to structure and organize information contained on a disk. The terms folder and directory really refer to the same thing. They can contain files or other sub-directories.

Disinfection: The action that an antivirus takes when it detects a virus and eliminates it.

Distribution level: This is a value that indicates the extent to which a virus has spread or the speed at which it is spreading. It is one of the factors used to calculate the Threat level.

DNS (Domain name system): System to enable communication between computers connected across a network or the Internet. It means that computers can be located and assigns comprehensible names to their IP addresses.

DNS servers, are those computers in which these names are handled (resolved) and associated to their corresponding IPs.


DoS / Denial of Service: This is a type of attack, sometimes caused by viruses, that prevents users from accessing certain services ( in the operating system, web servers etc.).

Download: This is the process of obtaining files from the Internet (from Web pages or FTP sites set up specifically for that purpose).

Driver / Controller: program, known as a controller, used to control devices connected to a computer (normally peripherals like printers, CD-ROM drives, etc).

Dropper: This is an executable file that contains various types of virus.

Dynamic Link Library (DLL): A special type of file with the extension DLL.
[Top]
E

EICAR: European Institute of Computer Anti-Virus Research. An organisation which has created a test to evaluate the performance of antivirus programs, known as the EICAR test.

ELF -files- (Executable and Linking Format): These are executable files (programs) belonging to the Unix/Linux operating system.

Emergency Disk / Rescue disk: A floppy disk that allows the computer to be scanned for viruses without having to use the antivirus installed in the system, but by using what is known as the “command line antivirus”.

Encryption / Self-encryption: This is a technique used by some viruses to disguise themselves and therefore avoid detection by antivirus applications.

EPO (Entry Point Obscuring): A technique for infecting programs through which a virus tries to hide its entry point in order to avoid detection. Instead of taking control and carrying out its actions as soon as the program is used or run, the virus allows it to work correctly for a while before the virus goes into action.

Exceptions: This is a technique used by antivirus programs to detect viruses.

Exploit: This can be a technique or a program that takes advantage of a vulnerability or security hole in a certain communication protocol, operating system, or other IT utility or application.

Extension: Files have a name and an extension, separated by a dot: NAME.EXTENSION. A file can have any NAME, but the EXTENSION (if it exists) has a maximum of three characters. This extension indicates the type of file (text, Word document, image, sound, database, program, etc.).
[Top]
F

Family / Group: Some viruses may have similar names and characteristics. These viruses are grouped into families or groups. Members of the group are known as variants of the family or the original virus (the first to appear).

FAT (File Allocation Table): This is a section of a disk that defines the structure and organization of the disk itself. It also contains the ‘addresses’ for all the files stored on that disk.

File / Document: Unit for storing information (text, document, images, spreadsheet etc.) on a disk or other storage device. A file is identified by a name, followed by a dot and then its extension (indicating the type of file).

Firewall: This is a barrier that can protect information in a system or network when there is a connection to another network, for example, the Internet.

FireWire: Is a high-speed communication channel, used to connect computers and peripherals to other computers.

First Appeared on…: The date when a particular virus was first discovered.

First detected on: The date when the detection of a certain malware was first included in the Virus Signature File.

Flooding: Programs that repeatedly send a large message or text to a computer through messaging systems like MSN Messenger in order to saturate, collapse or flood the system.

Format: Define the structure of a disk, removing any information that was previously stored on it.

Freeware:  All software legally distributed free of charge.

FTP (File Transfer Protocol): A mechanism that allows files to be transferred through a TCP/IP connection.
[Top]
G

Gateway: A computer that allows communication between different types of platforms, networks, computers or programs.

GDI (Graphics Device Interface): A system that allows the Windows operating system to display presentations on-screen or in print.

Groupware: A system that allows users in a local network (LAN) to use resources like shared programs; access to Internet, intranet or other areas; e-mail; firewalls and proxies, etc.
[Top]
H

Hacker: Someone who accesses a computer illegally or without authorisation.

Hacking tool: Program that can be used by a hacker to carry out actions that cause problems for the user of the affected computer (allowing the hacker to control the affected computer, steal confidential information, scan communication ports, etc).

Hardware: Term referring to all physical elements in an IT system (screen, keyboard, mouse, memory, hard disks, microprocessor, etc).

Header (of a file): This is the part of a file in which information about the file itself and its location is kept.

Heuristic scan: This term, which refers to problem solving by trial and error, is used in the computer world to refer to a technique used for detecting unknown viruses.

Hijacker: Any program that changes the browser settings, to make the home page or the default search page, etc. different from the one set by the user.

Hoax: This is not a virus, but a trick message warning of a virus that doesn’t actually exist.

Host: This refers to any computer that acts as a source of information.

HTTP (Hyper Text Transfer Protocol): This is a communication system that allows web pages to be viewed through a browser.
[Top]
I

Identity Theft: Obtaining confidential user information, such as passwords for accessing services, in order that unauthorized individuals can impersonate the affected user.

IFS (Installable File System): System used to handle inbound/outbound information transfers between a group of devices or files.

IIS (Internet Information Server): This is a Microsoft server (Internet Information Server), designed for publishing and maintaining web pages and portals.

IMAP (Internet Message Access Protocol): This is a system or protocol which allows access to e-mail messages.

In circulation: virus is said to be in circulation, when cases of it are actually being detected somewhere in the world.

In The Wild: This is an official list drawn up every month of the viruses reported causing incidents.

Inbox: This is a folder in e-mail programs which contains received messages.

Infection: This refers to the process of a virus entering a computer or certain areas of a computer or files.

