Locations

United States Change All Microsoft Sites

Search

Definitions for Terms Used in the Security Intelligence Report

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A

Adware

A program that displays advertisements. Although some adware can be beneficial by subsidizing a program or service, other adware programs may display advertisements without adequate consent.

B

Backdoor Trojan

A type of trojan that provides attackers with remote unauthorized access to and control of infected computers. Bots are a subcategory of backdoor trojans. Also see botnet.

Botnet

A set of computers controlled by a “command-and-control” (C&C) computer to execute commands as directed. The C&C computer can issue commands directly (often through Internet Relay Chat [IRC]) or by using a decentralized mechanism, such as peer-to-peer (P2P) networking. Computers in a botnet are often called nodes or zombies.

Buffer Overflow

An error in an application in which the data written into a buffer exceeds the current capacity of that buffer, thus overwriting adjacent memory. Because memory is overwritten, unreliable program behavior may result and, in certain cases, allow arbitrary code to run.

C

C&C

Short for command and control. See botnet

CCM

Short for computers cleaned per mille (thousand). The number of computers cleaned for every 1,000 unique computers that run the MSRT. For example, if MSRT has 50,000 executions in a particular location in the first quarter of the year and removes infections from 200 computers, the CCM for that location in the first quarter of the year is 4.0 (200 ÷ 50,000 × 1,000).

Clean

To remove malware or unwanted software from an infected computer. A single cleaning can involve multiple disinfections.

Cross-site Scripting

Abbreviated XSS. An attack technique in which an attacker inserts malicious HTML and JavaScript into a vulnerable Web page, often in an effort to distribute malware or to steal sensitive information from the Web site or its visitors. Despite the name, cross-site scripting does not necessarily involve multiple websites. Persistent cross-site scripting involves inserting malicious code into a database used by a web application, potentially causing the code to be displayed for large numbers of visitors.

D

Definition

A set of signatures that can be used to identify malware by using antivirus or antispyware products. Other vendors may refer to definitions as DAT files, pattern files, identity files, or antivirus databases.

Disclosure

Revelation of the existence of a vulnerability to a third party.

Disinfect

To remove a malware or unwanted software component from a computer or to restore functionality to an infected program. Compare with clean.

Downloader/Dropper

See trojan downloader/dropper.

Drive-By Download Sites

See Drive-By Download Sites.

E

Encounter rate

The percentage of computers running Microsoft real-time security software that report detecting malware or unwanted software, or report detecting a specific threat or family, during a period.

Exploit

Malicious code that takes advantage of software vulnerabilities to infect a computer or perform other harmful actions.

F

Firewall

A program or device that monitors and regulates traffic between two points, such as a single computer and the network server, or one server to another.

G

Generic

A type of signature that is capable of detecting a variety of malware samples from a specific family, or of a specific type.

I

IFrame

Short for inline frame. An IFrame is an HTML document that is embedded in another HTML document. Because the IFrame loads another webpage, it can be used by criminals to place malicious HTML content, such as a script that downloads and installs spyware, into non-malicious HTML pages that are hosted by trusted websites.

In The Wild

Said of malware that is currently detected on active computers connected to the Internet, as compared to those confined to internal test networks, malware research laboratories, or malware sample lists.

K

Keylogger

A program that sends keystrokes or screen shots to an attacker. Also see password stealer (PWS).

M

Malware

Any software that is designed specifically to cause damage to a user’s computer, server, or network. Viruses, worms, and trojans are all types of malware.

Monitoring tool

Software that monitors activity, usually by capturing keystrokes or screen images. It may also include network sniffing software. Also see password stealer (PWS).

O

Operating System, Browser and Application Vulnerabilities

See Operating System, Browser and Application Vulnerabilities.

P

Password Stealer (PWS)

Malware that is specifically used to transmit personal information, such as user names and passwords. A PWS often works in conjunction with a keylogger. Also see monitoring tool.

Payload

The actions conducted by a piece of malware for which it was created. Payloads can include, but are not limited to, downloading files, changing system settings, displaying messages, and logging keystrokes.

Phishing

A method of credential theft that tricks Internet users into revealing personal or financial information online. Phishers use phony websites or deceptive email messages that mimic trusted businesses and brands to steal personally identifiable information (PII), such as user names, passwords, credit card numbers, and identification numbers.

Phishing Impression

A single instance of a user attempting to visit a known phishing page with Internet Explorer 7, 8, or 9, and being blocked by the Phishing Filter or SmartScreen Filter. Also see malware impression.

Pop-under

A webpage that opens in a separate window that appears beneath the active browser window. Pop-under windows are commonly used to display advertisements.

Unwanted Software

A program with potentially unwanted functionality that is brought to the user’s attention for review. This functionality may affect the user’s privacy, security, or computing experience.

R

Remote Control Software

A program that provides access to a computer from a remote location. Such programs are often installed by the computer owner or administrator and are only a risk if unexpected.

Rogue Security Software

Software that appears to be beneficial from a security perspective but that provides limited or no security capabilities, generates a significant number of erroneous or misleading alerts, or attempts to socially engineer the user into participating in a fraudulent transaction.

Rootkit

A program whose main purpose is to perform certain functions that cannot be easily detected or undone by a system administrator, such as hiding itself or other malware.

S

Signature

A set of characteristics that can identify a malware family or variant. Signatures are used by antivirus and antispyware products to determine whether a file is malicious or not. Also see definition.

Social Engineering

A technique that defeats security precautions by exploiting human vulnerabilities. Social engineering scams can be both online (such as receiving email messages that ask the recipient to click the attachment, which is actually malware) and offline (such as receiving a phone call from someone posing as a representative from one’s credit card company). Regardless of the method selected, the purpose of a social engineering attack remains the same—to get the targeted user to perform an action of the attacker's choice.

Spam

Bulk unsolicited email. Malware authors may use spam to distribute malware, either by attaching the malware to email messages or by sending a message containing a link to the malware. Malware may also harvest email addresses for spamming from compromised machines or may use compromised machines to send spam.

Spambot

A bot that sends spam at the direction of a remote attacker, usually as part of a spam botnet.

Spyware

A program that collects information, such as the websites a user visits, without adequate consent. Installation may be without prominent notice or without the user’s knowledge.

T

Tool

Software that may have legitimate purposes but may also be used by malware authors or attackers.

Trojan

A generally self-contained program that does not self-replicate but takes malicious action on the computer.

Trojan Downloader/Dropper

A form of trojan that installs other malicious files to a computer that it has infected, either by downloading them from a remote computer or by obtaining them directly from a copy contained in its own code.

V

Virus

Malware that replicates, typically by infecting other files in the computer, to allow the execution of the malware code and its propagation when those files are activated.

Vulnerability

A weakness, error, or poor coding technique in a program that may allow an attacker to exploit it for a malicious purpose.

Vulnerability Complexity

See Vulnerability Complexity.

Vulnerability Severity

See Vulnerability Severity.

W

Wild

See in the wild.

Worm

Malware that spreads by spontaneously sending copies of itself through email or by using other communication mechanisms, such as instant messaging (IM) or peer-to-peer (P2P) applications.

Feedback:

Was the information in this article helpful?