AdTool : AdTool are programs that facilitate delivery for advertising content to the user and in some cases gather information from the user's computer, including information related to Internet browser usage or other computer habits. They can take up your computers resources and are largely responsible for the countless popup ads you receive on the web. AdTool is often bundled with or embedded within freeware programs like such as clocks, messengers, alerts, weather, and so on.
Adware : An Adware’s main purpose is to display targeted ads based on the user behavior it is tracking. Adware are programs that facilitate delivery of advertising content to the user and in some cases gather information from the user's computer, including information related to Internet browser usage or other computer habits. They can take up your computers resources and are largely responsible for the countless popup ads you receive on the web. Adware is often bundled with or embedded within freeware programs like such as clocks, messengers, alerts, weather, and so on, and software such as screensavers, cartoon cursors, backgrounds, sounds, etc.
Annoyance : Any Trojan that does not cause damage other than to annoy a user, such as by turning the text on the screen upside down, or making mouse motions erratic.
ANSI Bomb : Character sequences that reprogram specific keys on the keyboard. If ANSI.SYS is loaded, some bombs will display colorful messages, or have interesting (but unwanted) graphical effects.
AOL Pest : Any password stealer, exploit, DoS attack, or ICQ hack aimed at users of AOL. They may subject users to various risks, including Spoofing, eavesdropping, sniffing, spamming, breaking passwords, harassment, fraud, forgery, 'importuning', electronic trespassing, tampering, hacking, nuking, system contamination including without limitation use of viruses, worms and Trojan horses causing unauthorized, damaging or harmful access and/or retrieval of information and data on your computer and other forms of activity that may even be considered unlawful.
AV Killer : Any hacker tool intended to disable a user's anti-virus software to help elude detection. Some will also disable personal firewalls.
Backdoor : A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to be used by the attacker for malicious purposes unknown to the user.
Banker : These Trojan monitor and steal the user's internet access and on-line banking details such as such as bank accounts, usernames, passwords and credit card details from your computer and sends it to the attacker.
Binder : A tool that combines two or more files into a single file, usually for the purpose of hiding one of them. A binder compiles the list of files that you select into one host file, which you can rename. A host file is a simple custom compiled program that will decompress and launch the source programs. When you start the host, the embedded files in it are automatically decompressed and launched. When a Trojan is bound with Notepad, for instance, the result will appear to be Notepad, and appear to run like Notepad, but the Trojan will also be run.
Browser Helper Object (BHO) : BHO is an application that extends Internet Explorer and acts as a plug-in. Spyware as well as browser hijackers often use BHOs to display ads or redirect the browser to alternate sites and alternate search results. BHO may not necessarily need your permission to install and they can be used for malicious purposes like gathering info on your surfing habits and search data to facilitate targeted or contextual advertising.
Buffer Overflow : A buffer overflow occurs when a program writes more data in memory than it was initially allotted (buffer space).
Clicker : This family of Trojans redirects victim machines to specified websites or other Internet resources. Clickers either send the necessary commands to the browser or replace system files where standard Internet urls are stored (e.g. the 'hosts' file in MS Windows).
Clickers are used :
Commercial RAT : Any commercial product that is normally used for remote administration, but which might be exploited to do this without user consent or awareness.
Constructor : Virus writers use constructor utilities to create new malicious programs and Trojans. It is known that constructors to create macro-viruses and viruses for Windows are in existence. Constructors can be used to generate virus source code, object modules and infected files.
Some constructors come with a user interface where the virus type, objects to attack, encryption options, protection against debuggers and disassembles, text strings, multimedia effects etc. can be chosen from a menu. Less complex constructors have no interface, and read information about the type of virus to be built from the configuration file.
Cracking Tool : Any software designed to modify other software for the purpose of removing usage restrictions. An example is a 'patcher' or 'patch generator’, which will replace bytes at specified locations in a file, rendering it a licensed version. A music file ripper is a program that enables the user to digitally copy songs from a CD into many different formats such as MP3, WAV, or AIFC.
DDoS : A distributed denial of service attack (DDoS) occurs when multiple compromised systems flood the bandwidth or resources of a targeted system, usually a web server(s). Script kiddies use them to deny the availability of well known websites to legitimate users. More sophisticated attackers use DDoS tools for the purposes of extortion — even against their business rivals.
