1. bcdalai's Free Tech. Support Blog: [http://bcdalai.blogspot.com]
Security Glossary
No great discovery was ever made without a bold guess. –Isaac Newton
Experience is the name everyone gives to their mistakes. –Oscar Wilde
Persistence and positive thinking to make things happen.
About this article:
This document is for educational / informational purposes.
About the Author:
bcdalai, MCP, MCSE, MCTS: Windows Vista. The author is an IT pro working on Desktop, Server
and Networking - as system administrator, Tech. Support, software troubleshooter and reviewer. He is
available for tech. support in Microsoft forums, community and in other online forums with the online
name bcdalai. He can be reached at: http://bcdalai.blogspot.com or e-mail: bcdalai2020@gmail.com.
License:
The subject matters are for system administrators and everyday computer users. This article is
completely free to read, distribute (through website, CD/DVD or magazines) or share without any
modification and may be reproduced in printable media with a link to this article. The article must be
distributed in “Microsoft XPS” or “Adobe PDF” format.
Disclaimer:
This document is for educational and informational purposes. THIS DOCUMENT IS PROVIDED
“AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. It is assumed that you will use
the contents of this document in proper and productive way. All names, websites, trade names and
registered trademarks mentioned herein are the property of their respective owners.
Copyright © 2004-2010 by bcdalai.
Thanks:
I’m greatly thankful to all the readers for reading and sending feedbacks to me.
-1-
© 2004-2010, bcdalai

2. bcdalai's Free Tech. Support Blog: [http://bcdalai.blogspot.com]
Security Glossary
Adware:
Adware is ad-supported computer software, software that may be installed for free but includes
advertisements promoting various good and services.
It is the stand-alone or appended program that can secretly gather personal information through
the Internet and relay it back to another computer. Adware may track browsing habits for advertising
purposes. Adware can also deliver advertising content.
Address munging:
Address munging is the practice of disguising, or munging, an e-mail address to prevent it being
automatically collected and used as a target for people and organizations that send unsolicited bulk e-
mail. Address munging is intended to disguise an e-mail address in a way that prevents computer
software seeing the real address, or even any address at all, but still allows a human reader to
reconstruct the original and contact the author: an email address such as, "no-one@example.com",
becomes "no-one at example dot com", for instance. Any e-mail address posted in public is likely to be
automatically collected by computer software used by bulk e-mailers — a process known as e-mail
address harvesting — and addresses posted on webpages, Usenet or chat rooms are particularly
vulnerable to this. Private e-mail sent between individuals is highly unlikely to be collected, but e- mail
sent to a mailing list that is archived and made available via the web or passed onto a Usenet news
server and made public, may eventually be scanned and collected.
Antivirus:
Designed to protect against infection with and/or damage caused by computer viruses.
Blended threat:
A blended threat combines the characteristics of viruses, worms, Trojan horses, and malicious code
with server and Internet vulnerabilities to initiate, transmit, and spread an attack. Blended threats
use multiple methods and techniques to propagate and attack, and cause widespread damage
throughout a network.
Backdoor:
A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal
authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while
attempting to remain undetected. The backdoor may take the form of an installed program or could be a
modification to an existing program or hardware device.
Botnet:
Botnet is a jargon term for a collection of software robots, or bots, which run autonomously and
automatically. They run on groups of "zombie" computers controlled remotely by crackers. This can also
refer to the network of computers using distributed computing software.
Caller ID spoofing:
Caller ID spoofing is the practice of causing the telephone network to display a number on the
recipient's caller ID display which is not that of the actual originating station; the term is commonly
used to describe situations in which the motivation is considered nefarious by the speaker. Just as e-mail
spoofing can make it appear that a message came from any e-mail address the sender chooses, caller ID
spoofing can make a call appear to have come from any phone number the caller wishes. Because
people are prone to assume a call is coming from the number (and hence, the associated person, or
persons), this can call the service's value into question.
Click Fraud:
-2-
© 2004-2010, bcdalai

