• United States



A Layman’s Glossary of Malware Terms

Sep 01, 20074 mins
CybercrimeIdentity Management SolutionsMalware

Baffled by bots? Vexed by variants? Some working definitions for the non-technical.

76service – A group that orchestrated attacks using the Gozi Trojan and pioneered a service used to provide clients with subscriptions to stolen data feeds provided by those attacks.

Blind Drop – A drop that is well hidden and is designed to run while unattended, until an attacker comes to collect the data. In the case of remote access Trojans, can also refer to file hidden locally.

Bot – A computer infected with software that allows it to be controlled by a remote attacker. Also used to refer to the malware itself which allows that control.

Carder – Someone who trades in stolen credit card and cardholder data.

Downloader – A small piece of code, usually a single instruction, used in the payload of an exploit to silently fetch a malicious EXE file from the attacker’s server.

Drop – A clandestine computer or service [such as e-mail account] that collects data stolen by a Trojan.

Dump – As a noun, used interchangeably with “drop.” As a verb it means to transfer data onto a machine for analysis, or to discard an exe after reverse engineering.

exe – A Windows executable program. In a malware attack, the “exe” refers to the malicious progam which infects the victim’s PC.

Exploit – Code used to take advantage vulnerabilities in software code and configuration, usually to install malware.

Form-grabber – A program that steals information submitted by a user to a web site. (Originally forms were the only way to submit user input to a web server, but now the meaning has changed to encompass any HTTP communication using a POST request.)

Gozi – One of a family of Trojans written by Russian RATs known as the HangUp Team, used in a string of attacks orchestrated by a group known as 76service.

iFrame – A special tag used to load one web page into a part of another webpage. Used by iFramers to load malicious code, often JavaScript, onto an otherwise trusted page.

iFramer – A person who places a malicious IFRAME (in-line frame) tag into web pages, usually on compromised web sites, and then charges malware developers for access to those iFrames as a distribution method for Trojans.

Keylogger – A program that logs user input from the keyboard, usually without the user’s knowledge or permission.

Malware – Any executable code that uses a computer in a way not authorized by it’s owner. Includes Trojans that install backdoors, spyware, bot clients, keyloggers, worms, viruses, or other malicious code.

Packer – A tool used to compress and scramble an EXE file. Used to hide the malicious nature of malware and thwart analysis by researchers.

Padonki – A kind of Russian hacker slang in which words, often obscene ones, are purposefully misspelled or bastardized.

Pesdato – English transliteration of a Padonki interjection.

RAT – Remote Access Trojan, malware that allows an attacker to remotely control a infected PC or “bot”.

RATs – The nickname for people who write remote access trojans.

RBN – The Russian Business Network. An infamous ISP used by primarily Russian malware groups to host malware and drops. The ISP is reportedly run out of Panama and owned a company operating from the islands of Seychelles, off the eastern coast of Africa. Variously described as “opaque,” “dubious,” and “shady.”

Redirect – A feature of HTTP used to automatically forward someone from one web site to another. In the case of malware, redirects are done invisibly, sometimes inside iFrames.

Rootkit – Code that plugs into and changes the low-level functions of an operating system. Used by malware to hide itself from users and even the operating system itself.

Torpig – A relatively new family of Trojans representing the latest in malware capabilities, including the ability to hide itself and provide backdoor access for installing other configurations, components, or even other Trojans.

Trojan – A program that attempts to hide its malicious code by masquerading as an innocuous program most commonly through the use of a “packer.”

Variant – Malware that is produced from the same code base (or “family”) as a previous version but is different enough to require new signatures for detection by anti-virus and anti-malware products.

VXer – Originally, a virus writer. Now refers to anyone involved in the production or use of malware.

–Source: SecureWorks, CSO Reporting