Microsoft Volume Licensing Blogtwitter


ActiveX controlAlso known as a browser add-on. ActiveX controls give you extra features in Internet Explorer, such as automatic updates and website animations. Some websites will ask you to install an ActiveX control when you visit. Malware can take advantage of vulnerabilities in ActiveX controls. Cybercriminals can make malicious ActiveX controls to download and run programs on your PC. See also: browser helper object.
AdwareSoftware that shows you extra promotions that you cannot control as you use your PC. You wouldn't see the extra ads if you didn't have adware installed.
Alert levelWe give all the malware that we detect an alert level. This level depends on how easily the malware can spread and the potential damage it can do. The different alert levels are explained in the following webpages:
AliasA different name for the same malware. Malware names can differ from one security provider to another.
APIStands for "Application programming interface". APIs are used to access common, low-level functions. Programmers can use APIs to easily access these functions when they develop their software.
Authenticated userSomeone who has signed in to a website or logged on to a PC or network with the correct user name or password.
Authentication bypassA loophole or vulnerability that lets a malicious hacker use a program on your PC without needing a user name or password.
Backdoor trojanA type of trojan that gives a malicious hacker access to and control of your PC. This means they may be able to tell your PC what to do or monitor what you do online. A bot is a type of backdoor trojan.
BehaviorA type of detection based on file actions that are often associated with malicious activity.
Behavior monitoring signatureA type of signature that is based on behaviors or activity that is commonly used for malicious purposes, such as renaming folders or creating certain types of shortcuts.
Blackhat SEO (search engine optimization)A unfair way to make some pages appear higher in a list of search engine results. Unlike normal search engine optimization (SEO), blackhat SEO is considered deceitful and unethical.
BitcoinsA form of digital currency. You can use bitcoins to buy things online or exchange them for real money. All transactions made in the Bitcoin system are tracked and stored for everyone else to see.
Bitcoin miningNew bitcoins are created by bitcoin mining. Anyone using the bitcoin system can mine by running special software on their PC. Bitcoin mining software needs a lot of processing power and can slow down the PC that's running it.
BotSmall, hidden programs that are often controlled by a malicious hacker. Bots can be installed on your PC without you knowing. Bots on a large number of PCs can be connected to form a botnet.
BotnetWhen multiple copies of a bot are installed on many PCs and controlled by a malicious hacker. The malicious hacker can use a botnet for large attacks (such as DDoS attacks or "floods") that wouldn't be possible if they used just one PC.
Browser helper object (BHO)Internet Explorer uses BHOs to give you added features as you browse the web. Malware authors can try and take advantage of BHOs to install malicious files on your PC. You can learn how to turn browser helper objects off from Microsoft support.
Browser modifierA program than makes changes to your Internet browser without your permission.
Brute forceWhen a malicious hacker tries to guess your user name and password. This is usually done automatically by malware that uses a large list of very common words and numbers. This is one of the reasons why it's important to have a strong password that can't be guessed. Read more tips about creating strong passwords.
Buffer overflowA technique used by some malware to cause an error in a program and make it easier to run malicious code.
CAPTCHAStands for Completely Automated Public Turing test to tell Computers and Humans Apart. CAPTCHAs are puzzles that are easy to solve for a human, but hard for a computer. They are usually used by web pages to test if you are a person or a computer program. Most CAPTCHAs use a distorted image of letters and numbers that you must type into a text box.
Cavity infectionA type of infection where a virus finds a gap in a file and inserts itself into it. This means the file stays the same size and the virus is harder to find. This technique can modify the original file beyond repair.
CleanTo remove malware or unwanted software from your PC. A single cleaning can involve several disinfections with your security software.
Clean fileA file that has been analyzed and determined as non-malicious.
Click fraudWhen a malicious hacker makes money by using your PC to click ads. The malicious hacker uses malware to do this in the background, so you won't see it happening. The MMPC blog post "Another way Microsoft is disrupting the malware ecosystem" explains how click fraud works.
Command and control serverThe server from which an operator controls the bot nodes in a botnet. This server acts as the command center for the network.
Compromised websiteA website that includes malicious pages or links to malicious content. A website can be compromised with or without the website owner knowing about it. Compromised websites can be used to spread malware to unsuspecting visitors.
ConstructorA program that can be used to automatically create malware files.
Content delivery network (CDN)A service used to cache pages from a website on a number of servers so that they can be viewed faster.
