Skip navigational links

Spyware Protection

Center

Home

What is Spyware?

Protect Yourself!

RPS Spyware Protection

Spyware Search

FAQ

Glossary

Adware: Software that brings targeted ads to your computer, after you provide initial consent for this task. Some Adware may hijack the ads of other companies, replacing them with its own. Adware typically will track your browsing habits and report this info to a central ad server. See also Spyware.
Anarchy: In the hacking culture, there is a strong belief in anarchy, that laws should not be created for cyberspace nor can they be enforced without grievous infringement on civil liberties. Such views are not widely shared by the general public or by governments. Anarchy documents often focus on the overthrow of systems, small or large.
Annoyance: Any trojan that does not cause damage other than to annoy a user, such as by turning the text on the screen upside down, or making mouse motions eratic.
ANSI Bomb: Character sequences that reprogram specific keys on the keyboard. If ANSI.SYS is loaded, some bombs will display colorful messages, or have interesting (but unwanted) graphical effects.
AOL Pest: Any password stealer, exploit, DoS attack, or ICQ hack aimed at users of AOL. ICQ is an instant messenger service from mirabilis.com, now AOL. ICQ is a favorite service among hackers, and ICQ features are built into many trojans (such as stealing user's passwords, UINs, or notifying the hacker). Users of ICQ are warned "By using the ICQ service and software... you may be subject to various risks, including... Spoofing, eavesdropping, sniffing, spamming, breaking passwords, harassment, fraud, forgery, 'imposturing', electronic trespassing, tampering, hacking, nuking, system contamination including without limitation use of viruses, worms and Trojan horses causing unauthorized, damaging or harmful access and/or retrieval of information and data on your computer and other forms of activity that may even be considered unlawful."
Attachment: An attachment is a file that is attached to an incoming or outgoing email. Spyware and viruses often arrive in the form of camouflaged attachments in misleading emails.
AV Killer: Any hacker tool intended to disable a user's anti-virus software to help elude detection. Some will also disable personal firewalls. See also Firewall Killer.
Backdoor: A secret or undocumented means of getting into a computer system, or software that uses such a means to penetrate a system. Some software has a backdoor placed by the programmer to allow them to gain access to troubleshoot or change the program. Software that is classified as a "backdoor" is designed to exploit a vulnerability in a system, and open it to future access by an attacker.
Binder: A tool that combines two or more files into a single file, usually for the purpose of hiding one of them. When a trojan is bound with Notepad, for instance, the result will appear to be Notepad, and appear to run like Notepad, but the Trojan will also be run.
Browser Helper Object (BHO): A BHO is a plugin for Microsoft's Internet Explorer used to provide added functionality, such as Adobe Acrobat's plugin that allows Internet Explorer to read PDF files. BHOs are not stopped by personal firewalls, because they are seen by the firewall as your browser itself. Some exploits of this technology search all pages you view in IE and replace banner advertisements with other ads.
Carding: Credit card fraud. Carding texts offer advice on how to make credit cards, how to use them, and otherwise exploit the credit card system.
Click Fraud: Click fraud is a type of theft caused by spyware programs that secretly redirect user clicks and initiate unknown and unwanted commercial transactions.
Commercial RAT: Any commercial product that is normally used as a remote administration tool, but which might be exploited to do this without user consent or awareness. Differs from RAT primarily in price charged and developer intent.
Cracking Doc: Any document which provides guidance on how to crack or to use cracking tools.
Cracking Tool: Any software designed to modify other software for the purpose of removing usage restrictions. An example is a 'patcher' or 'patch generator', that will replace bytes at specified locations in a file, rendering it a licensed version.
DDoS: A Distributed Denial of Service (DDoS) attack is one that pits many machines against a single victim. An example is the attacks of February 2000 against some of the biggest websites. Even though these websites have a theoretical bandwidth of a gigabit/second, distributing many agents throughout the Internet flooding them with traffic can bring them down. The Internet is defenseless against these attacks. The best defense is for users everywhere to run ant-spyare software, and remove DDoS clients when they are found, so that their machines are not used as attack tools. Another approach is for ISPs to do 'egress filtering' prevent packets from going outbound that do not originate from IP addresses assigned to the ISP. This cuts down on the problem of spoofed IP addresses.
Denial of Service: See DoS.
Dialer: Software that dials a phone number. Some dialers connect to local Internet Service Providers and are beneficial as configured. Others connect to toll numbers without user awareness or permission.
