- Adware: Installed by stealth on computers, Adware is software that causes disruptive and unwanted advertising to appear in various programs.
- Anti-Virus Software: Anti-virus software is software designed to locate and delete viruses that may have infected a computer. It is also designed to prevent further infections.
- Attachment: An attachment is a file that is attached to an incoming or outgoing email. Viruses often arrive in the form of disguised attachments in misleading emails.
- Automatic Update: Effective anti-virus protection software is designed to automatically update itself via the Internet on a regular basis. This prevents damage from rapidly-propagating viruses and other security threats.
- Backdoor: A backdoor on a networked computer refers to a port that has been secretly opened between the computer and the network. This backdoor is used to send or receive personal data, such as banking information.
- Blended Threat: A blended threat is a term used to refer to a grouping of sophisticated malicious programs such as viruses, worms and/or Trojans designed to maximize computer infection rates and computer damage.
- Boot Sector: Hard disk drives, floppy diskettes, and logical drives all have boot sectors, where critical drive information is stored. See also partition table, Master Boot Record, and multi-partite viruses.
- Boot Sector or MBR Virus: A virus which infects the boot sector of a fixed or floppy disk. Any formatted disk, even one that is blank, or only contains text data, may contain a boot sector virus. An attempt to boot from a diskette infected with a boot sector virus will cause the virus to become active in memory. This type of virus will place a copy of itself on the Master Boot Record (MBR) or the boot sector of the hard drive. Every time you boot your system from that point on, you will have the virus active in memory. These are the most common viruses. Any attempt to disinfect these viruses while a virus is active in memory will be defeated since it will re-write itself to the disk as soon as you remove it. Additionally, many of these are stealth viruses. You should always attempt to disinfect these viruses after restarting your computer with a write-protected diskette.
- Circular Infection: A type of infection that occurs when 2 viruses infect the boot sector of a disk, rendering the disk unbootable. Removing one virus will generally cause a re-infection with the other virus. See also Boot Sector or MBR Virus.
- CMOS: Complimentary Metal Oxide Semi-Conductor. Critical configuration information is stored in CMOS. Some viruses attempt to alter this data.
- Companion Virus: A virus which infects executable files by creating a 'companion' file with the same name but an .COM extension. Since DOS executes .COM files, followed by .EXE files, and finally .BAT files, the virus loads before the executable file.
- Cross-Linked Files: Cross-linking is a common phenomena rarely associated with viruses. It occurs when two files appear to share the same clusters on the disk.
- Dropper: A virus dropper is a program designed to deposit a virus onto a hard disk, a floppy disk, a file, or into memory. It is not a virus itself.
- Encryption: Among the most difficult to detect, encrypted viruses use a brief encryption loop at the start of the program to make the rest of the program unintelligible. This means that scanners relying on signature files have only a few bytes to look for. The encryption key also changes each time a polymorphic virus replicates.
- Executable Code: This represents instructions which are 'executable' by the computer. This includes COM, EXE, DLL and similar files. In a broader sense, executable code includes the code found in disk boot sectors, batch files and even macros used by some applications.
- False Positive: A false positive occurs when a scanner identifies a file as infected when in fact it is not.
- File Stealth Virus: In addition to redirection for the boot information, these viruses attack .COM and .EXE files when opened or copied and hides the file size changes from the DIR command. The major problem arises when an attempt is made to use CHKDSK/F and there appears to be a difference in the reported files size and the apparent size. CHKDSK assumes this is the result of some cross-linked files and attempts to repair the damage. The result is the destruction of the files involved. The FRODO or 4096 virus is famous for this kind of damage. See also Stealth Virus, and Full Stealth Virus.
- Full Stealth Virus: In this case, ALL normal calls to file locations are cached while the virus subtracts its own length so that it appears clean. See also Stealth Virus, and File Stealth Virus.
- Firewall: A firewall is a protective software program that shields a computer on a network from external attack. Two-way firewalls also prevent unwanted sending of secretly collected data to external third-parties along networks.
- Heuristics: A rule-based method of identifying new viruses. This method of scanning does not rely on specific virus signatures. The advantage of the heuristic scan is that it is not fooled by a new variant of an existing virus. However, it might occasionally report suspicious code in normal programs. For example, the scanning of a program may generate the message:
C:\DOS\MSHERC.COM has been modified by adding some code at the end. This does not appear to be a virus, but might be a self-checking routine or some "wrapper" program.
