Glossary
|
|
Chapter 2
|
|
adware
| A software program that delivers advertising content in a manner that is unexpected and unwanted by the user.
|
armored virus
| A virus that goes to great lengths in order to avoid detection.
|
backdoor
| Software code that gives access to a program or a service that circumvents normal security protections.
|
bot herder
| An attacker who controls a botnet.
|
botnet
| A logical computer network of zombies under the control of an attacker.
|
command and control (C&C or C2)
| The structure by which a bot herder gives instructions to zombies in a botnet.
|
computer virus (virus)
| Malicious computer code that, like its biological counterpart, reproduces itself on the same computer.
|
dumpster diving
| The act of digging through trash receptacles to find information that can be useful in an attack.
|
hoax
| A false warning designed to trick users into changing security settings on their computer.
|
impersonation
| A social engineering attack that involves masquerading as a real or fictitious character and then playing out the role of that person on a victim.
|
keylogger
| Software or a hardware device that captures and stores each keystroke that a user types on the computer's keyboard.
|
logic bomb
| Computer code that lies dormant until it is triggered by a specific logical event.
|
macro
| A series of instructions that can be grouped together as a single command, often used to automate a complex set of tasks or a repeated series of tasks.
|
macro virus
| A computer virus that is written in a script known as a macro.
|
malware
| Software that enters a computer system without the user's knowledge or consent and then performs an unwanted and usually harmful action.
|
metamorphic malware
| Malware that rewrites its own code and thus appears different each time it is executed.
|
oligomorphic malware
| Malware that changes its internal code to one of a set number of predefined mutations whenever it is executed.
|
pharming
| A phishing attack that automatically redirects the user to a fake site.
|
phishing
| Sending an email or displaying a web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information.
|
polymorphic malware
| Malware code that completely changes from its original form whenever it is executed.
|
program virus
| A computer virus that infects executable program files.
|
ransomware
| Malware that prevents a user's device from properly operating until a fee is paid.
|
rootkit
| A set of software tools used by an attacker to hide the actions or presence of other types of malicious software.
|
shoulder surfing
| Watching an authorized user enter a security code on a keypad.
|
social engineering
| A means of gathering information for an attack by relying on the weaknesses of individuals.
|
spam
| Unsolicited email.
|
spear phishing
| A phishing attack that targets only specific users.
|
spim
| A variation of spam, which targets instant messaging users instead of email users.
|
spyware
| A general term used to describe software that spies on users by gathering information without consent.
|
tailgating
| When an unauthorized individual enters a restricted-access building by following an authorized user.
|
Trojan horse (Trojan)
| An executable program that is advertised as performing one activity but which actually performs a malicious activity.
|
typo squatting
| Redirecting a user to a fictitious website based on a misspelling of the URL. Also called URL hijacking.
|
URL hijacking
| Redirecting a user to a fictitious website based on a misspelling of the URL. Also called typo squatting.
|
vishing
| A phishing attack uses telephone calls instead of emails.
|
watering hole attack
| A malicious attack that is directed toward a small group of specific individuals who visit the same website.
|
whaling
| A phishing attack that targets only wealthy individuals.
|
worm
| A malicious program designed to enter a computer via a network to take advantage of a vulnerability in an application or an operating system.
|
zombie
| An infected computer that is under the remote control of an attacker.
|