Dialer : A Dialer is a program that uses the computer's modem to dial telephone numbers, often without the user's knowledge and consent. A Dialer can connect to a phone number that adds long distance charges to the telephone bill without the user's knowledge or permission. Dialers may be downloaded through exploits and installed without notice and consent.
DoS : DoS is Denial of Service Trojan. This is a DDoS (Distributed Denial of Service) Trojan. It conducts a SYN Flood attack on a number of servers in the bootcom.com domain. It works under Windows NT. When launched, it creates a service named Secure transactions provider, which covertly starts each time the system boots up. The service launches five threads, each of which sends TCP packets to one of the servers under attack at high frequency, with SYN flags set. This will cause the network to slow noticeably. Always run in DOS mode.
Downloader : Downloader is a program typically installed through an exploit or some other deceptive means and that facilitates the download and installation of other malware and unwanted software onto a victim's PC. Downloader may download adware, spyware or other malware from multiple servers or sources on the internet.
DNSChanger : The DNSChanger Trojan is usually a small file (about 1.5 kilobytes) that is designed to change the 'NameServer' Registry key value to a custom IP address. This IP address is usually encrypted in the body of a Trojan. As a result of this change a victim's computer will contact the newly assigned DNS server to resolve names of different webservers. And some of the resolved names will not point to legitimate websites - they will point to fake websites that look like real ones, but are created to steal sensitive information (like credit card numbers, logins and passwords).
Dropper : Spyware dropper when run will install spyware. In other words dropper is a carriage for malicious or spying software. Finding it on your computer means that your computer is infected with Dropper and crucial data could be endangered or even lost.
Encryption Tool : Any software that can be used to scramble documents, software, or systems so that only those possessing a valid key are able to unscramble it. Encryption tools are used to secure information; sometimes unauthorized use of encryption tools in an organization is a cause for concern.
Error Hijacker : Any software that resets your browser's settings to display a new error page when a requested URL is not found. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower.
Exploit : Exploits use vulnerabilities in operating systems and applications to achieve the same result. Or in other words, this is a type of malware containing a piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software. This frequently includes such things as gaining control of a computer system or allowing privilege escalation or a denial of service attack.
Fake Anti Spyware : A Fake Anti Spyware is software that purports to scan and detect malware or other problems on the computer, but which attempts to dupe or badger users into purchasing the program by presenting the user with intrusive, deceptive warnings and/or false, misleading scan results. They spuriously warn users that their computers have been infected with spyware, directing them to purchase programs which do not actually remove spyware or even worse, may add more spyware of their own. It typically uses aggressive, deceptive advertising and may be installed without adequate notice and consent, often though exploits.
Firewall Killer : Programs that alters/bypasses security system that uses rules to block or allow connections and data transmission between your computer and the Internet.
Flooder : A program that overloads a connection by any mechanism, such as fast pinging, causing a DoS attack. An E-Mail Flooder is a program used to send mass e-mail to flood or disrupt a PC or network.
FraudTool : These are programs which look like any legitimate program but usually download without users permission, entice users into buying them by showing fake results to improve users PC performance. They may also download spyware and other unwanted programs.
FTP Server : When installed without user awareness, an FTP server allows an attacker to download / upload any file on the user's machine.
GameThief : A threat that attempts to steal vital information from the user with regards to online gaming activity and is capable of connecting to a remote site to download possible updates of its application.
HackTool : HackTool is a utility designed to penetrate remote computers. These types of malware connect to the remote machines and use them as zombies without any giving prior information to the owner. Many hacktools download malicious programs on the victim machines.
Hijacker : Hijackers are software programs that modify users' default browser home page, search settings, error page settings, or desktop wallpaper without adequate notice, disclosure, or user consent. When the default home page is hijacked, the browser opens to the web page set by the hijacker instead of the user's designated home page.
In some cases, the hijacker may block users from restoring their desired home page.
Hoax : Hoax shows fake security warnings that are quite annoying. The aim of this spyware is to trick a computer user to download third-party cleaning utilities, usually anti-spyware scanners.
Homepage Hijacker : Any software that changes your browser's home page to some other site. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower.
Hostile ActiveX : An ActiveX control is essentially a Windows program that can be distributed from a web page. These controls can do literally anything a Windows program can do. A Hostile ActiveX program does something that its user did not intend for it to do, such as erasing a hard drive, dropping a virus or Trojan into your machine, or scanning your drive for tax records or documents.
