Glossary of Virus Terms - P
|
Password
|
A password is a character set used to control access to computers systems and files.
The use of strong passwords can be critical to securing computer systems as hackers
and malware have been known use relatively effective password cracking methods to
break through password-protected systems.
Refer to the Safe Computing Guide (sorted by operating system) for tips on password
security.
|
Back to Top
Password cracking applications
|
Password cracking applications are programs that are designed to crack through password-protected
systems. Most password cracking applications use a long list of passwords and user
names - accessing target systems using the list contents or combinations of the
contents until successful.
Although password cracking is generally illicit, many system administrators regularly
run password crackers to test passwords employed by network users.
|
Back to Top
Pattern file
|
|
The pattern file is a protection database that needs to be updated consistently,
so as to contain the signature of latest threats. The pattern file works hand in
hand with the scan engine module, which enables Trend Micro products to detect known
threats in a user’s system or network.
|
Back to Top
Pattern release date
|
|
The Pattern Release Date on Trend Micro’s Security Information page indicates
the date when a specific pattern file was released.
|
Back to Top
Payload
|
The term payload refers to an action that a malware or grayware performs, apart
from its main behaviour. For example, payloads for a worm include all other actions
it performs apart from its propagation routines.
Payloads can range from something that is relatively harmless, like displaying messages
or ejecting the CD drive, to something destructive, like deleting the contents of
a hard drive.
|
Back to Top
PE
|
|
PE (Portable Executable) is the standard Win32 executable file format. File infectors
that infect 32-bit Windows executables are detected by Trend Micro antivirus as
PE_malwarename.
|
Back to Top
Phishing
|
Phishing is a form of identity theft in which a scammer uses an authentic-looking
e-mail from a legitimate business to trick recipients into giving out sensitive
personal information, such as a credit card, bank account, Social Security numbers
or other sensitive personal information.
The spoofed email message urges the recipient to click on a link to update their
personal profile or carry out some transaction. The link then takes the victim to
a fake Web site designed to look like the real thing. However, any personal or financial
information entered is routed directly to the scammer.
|
Back to Top
Phishing Link
|
|
While the visible link is just essentially just display text for the link in a phishing
email, the phishing link is the actual link that the visible link pertains to. Users
may view the phishing link by passing the pointer over the visible link.
|
Back to Top
Place of origin
|
|
In the Virus Encyclopaedia, the place of origin indicates where a virus is believed
to have originated.
|
Back to Top
Polymorphic viruses
|
Polymorphic viruses are complex file infectors that change physical forms, yet retain
the same basic routines, after every infection. Such viruses typically encrypt their
codes during each infection, altering their physical file makeup by varying encryption
keys every time.
This capability to change their physical makeup can allow polymorphic viruses to
evade antivirus scanners, and can require antivirus products to use complex patterns
and newer scan engines.
|
Back to Top
Pop-up window
|
|
This technique uses a script that opens a legitimate Web site in the background,
while a spoofed pop-up window, usually identical to the legitimate Web site, is
opened in the foreground. In effect, this misleads the user into thinking that pop-up
window is directly related to the official page. In some cases, the pop-up window
covers a portion of a legitimate Web site.
|
Back to Top
Port
|
A port is basically a connection address specified to allow programs on different
computers to communicate. This connection address is represented by a port number
from 0 to 65536. Like legitimate programs, malware programs that connect to remote
systems often use predefined ports. Some malware use random ports that are defined
upon connection. System administrators and desktop users can increase system security
by controlling the availability of certain ports.
Many ports used by malware and legitimate applications are assigned to specific
protocols like HTTP, which uses port 80 by default. IANA maintains a list of port
numbers and known uses.
|
Back to Top
Proof-of-concept
|
A proof-of-concept is the earliest implementation of an idea. A proof-of-concept
malware usually contains code that runs on new platforms and programs or takes advantage
of newly discovered vulnerabilities.
Proof-of-concept malware often perform actions that have never been done before.
For example, VBS_BUBBLEBOY was a proof-of-concept worm - it was the first email
worm to automatically execute without requiring recipients to double-click on an
attachment. Most proof-of-concept malware are never seen in-the-wild. However, malware
writers will often take the idea (and code) behind a proof-of-concept malware and
implement it in future malware.
|
Back to Top
Proxy server
|
A proxy server is an Internet connection device. It accepts requests for Internet
resources (such as when a Web browser opens a Web page) and attempts to provide
the resources if it has it in cache. It will request the page from the actual site
if it doesn't have it in cache.
Apart from its caching function, a proxy server can control connection to specific
sites. The single point of contact also improves manageability of Internet connections
for huge networks.
Some malware have been known to function as proxy servers on infected machines,
allowing unauthorized computers to connect to the Internet via infected systems.
|