CookieA piece of information that is sent from a website to your internet browser when you visit it for the first time. The cookie is stored in your web browser and tells the website about your last visit. Cookies are often used by online shopping websites to keep track of your habits and suggest other items for you to buy. Sometimes a cookie includes sensitive information that may be read and stolen by malware. Cookies are also known as HTTP cookies or tracking cookies.
Cross-site request forgery (CSRF or XSRF)A loophole or vulnerability that lets a malicious hacker pretend to be a trusted user of a website. The website will then let the malicious hacker do things that they shouldn't have permission to do.
Cross-site scripting (XSS)When a malicious hacker inserts malicious code into a trusted website.
CryptorA tool that can protect software from being reverse-engineered or analyzed. Malware may use a cryptor to make it harder for your security software to detect or analyze it.
CybersquattingWhen someone registers, trades or uses a website name to profit from a trademark that belongs to someone else. See also: typosquatting.
DDoSStands for distributed denial of service. When a number of PCs are made to access a website, network or server repeatedly within a given time period. The aim of the attack is to overload the target so that it crashes and can't respond. This means it won't work for any legitimate users. DDoS attacks can involve multiple computers that have been infected with malware. See also: denial of service
DefinitionA set of signatures that our security software uses to identify malware. Other security software vendors may call definitions something different, such as DAT files, pattern files, identity files, or antivirus databases.
DialerA program that makes unauthorized telephone calls. These calls may be charged at a premium rate and cost you a lot of money.
DisinfectTo remove malware or unwanted software from a PC. See also: clean.
DNS serverStands for Domain Name System server. It translates the alphanumeric domain name (for example, "") into the IP address for that name (for "", the IP address is "").
Domain authenticationWhen you are checked and verified as a legitimate user so you can see and access a website.
DoSStands for denial of service. When a target PC or server is deliberately overloaded so that it doesn't work for any visitors anymore. There are a number of different types of attack that may result in a denial of service. See also: DDoS.
Double-free conditionA loophole or vulnerability in the way a program writes to memory. It can be used by some malware to infect your PC.
DownloaderA type of trojan that downloads other malware onto your PC. The downloader needs to connect to the Internet to download the files.
Drive-by downloadThe automatic or accidental download of malware from the Internet. For example, when you agree to a license agreement without reading it properly. Some malware can also use vulnerabilities or loopholes in your web browser to automatically download files when you visit a compromised website.
DropperA type of trojan that installs other malware files onto your PC. The other malware is included within the trojan file. This is different to a downloader, which needs to connect to the Internet to download other files.
EICARStands for the European Institute for Computer Antivirus Research. EICAR provides a file that can be used to see if your antivirus software is installed and working properly. There is more information on the EICAR website.
Encounter rateThe percentage of PCs running Microsoft real-time security products that report a malware encounter, even if the encounter is blocked and doesn’t result in a malware infection. Only users who have opted to provide data to Microsoft are considered when calculating encounter rates.
EncryptionA way of making readable information unreadable. Encrypted information can't be understood until it is decrypted using a secret key. Malware can use encryption to hide its code and make detection and removal more difficult.
ExploitA piece of code that uses software vulnerabilities to access information on your PC or install malware. For more information, see our page on exploits.
FirewallA program or device that monitors and controls the flow of information between two points. For example, between your computer and the Internet.
Form grabbingA malware technique that can steal your website sign in information or change the web content that you see.
GenericA type of malware signature that can detect a large variety of malware that are in the same family or of a similar type.
HacktoolA type of tool that can be used to allow and maintain unauthorized access to your PC.
Heap overflowA type of buffer overflow that can change the way a program behaves.
Heap sprayingA vulnerability used by some malware to insert malicious code into your computer's memory.
HeuristicsA tool or technique that can help identify common patterns. This can be useful for making generic detections for a malware family.
HijackingWhen a communication channel is taken over by a malicious hacker. For example, when a malicious hacker gets access to your web browsing session.
Hoax emailA fake email that warns you about malware. The email may include instructions that actually install malware onto your PC.
Hosts fileA legitimate file that tells your PC what webpage to go to when you type a URL into your Internet browser. Some malware can change the file to redirect you to a malicious website without you realizing.
IFramesShort for inline frame. A section of a webpage, like an advertisement, that links to another webpage. Malware can use IFrames to put malicious content into trusted websites. This could look like an advertisement, but it downloads malware or unwanted software when you click on it.
Improper authenticationWhen a program doesn't believe that you are who you say you are when you try to make changes to your PC.
Improper error handlingA loophole or vulnerability where an application doesn't handle errors properly and fails. This can be exploited by some malware.