Hostile Java : Browsers include a "virtual machine" that encapsulates the Java program and prevents it from accessing your local machine. The theory behind this is that a Java "applet" is really content -- like graphics -- rather than full application software. However, as of July, 2000, all known browsers have had bugs in their Java virtual machines that would allow hostile applets to "break out" of this "sandbox" and access other parts of the system. Most security experts browse with Java disabled on their computers, or encapsulate it with further sandboxes/virtual-machines.
Hostile Script : A script is a text file with a .VBS, .WSH, .JS, .HTA, .JSE, .VBE extension that is executed by Microsoft WScript or Microsoft Scripting Host Application, interpreting the instructions in the script and acting on them. A hostile script performs unwanted actions.
HTTP Server : When installed without user awareness, an HTTP server allows an attacker to use a web browser to view and thus retrieve information collected by other software placed in the user's machine.
IM : A threat that is capable to cause Denial-Of-Service attacks against other instant messenger client systems.
Installer : A utility that copies system software or an application from floppy disks or a CD-ROM to your hard disk. An Installer may also decompress the new files, remove obsolete files, place extensions and control panels in their proper folders, and/or create new folders.
IRC : Internet Relay Chat or Computer conferencing on the Internet. There are hundreds of IRC channels on numerous subjects that are hosted on IRC servers around the world. After joining a channel, your messages are broadcast to everyone listening to that channel. The IRC client is a program that runs on your computer and sends and receives messages to and from an IRC server. Spyware utilize this free tool to broadcast inappropriate or unwanted information.
IRC War : Any tool that uses Internet Relay Chat for spoofing, eavesdropping, sniffing, spamming, breaking passwords, harassment, fraud, forgery, 'imposture', electronic trespassing, tampering, hacking, nuking, system contamination including without limitation use of viruses, worms and Trojan horses causing unauthorized, damaging or harmful access and/or retrieval of information and data on your computer and other forms of activity that may even be considered unlawful.
Keygen : Keygen is a type of software which does not belong to particular legitimate software company but it generates key or more specifically cracks for legitimate software. Many times such types of software are bundled with Spyware.
Keylogger (Keystroke Logger) : A keylogger is a program that captures and logs keystrokes on the computer without the user's knowledge and consent. The logged data is typically sent to a remote attacker. The keylogger is usually hidden from the user and may use cloaking (Rootkit) technology to hide from other software in order to evade easy detection by anti-Spyware applications.
KillAV : KillAV is a Trojan that tries to terminate and/or remove any antivirus software that is running on the computer.
Loader : Any program designed to load another program.
Mail Bomber : Software that will flood a victim's inbox with hundreds or thousands of pieces of mail. Such mail generally does not correctly reveal its source.
Mailer : A program that creates and sends email with forged headers, so that the source of the mail it sends cannot be traced.
Mailfinder : A tool which finds email addresses on the internet for one or more domains.
Malware : Malware is a generic term for any malicious software designed to disrupt the working of a network. Virus, worms and Trojans fall under the category of Malware. Malware utilize popular communication tools to spread, including worms sent through email and instant messages, Trojan horses dropped from web sites, and virus-infected files downloaded from peer-to-peer connections. Malware seek to exploit existing vulnerabilities on systems making their entry quiet and easy.
Mass Mailer : Mass mailer can spread through email by sending copies of itself to everyone in the user's address book. A mass mailer may consume a large amount of system resources and cause the machine to become noticeably sluggish and unreliable.
Monitor : Monitoring tools record each and every activity that user does on his PC by taking frequent snapshots and mailing them to the designated email address.
NetTool : These are programs which enables you to remotely work on a computer in real time. Malware programs take control of users’ PC and can view, send, read any other program or information.
Notifier : The purpose of these Trojans is to inform the author or ‘master’ that malicious code has been installed on the victim machine and to relay information about the IP address, open ports, e-mail address and so on. Trojan Notifiers are typically included in a Trojan ‘pack’ that contains other malware.
Nuker : Nuker is a generic term for several TCP/IP DoS attacks. In some cases, it selects some folders and deletes them. Through TCP/IP it sends packets to targeted computers containing malicious programs which may destroy some specified data.
P2P (Peer-to-peer): Peer-to-peer (P2P) is a method of file sharing over a network in which individual computers are linked via the Internet or a private network to share programs/files, often illegally. Many P2P programs bundle third-party advertising programs, and are currently the second largest source of virus, Trojan and data mining infections.