Interface: The system through which users can interact with the computer and the software installed on it. At the same time, this software (programs) communicates via an interface system with the computer’s hardware.

Interruption: A signal through which a momentary pause in the activities of the microprocessor is brought about.

Interruption vector: This is a technique used by a computer to handle the interruption requests to the microprocessor. This provides the memory address to which the service should be provided.

IP (Internet Protocol) / TCP-IP: An IP address is a code that identifies each computer. The TCP/IP protocol is the system, used in the Internet, that interconnects computers and prevents address conflicts.

IRC (Chat IRC): These are written conversations over the Internet in which files can also be transferred.

ISDN (Integrated Services Digital Network): A type of connection for digitally transmitting information (data, images, sound etc).

ISP (Internet Service Provider): A company that offers access to the Internet and other related services.
[Top]
J

Java: This is a programming language that allows the creation of platform independent programs, i.e., they can be run on any operating system or hardware (multi-platform language).

Java Applets: These are small programs that can be included in web pages to improve the functionality of the page.

JavaScript: programming language that offers dynamic characteristics (e.g. variable data depending on how and when someone accesses, user interaction, customized features, etc.) for HTML web pages.

Joke: This is not a virus, but a trick that aims to make users believe they have been infected by a virus.
[Top]
K

Kernel: This is the central module of an operating system.

Keylogger: A program that collects and saves a list of all keystrokes made by a user. This program could then publish the list, allowing third parties to access the data (the information that the user has entered through the keyboard: passwords, document texts, emails, key combinations, etc.).
[Top]
L

LAN (Local Area Network): A network of interconnected computers in a reasonably small geographical area (generally in the same city or town or even building).

Link / Hyperlink: These are parts of a web page, e-mail or document (text, images, buttons, etc.), that when clicked on, take the user directly to another web page or section of the document.

Link virus: This is a type of virus that modifies the address where a file is stored, replacing it with the address of the virus (instead of the original file). As a result, when the affected file is used, the virus activates.

After the computer has been infected, the original file will be unusable.


Logic bomb: This is a program that appears quite inoffensive, but which can carry out damaging actions on a computer, just like any other virus.

Loop: A set of commands or instructions carried out by a program repeatedly until a certain condition is met.
[Top]
M

Macro: A macro is a series of instructions defined so that a program, say Word, Excel, PowerPoint, or Access, carries out certain operations. As they are programs, they can be affected by viruses. Viruses that use macros to infect are known as macro viruses.

Macro virus: A virus that affects macros in Word documents, Excel spreadsheets, PowerPoint presentations, etc.

Malware: This term is used to refer to all programs that contain malicious code (MALicious softWARE), contain malicious code, whether it is a virusTrojan or worm.

Map: This is the action of assigning a shared network disk a letter in a computer, just as if it were another drive in the computer itself.

MAPI: Messaging Application Program Interface. A system used to enable programs to send and receive e-mail via a certain messaging system.

Mask: This is a 32 bit number that identifies an IP address in a certain network. This allows the TCP/IP communication protocol to know if a an IP address of a computer belongs to one network or another.

Means of infection: A fundamental characteristic of a virus. This is the way in which a virus infects a computer.

Means of transmission: A fundamental characteristic of a virus. This is the way in which a virus spreads from one computer to another.

Microprocessor / Processor: This is the integrated electronic heart of a computer or IT system e.g. Pentium (I, II, III, IV,...), 486, 386, etc.

MIME (Multipurpose Internet Mail Extensions): This is the set of specifications that allows text and files with different character sets to be exchanged over the Internet (e.g. between computers in different languages).

Modem: A peripheral device, also known as MOdulator DEModulator, used to transmit electronic signals (analogical and digital). It is designed to enable communication between computers or other types of IT resources. It is most often used for connecting computers to the Internet.

Module: In IT parlance, this is a set or group of macros in a Word document or Excel spreadsheet, etc.

MS-DOS (Disk Operating System): This operating system, which predates Windows, involves the writing of commands for all operations that the user wants to carry out.

MSDE (Microsoft Desktop Engine): A server for storing data, which is compatible with SQL Server 2000.

MTA (Message Transfer Agent): This is an organized mail system that receives messages and distributes them to the recipients. MTAs also transfer messages to other mail servers. Exchange, sendmail, qmail and Postfix, for example, are MTAs.

Multipartite: This is a characteristic of a particular type of sophisticated virus, which infects  computers by using a combination of techniques used by other viruses.

Mutex (Mutual Exclusion Object): Some viruses can use a mutex to control access to resources (examples: programs or even other viruses) and prevent more than one process from simultaneously accessing the same resource.

By doing this, they make it difficult for antiviruses to detect them. These viruses can ‘carry’ other malicious code in the same way that other types, such as polymorphic viruses, do. 

[Top]
N

Network: Group of computers or other IT devices interconnected via  a cable, telephone line, electromagnetic waves (satellite, microwaves etc), in order to communicate and share resources. Internet is a vast network of other sub-networks with millions of computers connected.

Newsgroup: An Internet service through which various people can connect to discuss or exchange information about specific subjects.

Nuke (attack): A nuke attack is aimed at causing the network connection to fail. A computer that has been nuked may block.

Nuker: Person or program that launches a nuke attack, causing a computer to block or the network connection to fail.
[Top]
O

OLE (Object Linking and Embedding): A standard for embedding and attaching images, video clips, MIDI, animations, etc in files (documents, databases, spreadsheets, etc). It also allows ActiveX control