Improper input validationA potential vulnerability when a form isn't validated properly and may allow unintentional actions to happen.
In the wildMalware that currently infects and affects users' computers. This is opposed to malware that we have seen only in internal test environments or malware collections.
Incorrect detectionA program that may have been mistakenly classified as malware or unwanted software. You can report an incorrect detection using our Incorrect detection report form.
InfectionWhen a virus adds its code to another file to help it spread its code to other files and PCs.
Infection rateThe number of PCs cleaned for every 1,000 unique machines that run the Malicious Software Removal Tool (MSRT).
Information disclosureA type of software loophole or vulnerability that allows information to be shared when it shouldn't be.
InjectorA type of program that inserts its code into other running processes. Malware can use code injection to hide or prevent its removal.
Insufficient boundsA lack of memory that can lead to a buffer overflow.
Insufficient validationA software loophole or vulnerability that can create errors in a program because information isn't written properly.
Integer overflowWhen a program creates a larger number than its code can represent. This can create errors within the program.
Joke programA program that pretends to do something malicious but actually doesn't actually do anything harmful. For example, some joke programs pretend to delete files or format disks.
KeyloggerAlso known as keystroke logging. Software that records which keys you press. See also: password stealer.
Kill bitA feature in Internet Explorer that disables an ActiveX control.
LitecoinsA form of digital currency similar to bitcoins.
Least-privilege user account (LUA)An account on your PC that has very few permissions so it can't be used to change any settings. See also: user account control.
Macro virusA type of virus that spreads through infected documents such as Microsoft Word or Excel documents. The virus is run when you open an infected document.
Malformed input An application command that is different to what was expected or has invalid information in it.
MalwareShort for malicious software. The general name for programs that perform unwanted actions on our PC, such as stealing your personal information. Some malware can steal your banking details, lock your PC until you pay a ransom, or use your PC to send spam. Viruses, worms and trojans are all types of malware.
Malware creation toolA program that can be used to automatically create malware files.
Man-in-the-browser (MITB) attackA type of web-based threat where a malicious program makes changes to a website without the website owner knowing it is happening.
Man-in-the-middle (MITM) attackA form of eavesdropping in which a malicious hacker gets in the middle of network communications. The malicious hacker can then manipulate messages or gather information without the people doing the communication knowing.
Memory reallocationWhen information stored in a computer program is overwritten before it's used. This can cause errors in the program.
Memory residentA threat that continues to run and take up space until your PC is restarted.
Microsoft Word global templateA Microsoft Word feature that stores macros, AutoText entries, and the custom toolbar, menu, and shortcut key settings so that you can use them with any document.
MisleadingThe program that makes misleading or fraudulent claims about files, registry entries or other items on your PC.
Monitoring toolA commercial program that monitors what you do on your PC. This can include monitoring what keys you press; your email or instant messages; your voice or video conversations; and your banking details and passwords. It can also take screenshots as you use your PC.
MutexStands for mutual exclusion object. Some malware can create a mutex as a sign that it has infected your PC. This stops it from infecting your PC twice.
Network packetA unit of data carried over a network.
Non-persistent XSSA type of cross-site scripting. The link to the malware is stored on a server and followed when you visit the infected website.
NTFS file systemStands for new technology file system, a system used by Windows NT.
NTLDRAn abbreviation of the term 'NT loader'. The set of instructions that run every time the Windows NT operating system is started.
ObfuscateTo hide or make unclear. Some malware hides its code in this way to make it harder for security software to detect or remove it. We call this type of malware an obfuscator.
ObfuscatorA type of malware that hides its code and purpose to make it more difficult for security software to detect or remove it.
PackerA program that lets you bundle files together into the same download. This can be used by malware authors to hide malware files and make them harder to detect.
Password stealerA type of malware that is used steal your personal information, such as user names and passwords. It often works along with a keylogger that collects and sends information about what keys you press and websites you visit to a malicious hacker.
PayloadThe actions taken by a piece of malware once it is installed on your PC. For example, this can include downloading files, changing your PC settings, displaying messages and watching what keys you press.
PhishingA way to trick you into giving out your personal or financial information. Phishers may use phony websites or email messages that look like they are from a trusted businesses. Their goal is to get you to reveal your personal information, such as your user names, passwords, or credit card numbers.
PolymorphicMalware that can change parts of itself to avoid detection by security software.
Privilege elevationA vulnerability that lets someone do things on your PC, network or server that they otherwise wouldn't be able to.
Proof-of-Concept (PoC) codeCode that's written to prove that a particular method of malware attack can work.