Packed : Spyware files which are compressed as they make their work undetectable by anti-virus products.
Packer : A utility which compresses a file, encrypting it in the process. It adds a header that automatically expands the file in memory, when it is executed, and then transfers control to that file.
Password Capture : A variant of the keylogger that captures passwords as they are entered or transmitted. Some password captures Trojans impersonate the login prompt, asking the user to provide their password.
Password Cracker : A tool to decrypt a password or password file. Password crackers have legitimate uses by security administrators, who want to find weak passwords in order to change them and improve system security.
Password Cracking Word List : A list of words that a brute force password cracker can use to muscle its way into a system.
Phreaking Tool : Any executable that assists in hacking the phone system, such as by using a sound card to imitate various audible tones.
Ping-of-Death attack : A ping of death (abbreviated “POD”) is a type of attack on a computer that involves sending a malformed or otherwise malicious ping to a computer. A ping is normally 64 bytes in size; many computer systems cannot handle a ping larger than the maximum IP packet size, which is 65,535 bytes. Sending a ping of this size often crashes the target computer.
Traditionally, this bug has been relatively easy to exploit. Generally, sending a 65,536 byte ping packet is illegal according to networking protocol, but a packet of such a size can be sent if it is fragmented; when the target computer reassembles the packet, a buffer overflow can occur, which often causes a system crash.
Porn-Tool : Porn-Tool is an application designed to access pornographic content on a remote server.
Pornware : Pornware is the generic term used to describe malware-related programs that either use the computer’s modem to connect to pornographic pay-to-view services, or download pornographic content from the web, without the consent of the user.
Port Scanner : In hacker reconnaissance, a port scan attempts to connect to all 65536 ports on a machine in order to see if anybody is listening on those ports. Port scans are always automated through tools called Port Scanners.
Probe Tool : A tool that explores another system, looking for vulnerabilities. While these can be used by security managers, wishing to shore up their security, the tools are as likely used by attackers to evaluate where to start an attack. An example is an NT Security Scanner.
Proxy : Proxy Trojan turns the victim's computer into a proxy server. This gives the attacker the opportunity to do everything from your computer, including the possibility of conducting credit card fraud and other illegal activities, or even to use system to launch malicious attacks against other networks.
PSW : This family of Trojans steals passwords, normally system passwords from victim machines. They search for system files, which contain confidential information such as passwords and Internet access telephone numbers and then send this information to an email address coded into the body of the Trojan. The ‘master’ or user of the illegal program will then retrieve and misuse this information.
Most common behavior:
PUP : PUP or Potentially unwanted program is a term used to describe unwanted programs such as Trojans, Spyware and Adware which come bundled along with other malware.
Ransom : Ransom are Trojans that demand money in exchange for fixing some menace they create on your PC such as encrypt files or threaten to delete files etc.
RAT : A Remote Administration Tool, or RAT, is a Trojan that when run, provides an attacker with the capability of remotely controlling a machine via a "client" in the attacker's machine, and a "server" in the victim's machine.
RemoteAdmin : These are programs which enables you to remotely work on a computer in real time. Malware programs take control of users’ PC and can view, send, read any other program or information.
RiskTool : This is an application that is not necessarily harmful if properly installed by the user or administrator of the PC, but which could be harmful or disruptive to the user, PC, or network if deployed by unauthorized parties for potentially malicious purposes.
Rootkit : A Rootkit is a collection of tools (programs) that enable administrator-level (root) access to a computer or computer network. A Rootkit may consist of spyware and other programs that: monitor traffic and keystrokes; create a "backdoor" into the system for the hacker's use; alter log files; attack other machines on the network; and alter existing system tools to escape detection. They are usually hidden and difficult to clean as they ingranulate deeply within the Registry and system files.
Search Hijacker : Any software that resets your browser's settings to point to other sites when you perform a search. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower. Search results when such a hijacker is running will sometimes differ from non-hijacked results.
SMS : This malware pretends to allow users to visit WAP sites without using a WAP connection or other programs by sending and receiving free SMSs but in fact sends SMS at premium rate numbers at $5-$6 per SMS.
Sniffer : A program and/or device that monitors data traveling over a network. Sniffers can be used both for legitimate network management functions and for stealing information off a network. Unauthorized sniffers can be extremely dangerous to a network's security because they are virtually impossible to detect and can be inserted almost anywhere. Sniffer may be able to read the data in the packet as well as the source and destination addresses.
