Glossary of Virus Terms - D
|
Damage Cleanup Template / Engine
|
|
The Damage Cleanup Template / Engine is the automated cleanup component of Trend
Micro antivirus products. Trend Micro antivirus provides automated cleanup for all
critical malware threats via this template and engine package, which is initiated
upon malware detection. The Damage Cleanup Template / Engine can also be used as
a standalone cleanup package.
|
Back to Top
Damage Potential
|
A malware's damage potential rating may be high, medium, or low based on its inherent
capacity to cause both direct and indirect damage to systems or networks. Certain
malware are designed specifically to delete or corrupt files, causing direct damage.
Denial of service (DoS) malware may also cause direct and intended damage by flooding
specific targets. Mass-mailers and network worms usually cause indirect damage when
they clog mail servers and network bandwidth, respectively.
High
- System becomes unusable (e.g. flash bios, format HDD)
- System data or files are unrecoverable (e.g. encryption of data)
- System cannot be automatically recovered using tools
- Recovery requires restoring from backup
- Causes large amounts of network traffic (packet flooders, mass-mailers)
- Data/files are compromised and sent to a third party (backdoor capabilities)
Medium
- System/files can be recovered using Trend Micro products or cleaning
tools
- Minor data/file modification (e.g. file infectors)
- Malware that write minimal amount of data to the disk
- Malware that kill applications in memory
- Causes medium amount of network traffic (e.g. slow mailers)
- Automatically executes unknown programs
- Deletes security-related applications (e.g. antivirus, firewall)
Low
- No system changes
- Deletion of less significant files in the system
- Changes can be recovered by users without using any tools
- Damage can be reversed just by restarting the system
|
Back to Top
Data Miners (Tracking Cookies)
|
Data Miners are applications that monitor, analyze, and collect specific information
found in a database or volume of data from various sources. Data miners are not
always used with malicious intent. Data mining programs allow companies to compile
important client information, in order to enhance their services.
Data miners may be used by Web sites to monitor, analyze, and collect particular
user activities on a computer to collect information that typically will be used
for marketing purposes. Usually, data miners are uploaded to a computer to search
for Web sites visited, products searched, and services used. The data is then sent
back to be used for targeted advertising.
Data miners may be used maliciously and in some instances have been employed to
steal personal information like logon credentials and credit card numbers.
|
Back to Top
Date of Origin
|
|
Indicates when a virus was first discovered (if known).
|
Back to Top
Denial of Service
|
|
Denial of service (DoS) is a malware routine that interrupts or inhibits the normal
flow of data into and out of a system. Most DoS attacks consume system resources,
such that, in a short period of time, the target is rendered useless. A form of
DoS attack is when a Web service (like a Web site or a download location) is accessed
massively and repeatedly from different locations, preventing other systems from
accessing the service and retrieving data from it. When a DoS attack is launched
from different locations in coordinated fashion, it is often referred to as a distributed
denial of service attack (DDoS).
|
Back to Top
Description
|
|
This is a brief summary of a threat listed in the Trend Micro’s Security Information
page (more popularly known as Trend Micro Virus Encyclopaedia). For instructions
on how to cleanup system or how to avoid known threats, click on the “Solution”
tab. For detailed technical information, click on the "Tech Details" tab.
For infection/detection statistics, click on the "Statistics" tab.
|
Back to Top
Destructive Threat
|
|
A threat tagged as destructive causes direct damage to files or computer systems,
often resulting in the loss of important data. Routines such as corrupting or deleting
important files and formatting the hard drive are considered destructive. A program
that was designed to consume resources in a denial of service attack is also tagged
as destructive.
|
Back to Top
Dialers
|
|
Dialers, as the name implies, dial to predefined numbers to connect to certain sites.
Many users run dialers without knowing that some of these programs actually dial
long distance numbers or connect to pay-per-call sites; and that they are being
charged for the calls. Dialers are often offered as programs for accessing adult
sites.
|
Back to Top
Discovery Date
|
|
Discovery date indicates the date when Trend Micro received news about a scam, a
hoax, an urban legend or a vulnerability. For malware and grayware, the date when
Trend Micro received the first sample of a particular threat is indicated under
Initial Samples Received On.
|
Back to Top
Distributed Denial of Service
|
|
(See Denial of service.)
|
Back to Top
Distribution Potential
|
Distribution potential is derived from the characteristics of the malicious program.
Fast-spreading network worms can spread across continents within just minutes. Some
malicious programs also use numerous infection and spreading techniques –
often referred to as blended threats or mixed threats. The Nimda virus, for example,
was able to spread via email, network shares, infected Web sites, as well as Web
traffic (http/port 80).
As new systems are made and improved with added functionality, proof-of-concept
malware often follows. This uniqueness, as well as the widespread implementation
of a particular operating system or software, also influences the potential distribution
of each malware. Many viruses written in the past do not run or spread on newer
operating systems or operating systems that have all the latest security patches
installed.
High
- Blended threats (i.e. spreads via email, P2P, IM, network shares)
- Mass mailers
- Spreads via network shares
Medium
- Mailers
- has spread via third-party or media
- spreads in IRC, IM, or P2P
- requires user intervention to spread
- URL/Web site download
Low
- no network spreading
- requires manual distribution to spread
|
Back to Top
Dropped Detection
|
|
A dropped detection is a detection that has been removed from the pattern file due
to one or several reasons. Typically, a threat detection is dropped when it conflicts
with other detections or with unrelated files. Detections that cause performance
issues, as well as other technical conflicts, are also dropped from the pattern
file if Trend Micro deems that these detections do not pose as immediate threats.
|
Back to Top
Droppers
|
|
Droppers are programs designed to extract other files from their own code. Typically,
these programs extract several files into the computer to install a malicious program
package. Droppers may have other functions apart from dropping files.
|