WildlandsTech
Security & Anti-Malware Terminology - Printable Version

+- WildlandsTech (https://wildlandstech.com)
+-- Forum: Malware Removal Team (https://wildlandstech.com/forumdisplay.php?fid=110)
+--- Forum: HackForums MRT (https://wildlandstech.com/forumdisplay.php?fid=191)
+--- Thread: Security & Anti-Malware Terminology (/showthread.php?tid=23573)

Security & Anti-Malware Terminology - Sneakyone - 01-30-2025

Security & Anti-Malware Terminology


Introduction

When analyzing antivirus or anti-malware logs, you may encounter various abbreviations and security-related terms. This guide provides a detailed reference for understanding these terms. While this is not an exhaustive list, it covers common security and malware-related terminology to enhance your understanding.


Anti-Malware Terminology

Common Malware Classifications & Abbreviations

Antivirus and anti-malware programs often use abbreviations to classify threats. Below are common threat types and their corresponding shorthand notations.
  • Trojan (Troj) – A type of malware disguised as legitimate software to trick users into executing it.
  • Virus (Vir) – A self-replicating program that spreads by infecting files.
  • Malware  – Any software designed to cause harm to a system.
  • Rootkit  – Malware that hides its presence and gains deep system access.
  • Worm  – A self-replicating malware that spreads over networks.
  • Adware (Adw) – Software that displays unwanted advertisements.
  • Spyware – Malware designed to monitor user activity and steal information.
  • Keylogger  – Malware that records keystrokes to steal credentials.
  • Bootkit  – A type of rootkit that infects the boot sector.
  • Backdoor  – Malware that allows remote access to a compromised system.
  • Ransomware – Encrypts user files and demands ransom for decryption.

Other Malware Categories
  • Banker Trojan – Malware designed to steal banking credentials.
  • Browser Helper Object Infection (BHO) – Malicious browser add-ons that alter browser settings.
  • Master Boot Record Infection (MBR) – Malware that infects the MBR to load before the OS.
  • Bot Trojan – Turns a computer into a botnet node for remote control.
  • Cookie Tracker – Tracks user activity for advertising or data collection.
  • Dialer Trojan – Hijacks modem connections to dial premium-rate numbers.
  • Dropper Trojan – Malware that installs additional infections.
  • EICAR Test File – A harmless file used to test antivirus detection.
  • Exploit Malware – Malware that exploits system vulnerabilities.
  • Hoax Malware – Fake security alerts designed to scare users into installing malware.
  • Hijacker – Malware that hijacks system settings (e.g., browser homepage).
  • Hack Tool – Unauthorized tools used for hacking or exploiting security flaws.
  • Heuristic Detection (Heur) – A detection method based on behavior analysis.
  • IRC Trojan – Malware that spies on IRC (Internet Relay Chat)*conversations.
  • Macro Virus – Targets macro-based applications (e.g., Microsoft Office).
  • Password Stealing Trojan – Designed to steal user credentials.
  • Phishing Malware  – Used to steal user data by impersonating trusted entities.
  • Polymorphic Virus  – Changes code to evade detection. Examples: Virut or Sality
  • Process Killer  – Malware that terminates security software processes.
  • Redirect Trojan  – Hijacks browser traffic to malicious websites.
  • Remote Access Trojan (RAT) – Allows remote control over a compromised system.
  • Spamming Malware – Sends spam emails from infected machines.
  • Scamming Malware) – Designed to defraud users through deception.
  • Rogue Malware (ROGUE) – Fake security software that extorts users.