Identity Theft: Computer crime can be carried out by hackers who steal personal information and then impersonate users electronically, for example transferring funds from bank accounts or racking up bills on credit cards).
- Integrity Checker: A program which checks for changes to files. Integrity checkers, when used correctly, can provide an excellent second line of defense against new viruses or variants.
- In the Wild: Viruses found "in the wild" are viruses which are known to be spreading, as opposed to viruses which are not currently spreading, but are confined "in the zoo."
- Joke Programs: Joke programs are generally not harmful in any way, their side effects are often mistaken for those of a virus.
- Logic Bomb: A logic bomb is a program which will execute a pre-programmed routine (frequently destructive) when a designated condition is met. Logic bombs do not make copies of themselves.
- Macro Virus: A macro virus is a virus written in one of the many macro languages. The macro viruses spread via infected files, which can be documents, spreadsheets, databases, or any computer program which allows use of a macro language.
- Malware: A generic name for software which intentionally performs actions which can damage data or disrupt systems.
- Master Boot Record: On a computer's fixed disk, the first physical sector is reserved for a short bootstrap program. This sector is the Master Boot Record (MBR). See also Boot Sector and Boot Sector or MBR Virus.
- Memory-Resident: Residing in computer memory as opposed to on a disk.
- Multi-Partite: A virus able to infect both files and boot sectors is said to be multi-partite. Such viruses are highly infectious.
- Partition Table: PC disks are often split in logical blocks known as partitions. Information required to access these partitions, as well as a flag which indicates which partition should be used to boot the system (the active partition) is stored in the Master Boot Record. See also boot sector, boot sector and MBR viruses.
- Patch: When a vulnerability or 'bug' is found in a commercial software program, the vendor will typically release a software patch to fix the problem. Patches are downloaded over the Internet.
- Polymorphism: A virus is said to be polymorphic if its code appears to be different every time it replicates. Although generally each replication of the virus is functionally identical. This is usually achieved by encrypting the body of the virus, and adding a decryption routine which is different for each replication. When a polymorphic virus replicates, a portion of the decryption code is modified. Additionally, random, do-nothing blocks of code can be embedded in the program and are shuffled around to further vary the signature. In essence, it looks like a different program to virus scanners.
- Pop-up: A pop-up is an HTML box that appears on a computer screen, often containing an advertisement. Many pop-ups contain or are caused by viruses or Trojans.
- Shareware: Shareware is software distributed for free over the Internet. Shareware differs from freeware, which is also freely available software, in that it asks users for a small voluntary donation.
- Spyware: Spyware is software that is installed by stealth on computers and used to track the user's downloads, web surfing habits and individual keystrokes. This information is then secretly relayed via a backdoor to an external third-party.
- Stealth Virus: These viruses actively hide themselves while running. The first common virus, the BRAIN (discovered in the wild in 1986), was a stealth virus. It infected the boot sector of a floppy diskette and any attempt to read the boot sector with BRAIN active would be redirected to a copy of the original boot sector someplace else on the diskette. See also File Stealth and Full Stealth.
- Trojan, Trojan Horse: A Trojan or Trojan Horse is a program which carries out an unauthorized function while hidden inside an authorized program. It is designed to do something other than what it claims to, and frequently is destructive in its actions.
- Tunneling: Viruses that use tunneling techniques redirect all hard drive calls between their location in RAM and the operating system. This allows them to bypass any anti-viral products in memory at that time.
- Virus: A virus is an independent program which reproduces itself. It may attach to other programs; it may create copies of itself (see companion viruses). It may attach itself to any executable code, including but not limited to boot sectors and/or partition sectors of hard and/or floppy disks. It may damage, corrupt or destroy data, or degrade system performance.
- Virus Simulator: A virus simulator is a program which creates files that "look like" viruses. Such files are questionable for testing purposes because they are not really infected.
- Virus Variant: A variant virus is a modification of a previously known virus.
- Worm: A worm is a program which reproduces by copying itself over and over, system to system. Worms are self-contained and generally use networks to spread.
- Zombie: A zombie computer is one that has been infected by a virus that transfers control of the computer to a third-party. Zombies are typically used for Denial of Service attacks by hackers.