Disassembler: A software tool that takes a executable apart, revealing the code within. Disassemblers are legitimate products and often sold commercially. But they are often used by hackers who wish to reverse engineer a product or find flaws that would permit an exploit.
DoS: Denial of Service. An exploit whose purpose is to deny somebody the use of the service namely to crash or hang a program or the entire system. Examples of DoS attacks include flooding the victim with more traffic than can be handled; flooding a service (like IRC) with more events than it can handle; crashing a TCP/IP stack by sending corrupt packets; crashing a service by interacting with it in an unexpected way; or hanging a system by causing it to go into an infinite loop. For example, the Ping of Death exploit crashed machines by sending illegally fragmented packets at a victim. A common word for DoS is 'nuke', which was first popularized by the WinNuke program.
Downloader: A program designed to retrieve and install additional files, when run. Most will be configured to retrieve from a designated web or FTP site.
Dropper: In viruses and trojans, the dropper is the part of the program that installs the hostile code onto the system.
Encryption Tool: Any software that can be used to scramble documents, software, or systems so that only those possessing a valid key are able to unscramble it. Encryption tools are used to secure information; sometimes unauthorized use of encryption tools in an organization is a cause for concern.
EULA: End User License Agreements are contracts that authorize users to download and use specific software. They can sometimes conceal deeply buried references to secretly bundled spyware.
Exploit: A way of breaking into a system. An exploit takes advantage of a weakness in a system in order to hack it. Exploits are the root of the hacker culture. Hackers gain fame by discovering an exploit. Others gain fame by writing scripts for it. Legions of script-kiddies apply the exploit to millions of systems, whether it makes sense or not. Since people make the same mistakes over-and-over, exploits for very different systems start to look very much like each other. Most exploits can be classified under major categories buffer overflow, directory climbing, defaults, Denial of Service.
Firewall: A firewall is a protective software program that shields a computer on a network from external attack. Two-way firewalls also prevent unwanted sending of secretly collected data to external third-parties along networks.
Firewall Killer: Any hacker tool intended to disable a user's personal firewall. Some will also disable resident anti-virus software. See also AV Killer.
Flooder: A program that overloads a connection by any mechanism, such as fast pinging, causing a DoS attack.
FTP Server: When installed without user awareness, an FTP server allows an attacker to download any file in the user's machine, to upload new files to that machine, and to replace any existing file with an uploaded file. See also HTTP Server.
Healthy Non-Pest File: Any file which is not a pest, such as a file that is part of the operating system.
Hijacker: Any software that resets your browser's settings to point to other sites. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower. Homepage Hijackers will change your home page to some other site. Error Hijackers will display a new error page when a requested URL is not found.
Hoax: Any software that intentionally misleads the user.
Hostile ActiveX: An ActiveX control is essentially a Windows program that can be distributed from a web page. These controls can do literally anything a Windows program can do. A Hostile ActiveX program does something that its user did not intend for it to do, such as erasing a hard drive, dropping a virus or trojan into your machine, or scanning your drive for tax records or documents. As with other Trojans, a Hostile ActiveX control will normally appear to have some other function than what it actually has.
Hostile Java: Browsers include a 'virtual machine' that encapsulates the Java program and prevents it from accessing your local machine. The theory behind this is that a Java 'applet' is really content -- like graphics -- rather than full application software. However, as of July, 2000, all known browsers have had bugs in their Java virtual machines that would allow hostile applets to 'break out' of this 'sandbox' and access other parts of the system. Most security experts browse with Java disabled on their computers, or encapsulate it with further sandboxes/virtual-machines.
Hostile Script: A script is a text file with a .VBS, .WSH, .JS, .HTA, .JSE, .VBE extension that is executed by Microsoft WScript or Microsoft Scripting Host Application, interpreting the instructions in the script and acting on them. A hostile script performs unwanted actions.
HTTP Server: When installed without user awareness, an HTTP server allows an attacker to use a web browser to view and thus retrieve information collected by other software placed in the user's machine. See also FTP Server.