ProgramSoftware that you may or may not want installed on your PC.
Proxy serverA server that sits between you and the server you are trying to reach. A proxy server tries to answer your request before passing it on to the actual server you are trying to reach. They can be used to filter and store online content, handle frequent requests more quickly, or hide someone's identity.
RansomwareA type of malware that can stop you from using your PC, or encrypt your files so you can’t use them. You may be warned that you need to pay money, complete surveys, or perform other actions before you can use your PC again. For more information, see our ransomware page.
ReinfectionWhen your PC is infected with malware again after it has been cleaned. Reinfection usually happens when your security software isn't up to date, or if the malware isn't being removed fully. There is more information on our reinfection help page.
Remote code execution (RCE)When a malicious hacker runs code on your PC without having actual physical access to it.
Remote control softwareA program that gives someone access to your PC from a remote location. This type of program is often installed by the computer owner. They are only a risk if they are unexpected.
Remote procedure call (RPC)A communication tool that helps processes on your computer to share information.
ResidentMalware that continuously runs on your PC. This happens when a copy of the malware makes changes to your PC so that it runs every time the PC starts up.
Rogue security softwareSoftware that pretends to be an antivirus program but doesn't actually provide any security. This type of software usually gives you a lot of alerts about threats on your PC that don't exist. It also tries to convince you to pay for its services. Our rogue security software page has more information.
RootkitA program that is designed to hide itself and other malware from detection while it makes changes to your PC. These changes are hard to detect and fix. There is more information on our rootkits page.
Script (malware)A type of malware written using a scripting language. Common forms of scripting language include JavaScript, HTML, Visual Basic Script, PowerShell, Perl, Python and Shell Scripting.
Search engine optimization (SEO)The process of increasing the ranking and popularity of a webpage in search engine results. Usually, the higher a web page is in the list of results, the more likely that someone will visit it.
Security bypassA software vulnerability that lets a malicious hacker get past a program's security.
Sender ID frameworkTechnology that helps fight spam, spoofing, and phishing emails. It checks that an email comes from where it says it does. This helps stop deceptive messages.
Settings modifierA program that changes your PC settings.
ShellThe program that gives your commands to your computer's operating system.
ShellcodeThe payload that is run after malware has exploited a software vulnerability.
SignatureA signature is a set of characteristics that we use to identify a piece of malware. Signatures are used by security software to automatically decide if a file is malicious or not.
Social engineeringA method of attack that targets people rather than software. Social engineering is designed to trick you into doing something that benefits the malicious hacker, such as opening or downloading a malware file or giving away your personal information. It can be online, such as an email that tricks you into opening an attachment, or offline, such as a phone call from with someone pretending to be from your bank. However social engineering happens, its purpose is the same – to get you to do something that a malicious hacker wants you to do.
Software bundlerA program that installs unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.
SpamBulk unwanted email. Spam can be used to spread malware, either as an email attachment or with a hyperlink that redirects you to an infected webpage. Some malware can collect email addresses for spamming from infected PCs, or use infected computers to send spam.
Spam runA bulk round of spam. A spam run can describe a single round of spam emails sent from the same server, or groups of spam emails on the same theme, for example Valentine's Day spam.
SpammerA trojan that sends large numbers of spam emails. It may also describe the person or business responsible for sending spam.
SpoofA type of attack where a message is made to look like it comes from a trusted source. For example, an email that looks like it comes from a legitimate business, but is actually trying to spread malware.
SpooferA type of trojan that makes fake emails that look like they are from a legitimate source.
SpoofingWhen a malicious hacker mimics someone else. For example, when they create a website that looks the same as a legitimate website to try and trick people into using it.
SpywareA program that collects your personal information, such as your browsing history, and uses it without adequate consent.
SQL injectionA type of malware attack where SQL code is put into an ordinary web form. If the code is run it can cause significant information loss.
Stack-based buffer overflowA common type of buffer overflow that allows malware code to run on your PC.
StealthA way of hiding a threat, file or process. One form of stealth can be a redirect that makes it hard to look at a malicious file or piece of code because you are sent to a clean location instead.
Targeted attackA malware attack against a specific group of companies or individuals. This type of attack usually aims to get access to the PC or network, before trying to steal information or disrupt the infected machines.
ToolA type of software that may have a legitimate purpose, but which may also be abused by malware authors.
TrojanA type of malware. A trojan is a program that tries to look innocent, but is actually a malicious application. Unlike a virus or a worm, a trojan doesn't spread by itself. Instead they try to look innocent to convince you to download and install them. Once installed, a trojan can steal your personal information, download more malware, or give a malicious hacker access to your PC.