Security Terminology

General Security & System Terms
  • ActiveX – A component of **Internet Explorer** that extends browser functionality.
  • Administrator – A user with system-wide access and control privileges.
  • Algorithm – A structured set of instructions for problem-solving.
  • Alias – An alternate name for a malware variant (e.g., Alureon = TDL4).
  • Anti-Malware – A tool designed to detect and remove all types of malware.
  • Anti-Spyware – A tool specifically for detecting spyware infections.
  • Antivirus – A security program that detects and removes viruses.
  • Application Programming Interface (API) – A set of routines that allow software to interact with an OS.
  • Armoring ("Crypting") – A technique used by malware to evade detection.
  • ASCII (American Standard Code for Information Interchange) – A character encoding system.
  • Attributes – Characteristics of files or folders (e.g., read-only, hidden).
  • BAT = Batch File -- A file designed to automate tasks. 
  • BIOS (Basic Input/Output System) – Firmware that initializes system hardware.
  • Botnet – A network of compromised computers controlled by hackers.
  • Cache – A temporary storage mechanism used to improve system performance.
  • Cookie -- A text file that stores user information and preferences for websites to make your experience better on their site.
  • Debugger -- Used to run or halt a program by using breakpoints and has the ability to step through code line by line.
  • Decompiler -- Used to read the source code of a program.
  • Denial of Service (DoS) / Distributed DoS (DDoS) – An attack that overwhelms a server to disrupt service.
  • DNS (Domain Name System) – Translates domain names into IP addresses.
  • Driver – A program that allows the OS to communicate with hardware.
  • Dynamic Link Library (DLL) – A file that contains shared code modules.
  • Emergency Rescue Disk/Recovery - In older times a disk, but in modern times a USB drive loaded with portable recovery software to aid in scanning or recovering the computer.
  • Encryption / Decryption – The process of encoding/decoding data for security.
  • Exceptions – A security program’s list of whitelisted files and programs.
  • FAT = File Allocation Table -- A section of a disk that defines the structure and/or organization of the disk. It contains addresses for where files/folders are stored on the disk.
  • Firewall – A security feature that monitors network traffic.
  • FTP = File Transfer Protocol -- A technique that transfers files over a TCP/IP connection.
  • Hacker – A person who gains unauthorized access to a computer system.
  • Header - A section of a file where information about the file are kept such as date, name, type, etc. usually located at the beginning of a file.
  • Host - A computer or system that acts as a source of information.
  • HTTP/HTTPS (Hypertext Transfer Protocol Secure) – The protocols for web browsing.
  • Identity Theft – The act of stealing someone's personal or financial data.
  • ISP (Internet Service Provider) – A company that provides internet access.
  • LAN (Local Area Network) – A private network connecting computers in a small area.
  • MIME = Multipurpose Internet Mail Extensions - A set of specifications for allowing text and files with different character sets and features be exchanged over the internet.
  • Mutex = Mutual Exclusion Object - An object or program use to control access to resources.
  • Partition - An area or division of a disk that identifies it as a separate disk. Each partition, for example, can be a separate/different operating system.
  • Payload – The malicious effects of malware execution.
  • PE = Portable Executable - A form of an executable file.
  • PUP (Potentially Unwanted Program) – Software that behaves suspiciously but is not malware.
  • P2P (Peer to Peer Software) - Software such as uTorrent.
  • Protocol – A set of rules for data transmission (e.g., FTP, TCP/IP).
  • Proxy - A controller of internet connection to help it be shared to multiple computers used to evade internet protocol address detection of the one using a proxy.
  • Quarantine - A technique used to disinfect a certain piece of malware, but keep information about the file stored.
  • Redirect -- A technique used to change navigation to a certain website to a different website. 
  • Sector - A section or area of a disk.
  • Patch - A set of additional files meant to be added to a program to fix specific flaws or bugs.
  • String - A sequence of characters or codes.
  • Services - A specific program or driver that is meant to carry out specific tasks independently in the system. It can stop, pause, or be given certain instructions on its own. It can be controlled manually, automatically, or other options.
  • Signature – The unique identifier of a malware sample.
  • Variant - A modified version of the original virus or malware that is remade.
  • Volume - A partition, complete hard disk, or section of a disk described to be independent or shared.
  • UPX (Ultimate Packer for Executables) – A tool used to compress executable files.
  • WAN = Wide Area Network - A network of interconnected computers over a large region via network.
  • Windows Explorer - The program used to browse files and folders on the Windows Operating System.
  • Windows Registry – A database storing system settings and configurations.


Conclusion

This guide serves as a quick reference for security and anti-malware terminology. Understanding these terms will help you better analyze antivirus logs, research malware threats, and improve cybersecurity awareness.