Identity Theft: Computer crime can be carried out by hackers who steal personal information and then impersonate users electronically (e.g. by shifting funds from bank accounts or racking up bills on credit cards).
IRC War: Any tool that uses Internet Relay Chat for spoofing, eavesdropping, sniffing, spamming, breaking passwords, harassment, fraud, forgery, 'imposturing', electronic trespassing, tampering, hacking, nuking, system contamination including without limitation use of viruses, worms and Trojan horses causing unauthorized, damaging or harmful access and/or retrieval of information and data on your computer and other forms of activity that may even be considered unlawful.
Key Generator: Any tool designed to break software copy protection by extracting internally-stored keys, which can then be entered into the program to convince it that the user is an authorized purchaser.
Key Logger: (aka Keystroke Logger). A program that runs in the background, recording all the keystrokes. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker. The attacker then peruses them carefully in the hopes of either finding passwords, or possibly other useful information that could be used to compromise the system. For example, a key logger will reveal the contents of all email composed by the user. Keylog programs are commonly included in rootkits and RATs (remote administration trojans). See also Surveillance.
Loader: Any program designed to load another program.
Mailbomber: Software that will flood a victim's inbox with hundreds or thousands of pieces of mail. Such mail generally does not correctly reveal its source.
Mailer: A program that creates and sends email with forged headers, so that the source of the mail it sends cannot be traced.
Nuker: A program that disables a machine through damage to the registry, key files, the file system, etc.
P2P: Any peer-to-peer file swapping program, such as Audiogalaxy, Bearshare, Blubster, E-Mule, Gnucleus, Grokster, Imesh, KaZaa, KaZaa Lite, Limewire, Morpheus, Shareaza, WinMX and Xolox. In an organization, can degrade network performance and consume vast amounts of storage. May create security issues as outsiders are granted access to internal files. Often bundled with Adware or Spyware.
Packer: A utility which compresses a file, encrypting it in the process. It adds a header that automatically expands the file in memory, when it is executed, and then transfers control to that file. Some packers can unpack without starting the packed file. Packers are "useful" for trojan authors as they make their work undetectable by anti-virus products.
Password Capture: A variant of the Key Logger that captures passwords as they are entered or transmitted. Some password capture trojans impersonate the login prompt, asking the user to provide their password.
Password Cracker: A tool to decrypt a password or password file. The term is used for programs that take an algorithmic approach to cracking, as well as those that use brute force with a password cracking word list. Password crackers have legitimate uses by security administrators, who want to find weak passwords in order to change them and improve system security.
Password Cracking Word List: A list of words that a brute force password cracker can use to muscle its way into a system.
Pest: Any unwanted software. For a given user, the term will encompass most of the more specific kinds of software defined here.
Phreaking: Refers to hacking the phone system to make free calls. Phreaking rarely works on modern phone systems.
Phreaking Tool: Any executable that assists in hacking the phone system, such as by using a sound card to imitate various audible tones.
Pop-up: A pop-up is an HTML box that appears on a computer screen, often containing an advertisement. Many pop-ups contain links to or are caused by spyware.
Port Scanner: Port scanners are used to search for open ports on a network or specific computer. An attacker will often sweep thousands (or millions) of machines rather than a single machine looking for any system that might be vulnerable.
Probe Tool: A tool that explores another system, looking for vulnerabilities. While these can be used by security managers, wishing to shore up their security, the tools are as likely used by attackers to evaluate where to start an attack.
Proxy: Any firewall that blocks and re-creates a connection between two points. As a defensive tool, a proxy in an organization hides a user from the outside world. As a pest, a proxy hides an attacker from a user. Tools such as SMTP and FTP proxies are often used in conjunction with Firewall Killers, Downloaders, RATs, and Trojans.
RAT: A Remote Administration Tool, or RAT, is a Trojan that when run, provides an attacker with the capability of remotely controlling a machine. Examples include Back Orifice, NetBus, SubSeven, and Hack'a'tack. What happens when a server is installed in a victim's machine depends on the capabilities of the trojan, the interests of the attacker, and whether or not control of the server is ever gained by another attacker -- who might have entirely different interests.
Remote Control: See RAT.
Ripper: In the underground culture, the word rip means to make a copy of. Often, this has the connotation of making an illegal copy of a copyrighted work. The most common examples are programs that rip music CDs, or site rippers that download a complete copy of an entire web-site.