3. bcdalai's Free Tech. Support Blog: [http://bcdalai.blogspot.com]
Click fraud is a type of internet crime that occurs in pay per click online advertising when a person,
automated script, or computer program imitates a legitimate user of a web browser clicking on an ad, for
the purpose of generating a charge per click without having actual interest in the target of the ad's link.
Click fraud is the subject of some controversy and increasing litigation due to the advertising networks
being a key beneficiary of the fraud.
Crimeware:
Crimeware is a class of computer program designed specifically to automate financial crime. The term
was coined by Peter Cassidy, Secretary General of the Anti- Phishing Working Group to distinguish it
from other kinds of malevolent programs.
Crimeware (as distinct from spyware, adware, and malware) is designed (through social engineering or
technical stealth) to perpetrate identity theft in order to access a computer user's online accounts at
financial services companies and online retailers for the purpose of taking funds from those accounts or
completing unauthorized transactions that enrich the thief controlling the crimeware. Crimeware also often
has the intent to export confidential or sensitive information from a network for financial exploitation.
Crimeware represents a growing problem in network security as many malicious code threats seek to
pilfer confidential information.
Dialers:
Dialer is a computer program which creates a connection to the Internet or another computer network
over the analog telephone or Integrated Services Digital Network (ISDN) network. Many operating
systems already contain such a program for connections through the Point-to-Point Protocol (PPP).
Many internet service providers offer installation-CDs to simplify the process of setting up a proper
Internet connection. They either create an entry in the OS's dialer or install a separate dialer (as the AOL
software does).
Nowadays, the term "dialer" often refers specifically to dialers which connect without the user's full
knowledge as to cost, with the creator of the dialer intending to commit fraud.
Directory Traversal:
A directory traversal is to exploit insufficient security validation / sanitization of user-supplied input file
names, so that characters representing “traverse to parent directory” are passed through to the file APIs.
The goal of this attack is to order an application to access a computer file that is not intended to be
accessible. This attack exploits a lack of security (the software is acting exactly as it is supposed to) as
opposed to exploiting a bug in the code.
Directory traversal is also known as the ../ (dot dot slash) attack, directory climbing, and backtracking.
Some forms of this attack are also canonicalization attacks.
Dosnet:
Dosnet (Denial of Service Network) is a type of botnet/malware and mostly used as a term for malicious
botnets while benevolent botnets often simply are referred to as botnets. Dosnets are used for Distributed
Denial of Service (DDoS) attacks which can be very devastating.
Downloader:
It is small program that downloads some malicious codes/programs automatically without the users’
knowledge. This program downloads some risky contents from the remote computer (hackers’ site) and
install in the local computer containing security risks.
Hack tools:
Programs that are used by a hacker to gain unauthorized access to your computer. For example, one
hack tool is a keystroke logger, which tracks and records individual keystrokes and can send this
information back to the hacker. The hacker can then perform port scans or vulnerability scans. Hack tools
may also be used to create tools for virus creation.
Identity theft:
-3-
© 2004-2010, bcdalai

4. bcdalai's Free Tech. Support Blog: [http://bcdalai.blogspot.com]
Identity theft is a catch-all term for crimes involving illegal usage of another individual's identity. The most
common form of identity theft is credit card fraud. While the term is relatively new, the practice of stealing
money or getting other benefits by pretending to be a different person is thousands of years old.
Joke programs:
Programs that can alter or interrupt the operation of a computer in a way that is intended to be humorous
or frightening. For example, a program can be downloaded from Web sites (typically in shareware or
freeware), email messages, or instant messenger software. It can then move the trash can away from the
mouse when you attempt to delete or cause the mouse to click in reverse.
Macro:
Macros are the special action/function scripts or documents used to enhance the functionality of office
documents i.e. word, excel etc. Macro is itself not a virus but it is often prone to virus and other security
risks.
Macro-virus:
Macro viruses do not infect program files; they infect documents. Common targets for many macro
viruses are word processors such as Microsoft Word and Lotus AmiPro and spreadsheets like Microsoft
Excel. A macro virus, in computing, is a computer virus that exploits programs' associated documents
(such as MS Word Documents) to contain harmful embedded code.
Malbot:
A malbot is a robot or Internet bot designed or used for malicious intentions such as gaining unauthorised
access to a computer system, or participation in a Botnet. It is a blend of the terms "malicious" and “bot”.
The term is currently generally used in relation to malware in the form of Internet bots.
Make Money Fast:
"Make Money Fast" is a title of an electronically forwarded chain letter which became so infamous that the
term is now used to describe all sorts of chain letters forwarded over the Internet, by e-mail spam or
Usenet newsgroups. In anti- spammer slang, the name is often abbreviated "MMF".
Malware:
Malware is a category of malicious code that includes viruses, worms, and Trojan horses. Destructive
malware will utilize popular communication tools to spread, including worms sent through email and
instant messages, Trojan horses dropped from web sites, and virus-infected files downloaded from peer-
to-peer connections. Malware will also seek to exploit existing vulnerabilities on systems making their
entry quiet and easy.
Malware is software designed to infiltrate or damage a computer system without the owner's informed
consent. It is a portmanteau of the words "malicious" and “software". The expression is a general term
used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or
program code. Many normal computer users are however still unfamiliar with the term, and most never
use it. Instead, "computer virus" is used in common parlance and often in the general media to describe
all kinds of malware, though not all malware is a virus.
Mass mailer:
The term mass mailer can refer to those computer worms that spread themselves via e-mail.
Misleading Applications:
Misleading applications intentionally misrepresent the security status of a computer. Misleading
applications attempt to convince the user that he or she must remove potentially unwanted programs or
security risks (usually nonexistent or fake) from the computer. The application will hold the user hostage
by refusing to allow him or her to remove or fix the phantom problems until the “required” software is
purchased and installed. Misleading applications often look convincing—the programs may look like
legitimate security programs and often have corresponding websites with user testimonials, lists of
features, etc.
-4-
© 2004-2010, bcdalai