SpamTool : This program is designed to send spam to email addresses harvested from the victim computer. In addition to wasting people's time with unwanted e-mail, spam also eats up a lot of network bandwidth. When sending spam e-mails, the Trojan can generate fake senders e-mail addresses automatically. It is remotely controlled and can upgrade its file from Internet.
Spoofer : To spoof is to forge your identity. These attacks use spoofed packets against amplifiers in order to overload the victim's connection. This is done by sending a single packet to a broadcast address with the victim as the source address. All the machines within the broadcast domain then respond back to the victim, overloading the victim's Internet connection. Since smurfing accounts for more than half the traffic on some backbones, ISPs are starting to take spoofing seriously and have started implementing measures within their routers that verify valid source addresses before passing the packets.
Spyware : Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers.
StartPage : This Trojan modifies the configuration of Microsoft Internet Explorer without the knowledge or consent of the user.
Surveillance : Any software designed to use a webcam, microphone, screen capture, or other approaches to monitor and capture information. Some such software will transmit this captured information to a remote source.
Telnet Server : Software that allows a remote user of a Telnet client to connect as a remote terminal from anywhere on the Internet and control a computer in which the server software is running.
Toolbar : A Toolbar is a type of browser plug-in that adds a third-party utility bar to the web browser, usually just below or next to the browser's address bar. A Toolbar typically has a search function and provides search results for paid advertisers.
Tracking Cookies : Tracking cookies allow multiple web sites to store and access records that may contain personal information (including surfing habits, user names and passwords, areas of interest, etc.), and subsequently share this information with other web sites and marketing firms.
Trackware : Programs that track system activity, gather system information, or track user habits and relay this information to third-party organizations.
Trojan : A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.
Trojan Horse : A Trojan Horse portrays itself as something other than what it is at the point of execution. While it may advertise its activity after launching, this information is not apparent to the user beforehand. A Trojan Horse neither replicates nor copies itself, but causes damage or compromises the security of the computer. A Trojan Horse must be sent by someone or carried by another program and may arrive in the form of a joke program or software of some sort. The malicious functionality of a Trojan Horse may be anything undesirable for a computer user, including data destruction or compromising a system by providing a means for another computer to gain access, thus bypassing normal access controls.
Usage Track : Usage tracks permit any user (or their software agent) with access to your computer to see what you've been doing. Such tracks benefit you if you have left the tracks, but might benefit another user as well.
VirTool : Any program intended to be used to create viruses, accepting user input to make the created viruses different from others created by the program.
Virus Creation Tool : A program designed to generate viruses. Even early virus creation tools were able to generate hundreds or thousands of different, functioning viruses, which were initially undetectable by current scanners.
Virus : A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. A virus might corrupt or delete data on your computer, use your e-mail program to spread itself to other computers, or even erase everything on your hard disk. It often attaches itself to an executable file or an application. A computer virus is not standalone and needs a host file or program to work or replicate.
War Dialer : (demon-dialling, carrier-scanning) War-dialing was popularized in the 1983 movie War Games. It is the process of dialing all the numbers in a range in order to find any machine that answers. Many corporations have desktop computers with attached modems; attackers can dial in order to break into the desktop, and thereafter the corporation.
WebToolbar : A group of buttons which perform common tasks. A toolbar for Internet Explorer is normally located below the menu bar at the top of the form. Toolbars may be created by Browser Helper Objects. They allow malware programs to monitor internet activities.
Worm : A Worm is a malicious program that spreads itself without any user intervention. Worms are self-replicating. Worms spread without attaching to or infecting other programs and files. A Worm can spread across computer networks via security holes on vulnerable machines connected to the network. Worms can also spread through email by sending copies of itself to everyone in the user's address book. A Worm may consume a large amount of system resources and cause the machine to become noticeably sluggish and unreliable.
Worm Creation Tool : A program designed to generate worms. Worm creation tools can often generate hundreds or thousands of different, functioning worms, most of which are initially undetectable by current scanners.
"I just purchased Spyware Detector and ran it. I am very impressed with how good it was. On the first scan it picked up a lot of very bad Trojans, worms, backdoor poisons that other companies had missed. Thank you!!"
Marjorie L.Read More Testimonials