Trojan clickerA type of trojan that can use your PC to "click" on websites or applications. They are usually used to make money for a malicious hacker by clicking on online advertisements and making it look like the website gets more traffic than it does. They can also be used to skew online polls, install programs on your PC, or make unwanted software appear more popular than it is.
Trojan downloader/dropperA type of trojan that installs other malicious files, including malware, onto your PC. It can download the files from a remote PC or install them directly from a copy that is included in its file.
Trojan notifierA type of trojan that sends information about your PC to a malicious hacker. It is similar to a password stealer.
Trojan proxyA type of trojan that installs a proxy server on your PC. The server can be configured so that when you use the Internet, any requests you make are sent through a server controlled by a malicious hacker.
TrojanSpyA program that collects your personal information, such as your browsing history, and uses it without adequate consent.
TyposquattingA form of cybersquatting where someone registers a domain name of a popular website, with small misspellings. For example, See also: cybersquatting.
Unchecked bufferA software vulnerability where data is stored to a program's memory incorrectly. This can cause errors in the program.
Uninitialized memoryA software vulnerability where memory on your PC can't be written over. This can create errors that can be exploited by malware.
Uninitialized pointerA software vulnerability when a program is pointed to write to an invalid memory location. This can create errors in a program.
Uninitialized variableA common source of software bugs that results in an error.
Unrestricted upload of a file with a dangerous typeA type of vulnerability where software allows a malicious hacker to upload malicious files onto your PC. These files can be automatically installed and run on your PC.
Unwanted softwareA program that you may not want installed on your PC, or that may have already been installed without adequate consent from you. Unwanted programs may impact your privacy, security, or computing experience.
Use after freeWhen a program's code points to memory that has since been cleared. This can cause the program to fail or behave unexpectedly.
User account control (UAC)Also known as least-privilege user account. Gives you control of what changes someone can make to your PC. You can use UACs to make it harder for malware to install and run. For example, you can make it so that someone can't install any software or drivers when they use your PC. You can also block them from changing system wide settings, viewing or changing other user accounts, or running administrative tools.
User elevationWhen someone is using your PC with higher privileges than they should have.
VirtoolA detection that is used mostly for malware components, or tools used for malware-related actions, such as rootkits.
Virtual machineA copy of a complete PC in a self-contained and isolated environment. Virtual machines let you run otherwise incompatible operating systems, as each system can run in its own isolated section. For example, running Mac OS X on a Windows PC.
VirusA type of malware. Viruses spread on their own by attaching their code to other programs, or copying themselves across systems and networks.
VulnerabilityA flaw or error in a program that may allow a malicious hacker to exploit it for a malicious purpose. Once known, software vulnerabilities are usually quickly patched by their vendor. You must then update your software to be protected. For more information, see our page on exploits.
WildListA collection of malware that is used to test the performance of antimalware software.
WormA type of malware that spreads to other PCs. Worms may spread using one or more of the following methods:
  • Email programs:
    Within an attachment or as a link within an email message.
  • Instant messaging programs:
    By sending an instant message that includes a copy of itself, using programs such as Windows Live Messenger or Skype.
  • File-sharing programs:
    By creating copies of itself in the common download/upload folders of file-sharing or peer-to-peer programs. Worms will often use the names of popular software or games as a social engineering technique.
  • Social networking sites
    By automatically sending messages to all of your contacts on a social networking website, such as Facebook and Twitter. The message usually has a link to a copy of the worm.
  • Network shares:
    Through network shares and mapped drives. Some worms can spread by creating copies of themselves in shared folders. If these folders are password-protected, some worms may try to access them using commonly user names and passwords.
  • Removable drives with Autorun enabled:
    By copying itself to removable drives such as flash drives and portable hard disks. Worms that use this method of spreading are called Autorun worms because they usually install a file called autorun.inf. This file lets the worm automatically copy itself when you access the drive and have the Autorun feature turned on. Autorun is the same feature that automatically plays music or installs software when you insert a CD , DVD or USB flash drive.
  • Software vulnerabilities:
    Through vulnerabilities in your software. Some worms use vulnerabilities in Windows services to spread to other PCs and to communicate with each other. This means a clean PC that communicates with an infected PC can become infected.
XLStartA folder where you can put the worksheets that you would like to automatically open when you start Excel. The folder is usually stored in %AppData%\Local\Microsoft \Excel\XLStart.
XML injectionA type of vulnerability that allows a malicious hacker to change an XML file.