5. bcdalai's Free Tech. Support Blog: [http://bcdalai.blogspot.com]
Examples:
WinFixer, Ultimate Defender, SpySheriff, MalwareWipe, DriveCleaner, AVSystemCare, 1stAntiVirus,
VirusBurst, SpywareQuake, AntispywareSoldier etc.
Pop-up:
A pop-up is a small web browser window that appears on top of the website you're viewing. Pop-up
windows often open as soon as you visit a website and are usually created by advertisers. It is a medium
of spreading viruses/spyware/adware etc.
Pharming:
Pharming (pronounced farming) is a cracker's attack aiming to redirect a website's traffic to another,
bogus website. Pharming can be conducted either by changing the hosts file on a victim’s computer or by
exploitation of a vulnerability in DNS server software. DNS servers are computers responsible for
resolving Internet names into their real addresses — they are the "signposts" of the Internet.
Compromised DNS servers are sometimes referred to as "poisoned". The term pharming is a word play
on farming and phishing. The term phishing refers to social engineering attacks to obtain access
credentials such as user names and passwords. In recent years both pharming and phishing have
been used to steal identity information. Pharming has become of major concern to businesses hosting
ecommerce and online banking websites. Sophisticated measures known as anti- pharming are required
to protect against this serious threat. Antivirus software and spyware removal software cannot protect
against pharming.
Phishing:
In computing, phishing is an attempt to criminally and fraudulently acquire sensitive information, such as
usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic
communication. Phishing is typically carried out by email or instant messaging, and often directs users to
enter details at a website, although phone contact has also been used. Phishing is an example of social
engineering techniques used to fool users. Attempts to deal with the growing number of reported phishing
incidents include legislation, user training, public awareness, and technical measures.
Pornware:
Programs that enters into the computer when visiting pornographic/illegal websites. This program create
link and connect to pornographic websites and spread malicious codes into your computer.
Remote access:
Programs that allow access over the Internet from another computer to gain information or to attack or
alter your computer. For example, you may install a program, or it may be installed as part of some other
process without your knowledge. The program can be used for malicious purposes with or without
modification of the original remote access program.
Riskware:
Riskware is computer software, which actually was not programmed and intended as malware, but has
security critical functions. These functions can be used to start or stop computer processes or computer
services. Riskware can also be defined as potentially dangerous softwares. Riskware can be executed
and misused by malware and will be noticed in certain cases by antivirus software.
Rootkit:
A Rootkit is a set of software tools intended to conceal running processes, files or system data from the
operating system. Rootkits have their origin in relatively benign applications, but in recent years have
been used increasingly by malware, helping an intruder to maintain access to a system whilst
avoiding detection.
Rootkits are known to exist for a variety of operating systems such as Linux, Solaris and versions of
Microsoft Windows. Rootkits often modify parts of the operating system or install themselves as drivers or
kernel modules.
Social engineering:
-5-
© 2004-2010, bcdalai

6. bcdalai's Free Tech. Support Blog: [http://bcdalai.blogspot.com]
Social engineering is a collection of techniques used to manipulate people into performing actions or
divulging confidential information. While similar to a confidence trick or simple fraud, the term typically
applies to trickery for information gathering or computer system access and in most cases the attacker
never comes face-to-face with the victim.
Spam:
Spam, unsolicited or undesired bulk electronic messages. There are many types of electronic spam,
including
E-mail spam: unsolicited e-mail.
Mobile phone spam: unsolicited text messages.
Forum spam: posting advertisements or useless posts on a forum.
Spamdexing: manipulating a search engine to create the illusion of popularity for webpages.
Spam in blogs: posting random comments or promoting commercial services to blogs, wikis and
guestbooks.
Newsgroup spam: advertisement and forgery on newsgroups.
Messaging spam: use of instant messenger services for advertisement or even extortion.
Spambot:
A spambot is a program designed to collect e-mail addresses from the Internet in order to build
mailing lists for sending unsolicited e-mail, also known as spam. A spambot is a type of web crawler that
can gather e-mail addresses from Web sites, newsgroups, special-interest group (SIG) postings, and
chat-room conversations. Because e-mail addresses have a distinctive format, spambots are easy to
write.
Sping:
Sping is short for "spam ping", and is related to fraudulent pings from blogs using trackbacks, called
trackback spam. Pings are messages sent from blog and publishing tools to a centralized network service
(a ping server) providing notification of newly published posts or content. Spings, or ping spam, are pings
that are sent from spam blogs, or are sometimes multiple pings in a short interval from a
legitimate source, often tens or hundreds per minute, due to misconfigured software, or a wish to make
the content coming from the source appear fresh. Spings, like spam blogs, are increasingly problematic
for the blogging community.
Spyware:
Spyware is a computer technology that is designed to secretly gather information about a user (e.g. for an
Internet advertising company). It is a stand-alone program that can secretly monitor system activity and
detect information like passwords and other confidential information and relay the information back to
another computer.
Spyware can be unknowingly downloaded from Web sites (typically in shareware or freeware), email
messages, and instant messenger software. You may unknowingly download spyware by accepting an
End User License Agreement from a software program.
SQL Injection:
SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an
application. The vulnerability is present when user input is either incorrectly filtered for string literal
escape characters embedded in SQL statements or user input is not strongly typed and thereby
unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur
whenever one programming or scripting language is embedded inside another.
Trackware:
Stand-alone or appended applications that trace a user's path on the Internet and send information to a
target system. For example, the application can be downloaded from Web sites, email messages, or
instant messenger software. It can then obtain confidential information regarding user behavior.
Trojan horse:
-6-
© 2004-2010, bcdalai