Code:
[center][size=22][b]Security & Anti-Malware Terminology[/b][/size][/center]

[hr]

[size=18][b]Introduction[/b][/size]

When analyzing **antivirus or anti-malware logs**, you may encounter various **abbreviations and security-related terms**. This guide provides a **detailed reference** for understanding these terms. While this is not an exhaustive list, it covers **common security and malware-related terminology** to enhance your understanding.

[hr]

[center][size=20][b]Anti-Malware Terminology[/b][/size][/center]

[size=18][b]Common Malware Classifications & Abbreviations[/b][/size]

Antivirus and anti-malware programs often use **abbreviations** to classify threats. Below are common threat types and their corresponding shorthand notations.

[list]
[*] **Trojan (TRJ, Trj, TROJAN, Troj, Trn)** – A type of malware disguised as legitimate software to trick users into executing it.
[*] **Virus (VIR, Virus, Vir, V)** – A self-replicating program that spreads by infecting files.
[*] **Malware (MAL, Mal, MALWARE, M)** – Any software designed to cause harm to a system.
[*] **Rootkit (RTK, Rkit, RKIT, Rtk, RK, Rk)** – Malware that hides its presence and gains deep system access.
[*] **Worm (WORM, Wm, WM)** – A self-replicating malware that spreads over networks.
[*] **Adware (ADW, Adw, AD, Ad)** – Software that displays unwanted advertisements.
[*] **Spyware (SPY, Spy, SPYWARE, SP, Sp, S)** – Malware designed to monitor user activity and steal information.
[*] **Keylogger (KLGR, Klgr, KG, Key, KSL, KL, Keylogr, KEYLOGR, Ksl)** – Malware that records keystrokes to steal credentials.
[*] **Bootkit (BOOTKIT, BTKT, Btkt, BOOT, Boot, BRTK, Brtk, BTK, Btk, RtkB)** – A type of rootkit that infects the boot sector.
[*] **Backdoor (BCKDR, BD, Bd, Back, BACK)** – Malware that allows remote access to a compromised system.
[*] **Ransomware (RNSM, Rnsm, RNSMWR, Rnsmwr, RAN)** – Encrypts user files and demands ransom for decryption.
[/list]

[size=18][b]Other Malware Categories[/b][/size]

[list]
[*] **Banker Trojan (BANKER, BANKTRJ, Bktrj, BKTRJ, BKRTRJ)** – Malware designed to steal banking credentials.
[*] **Browser Helper Object Infection (BHO, BHObject)** – Malicious browser add-ons that alter browser settings.
[*] **Master Boot Record Infection (MBR, Mbr)** – Malware that infects the **MBR** to load before the OS.
[*] **Bot Trojan (BOT, Bot, BT)** – Turns a computer into a **botnet** node for remote control.
[*] **Cookie Tracker (COOKIE, CKIE, Ckie)** – Tracks user activity for advertising or data collection.
[*] **Dialer Trojan (DIALER, Dialer, DLR)** – Hijacks modem connections to dial premium-rate numbers.
[*] **Dropper Trojan (DROPPER, Dropper, DRPR, Drpr, DP)** – Malware that installs additional infections.
[*] **EICAR Test File (EICAR, ECR, Ecr, TEST)** – A harmless file used to test antivirus detection.
[*] **Exploit Malware (EXPLOIT, EXP, Exp, EPT, Ept)** – Malware that exploits system vulnerabilities.
[*] **Hoax Malware (HOAX, Hoax, HX, Hx)** – Fake security alerts designed to scare users into installing malware.
[*] **Hijacker (HIJACK, Hij, HIJ, HJ)** – Malware that hijacks system settings (e.g., browser homepage).
[*] **Hack Tool (HACKER, Hack, HCK)** – Unauthorized tools used for hacking or exploiting security flaws.
[*] **Heuristic Detection (HEURISTIC, Heur, HEUR)** – A detection method based on behavior analysis.
[*] **IRC Trojan (IRC, Relay, RELAY)** – Malware that spies on **IRC (Internet Relay Chat)** conversations.
[*] **Macro Virus (MACRO, MCR, Mcr)** – Targets macro-based applications (e.g., Microsoft Office).
[*] **Password Stealing Trojan (PASSWORD, PSW, PS)** – Designed to steal user credentials.
[*] **Phishing Malware (PHISHING, PHISH, PHSH)** – Used to steal user data by impersonating trusted entities.
[*] **Polymorphic Virus (POLYMORPHIC, Plymrph, PLYMRPH, PLMC)** – Changes code to evade detection.
[*] **Process Killer (TASKILLER, PRCKILL, TSKILL)** – Malware that terminates security software processes.
[*] **Redirect Trojan (REDIRECT, RDT)** – Hijacks browser traffic to malicious websites.
[*] **Remote Access Trojan (REMOTE, RMT, Rmt, REM)** – Allows remote control over a compromised system.
[*] **Spamming Malware (SPAM, SPAMMER, SMTP, IMAP, SPM)** – Sends spam emails from infected machines.
[*] **Scamming Malware (SCAM, SCAMMER, SCM)** – Designed to defraud users through deception.
[*] **Rogue Malware (ROGUE, RG, Rg)** – Fake security software that extorts users.
[/list]

