A Layman's Glossary of Malware Terms
Baffled by bots? Vexed by variants? Some working definitions for the non-technical.
By Scott Berinato
September 01, 2007 — CSO — 76service – A group that orchestrated attacks using the Gozi Trojan and pioneered a service used to provide clients with subscriptions to stolen data feeds provided by those attacks.
Blind Drop – A drop that is well hidden and is designed to run while unattended, until an attacker comes to collect the data. In the case of remote access Trojans, can also refer to file hidden locally.
Bot – A computer infected with software that allows it to be controlled by a remote attacker. Also used to refer to the malware itself which allows that control.
Carder – Someone who trades in stolen credit card and cardholder data.
Downloader – A small piece of code, usually a single instruction, used in the payload of an exploit to silently fetch a malicious EXE file from the attacker's server.
Drop – A clandestine computer or service [such as e-mail account] that collects data stolen by a Trojan.
Dump – As a noun, used interchangeably with “drop.” As a verb it means to transfer data onto a machine for analysis, or to discard an exe after reverse engineering.
exe – A Windows executable program. In a malware attack, the "exe" refers to the malicious progam which infects the victim's PC.
Exploit – Code used to take advantage vulnerabilities in software code and configuration, usually to install malware.
Form-grabber – A program that steals information submitted by a user to a web site. (Originally forms were the only way to submit user input to a web server, but now the meaning has changed to encompass any HTTP communication using a POST request.)
Gozi – One of a family of Trojans written by Russian RATs known as the HangUp Team, used in a string of attacks orchestrated by a group known as 76service.
iFrame – A special tag used to load one web page into a part of another webpage. Used by iFramers to load malicious code, often JavaScript, onto an otherwise trusted page.
iFramer – A person who places a malicious IFRAME (in-line frame) tag into web pages, usually on compromised web sites, and then charges malware developers for access to those iFrames as a distribution method for Trojans.
Keylogger – A program that logs user input from the keyboard, usually without the user's knowledge or permission.
Malware – Any executable code that uses a computer in a way not authorized by it's owner. Includes Trojans that install backdoors, spyware, bot clients, keyloggers, worms, viruses, or other malicious code.
Understanding malware techniques and the ever-more sophisticated cybercrime ecosystem
Virtual analysis misses 1/3 of malware?
Advanced evasion techniques emerge
Organized cybercrime revealed
The rise of anti-forensics
The botnet hunters
Timeline: a decade of malware
- HIPAA Hiccup Solved
- Enterprise File Sharing: All You Need to Know
- Forrester Research and EMC on Continuous Availability
- Big Ideas; Big Tech-Continuous Availability for VMware
- Reduce Costs, Maximize Performance and Ensure High Availability of your Business Critical Applications
- Software Asset Management - Program Considerations to Help Reduce Risk and Lower Costs
- eBook: Security for a faster world
- Security for Virtualization
- Top 8 Identity & Access Management Challenges with SaaS Apps
- The Importance of Managing Privileged Accounts
- Wanted: A Trusted Provider for Public Cloud Services
- Integrated Systems and Streamlined Practices Propel New, Responsive IT Organizations
- Mandiant's APT1: Revisited
The Mandiant APT1 report made our industry stronger by encouraging -- if not forcing -- information sharing. By Nick Selby - Attacks from China: A survival guide
- #FFSec: Infosec pros who bring value to Twitter
More Salted Hash with Bill Brenner