7. bcdalai's Free Tech. Support Blog: [http://bcdalai.blogspot.com]
Computer program which looks useful but contains harmful codes that affect your computer program and
data.
Virus:
Computer program which is intended to be spread surreptitiously between computers and usually causes
damage. A virus is a computer program that attaches a copy of itself to another computer program or
document when it runs. Whenever the infected program runs or a user opens a document containing a
macro virus, the attached virus program activates and attaches itself to other programs and documents.
Viruses generally deliver a payload, such as displaying a message on a particular date. Some viruses
specifically damage data by corrupting programs, deleting files, or reformatting disks.
Vishing:
Vishing is the criminal practice of using social engineering and Voice over IP (VoIP) to gain access to
private personal and financial information from the public for the purpose of financial reward. The term is
a combination of "voice" and phishing. Vishing exploits the public's trust in landline telephone services,
which have traditionally terminated in physical locations which are known to the telephone company, and
associated with a bill-payer. The victim is often unaware that VoIP allows for caller ID spoofing,
inexpensive, complex automated systems and anonymity for the bill-payer. Vishing is typically used to
steal credit card numbers or other information used in identity theft schemes from individuals.
Vishing is very hard for legal authorities to monitor or trace. To protect themselves, consumers are
advised to be highly suspicious when receiving messages directing them to call and provide credit card or
bank numbers. Rather than provide any information, the consumer is advised to contact their bank
or credit card company directly to verify the validity of the message.
VOIP Spam:
VoIP spam is an as-yet non-existent problem which has nonetheless received a great deal of attention
from marketers and the trade press. Sometimes referred as SPIT (Spam over Internet Telephony).
Vulnerabilities:
Vulnerabilities are flaws in computer software that create weaknesses in the overall security of the
computer or network. Vulnerabilities can also be created by improper computer or security configurations.
Threats exploit the weaknesses of vulnerabilities resulting in potential damage to the computer or
personal data.
Website spoofing:
Website spoofing is the act of creating a website, as a hoax, with the intention of misleading readers that
the website has been created by a different person or organization. Normally, the website will adopt the
design of the target website and sometimes has a similar URL.
Another technique is to use a 'cloaked' URL. By using domain forwarding, or inserting control characters,
the URL can appear to be genuine while concealing the address of the actual website. The objective may
be fraudulent, often associated with phishing or e-mail spoofing, or to criticize or make fun of the person
or body whose website the spoofed site purports to represent.
Worm:
Computer virus which usually copies itself through a network and wastes resources or causes damage.
A worm is a special type of virus that replicates itself from one computer to another and can use memory.
Worms generally exist inside other files, such as Microsoft Word or Excel documents. A worm may
release a document that already has the worm macro inside of it.
Zombie computer:
A zombie computer (often abbreviated zombie) is a computer attached to the Internet that has been
compromised by a hacker, a computer virus, or a trojan horse. Generally, a compromised machine is only
one of many in a "botnet", and will be used to perform malicious tasks of one sort or another under
remote direction. Most owners of zombie computers are unaware that their system is being used in this
way. Because the vector tends to be unconscious, these computers are metaphorically compared to a
zombie.
-7-
© 2004-2010, bcdalai

8. bcdalai's Free Tech. Support Blog: [http://bcdalai.blogspot.com]
Collection by: bcdalai - http://bcdalai.blogspot.com
Reference:
http://dictionary.reference.com/
http://en.wikipedia.org/
http://www.google.com/
http://www.symantec.com/
-8-
© 2004-2010, bcdalai