[hr]

[center][size=20][b]Security Terminology[/b][/size][/center]

[size=18][b]General Security & System Terms[/b][/size]

[list]
[*] **ActiveX** – A component of **Internet Explorer** that extends browser functionality.
[*] **Administrator** – A user with system-wide access and control privileges.
[*] **Algorithm** – A structured set of instructions for problem-solving.
[*] **Alias** – An alternate name for a malware variant (e.g., **Alureon = TDL4**).
[*] **Anti-Malware** – A tool designed to detect and remove all types of malware.
[*] **Anti-Spyware** – A tool specifically for detecting **spyware infections**.
[*] **Antivirus** – A security program that detects and removes **viruses**.
[*] **Application Programming Interface (API)** – A set of routines that allow software to interact with an OS.
[*] **Armoring** – A technique used by malware to evade detection.
[*] **ASCII (American Standard Code for Information Interchange)** – A character encoding system.
[*] **Attributes** – Characteristics of files or folders (e.g., **read-only, hidden**).
[*] **BIOS (Basic Input/Output System)** – Firmware that initializes system hardware.
[*] **Botnet** – A network of **compromised computers** controlled by hackers.
[*] **Cache** – A temporary storage mechanism used to improve system performance.
[*] **Denial of Service (DoS) / Distributed DoS (DDoS)** – An attack that overwhelms a server to disrupt service.
[*] **DNS (Domain Name System)** – Translates domain names into IP addresses.
[*] **Driver** – A program that allows the OS to communicate with hardware.
[*] **Dynamic Link Library (DLL)** – A file that contains shared code modules.
[*] **Encryption / Decryption** – The process of encoding/decoding data for security.
[*] **Exceptions** – A security program’s list of **whitelisted files and programs**.
[*] **Firewall** – A security feature that monitors network traffic.
[*] **Hacker** – A person who gains unauthorized access to a computer system.
[*] **HTTP/HTTPS (Hypertext Transfer Protocol Secure)** – The protocols for **web browsing**.
[*] **Identity Theft** – The act of stealing someone's **personal or financial data**.
[*] **ISP (Internet Service Provider)** – A company that provides **internet access**.
[*] **LAN (Local Area Network)** – A private network connecting computers in a **small area**.
[*] **Payload** – The malicious effects of malware execution.
[*] **PUP (Potentially Unwanted Program)** – Software that behaves **suspiciously but is not malware**.
[*] **Protocol** – A set of rules for data transmission (e.g., FTP, TCP/IP).
[*] **Signature** – The unique identifier of a malware sample.
[*] **UPX (Ultimate Packer for Executables)** – A tool used to compress executable files.
[*] **Windows Registry** – A database storing system settings and configurations.
[/list]

[hr]

[center][size=20][b]Conclusion[/b][/size][/center]

This guide serves as a **quick reference** for security and anti-malware terminology. Understanding these terms will help you **better analyze antivirus logs, research malware threats, and improve cybersecurity awareness**.

[center][b]Stay informed, stay protected![/b][/center]