Security Scanner: See Probe Tool.
Shareware: Shareware is software distributed for free over the Internet. It can sometimes contain bundled spyware.
Sniffer: A wiretap that eavesdrops on computer networks. The attacker must be between the sender and the receiver in order to sniff traffic. This is easy in corporations using shared media. Sniffers are frequently used as part of automated programs to sift information off the wire, such as clear-text passwords.
SPAM Tool: SPAM is any unsolicited advertising, promotional material, or other email message sent indiscriminately to multiple mailing lists, individuals, or newsgroups. A SPAM Tool is any software designed to extract email addresses from web sites and other sources, remove "dangerous" or "illegal" addresses, and/or efficiently send unsolicited mail to these addresses.
Spoofer: To 'spoof' is to forge your identity. Attackers use spoofers to forge their IP address (IP spoofing). Since spoofing accounts for more than half the traffic on some backbones, ISPs are starting to take spoofing seriously and have started implementing measures within their routers that verify valid source addresses before passing the packets.
Spyware: Any product that employs a user's Internet connection in the background without their knowledge, and gathers/transmits info on the user or their behavior. Many spyware products will collect referrer info (information from your web browser which reveals what URL you linked from), your IP address (a number that is used by computers on the network to identify your computer), system information (such as time of visit, type of browser used, the operating system and platform, and CPU speed.) Spyware products sometimes wrap other commercial products, and are introduced to machines when those commercial products are installed. See also Adware.
Spyware Cookie: See Tracking Cookie.
Surveillance: Any software designed to use a webcam, microphone, screen capture, or other approaches to monitor and capture information. Some such software will transmit this captured information to a remote source. See also Key Logger.
Telnet Server: Software that allows a remote user of a Telnet client to connect as a remote terminal from anywhere on the Internet and control a computer in which the server software is running.
Tracking Cookie: Any cookie that is shared among two or more unrelated sites for the purpose of tracking a user.
Trackware: Trackware is a term used to refer to any and all spyware programs that are designed to track user habits and secretly communicate logged data
Trojan: Unwanted software which runs in a user's machine, as an agent of the attacker, without user awareness. Unlike viruses and worms, trojans do not replicate (make copies of themselves.)
Trojan Creation Tool: A program designed to create Trojans. Some of these tools merely wrap existing Trojans, to make them harder to detect. Others add a trojan to an existing product (such as RegEdit.exe), making it a Dropper.
Virus: Software which attaches to other software. A boot virus inserts its code into the boot record or master boot record of a disk, so that when the machine boots from that disk, the virus code is executed. A file virus inserts its code into an executable file, so that when that file is executed, the virus is executed as well.
Virus Creation Tool: A program designed to generate viruses. Even early virus creation tools were able to generate hundreds or thousands of different, functioning viruses, which were initially undetectable by current scanners.
Virus Source: Source code is written by a programmer in a high-level language and readable by people but not computers. Source code must be converted to object code or machine language before a computer can read or execute the program. Virus Source can be compiled to create working viruses, or modified and compiled by programmers to make new working viruses.
War Dialer: (demon-dialing, carrier-scanning) War-dialing was popularized in the 1983 movie War Games. It is the process of dialing all the numbers in a range in order to find any machine that answers. Many corporations have desktop computers with attached modems; attackers can dial in order to break into the desktop, and thereafter the corporation. Similarly, many companies have servers with attached modems that aren't considered as part of the general security scheme. Since most security emphasis these days is on Internet-related attacks, war-dialing represents the 'soft underbelly' of the security infrastructure that can be exploited.
Worm: A program that propagates by attacking other machines and copying itself to them. Both worms and viruses are self-replicating code that travels from machine to machine by various means. Both worms and viruses have, as their first objective, merely propagation. Both can be destructive, depending on what payload, if any, they have been given. But there are some differences worms may replace files, but do not insert themselves into files. In contrast, viruses insert themselves in files, but (with the exception of "overwriting viruses") do not replace them. Some worms do not create files as a stage in their life cycle.