Glossary and Definitions for Internet Security
Surf Security Lingo

Address Resolution Protocol (ARP) spoofing - A technique used to attack an Ethernet network which may allow an attacker to read, modify, or stop network traffic altogether (known as a denial of service attack).  The principle of ARP spoofing is to send a fake, or 'spoofed', ARP messages to an Ethernet Network. The goal is to associate the attacker's hardware network address (MAC address) with the IP address of another node (such as the default gateway). Thereafter traffic meant for the default gateway would be mistakenly sent to the attacker instead. The attacker could then choose to forward the traffic to the actual default gateway while sniffing (reading / capturing) or modifying data before forwarding it (man-in-the-middle attack). aka ARP Poisoning

Adware - a component of software added with or without the users permission that displays ads or tracks a users Internet use in order to sell their use history to advertisers or marketers.

Anti Spam - client or network software or hardware that attempts to remove unwanted e-mail messages to the recipient. Not to be confused with Uncle Spam (just a joke).

Anti Phishing - products and services designed to prevent phishing. Not to be confused with Uncle Phishing (just a joke).

Antivirus - products and services designed to prevent viruses. Not to be confused with Uncle Virus (just a joke).

Backdoor - An entry, typically unknown, to connect into a computer system or software program without supplying authorized credentials.

Bot - short for robot bots are also known as Internet bots or web robots.  Bots are typically software applications that run an automated tasks or series of automated tasks. Some bots can run unknown on client computers (see zombie).

botnet - an expression for a collection of bots frequently under the control of malicious users for financial or informational purposes.  Botnets send the majority of spam.

Browser Hijacker - a form of malware or spyware software programming that alters the existing home page, error page, or search page in a browser with a page of its own (often a dynamic page). These are generally used to force visits to particular websites.  Extremely aggressive hijackers can rend a browser unusable as it endlessly redirects web sites and opens additional windows and may enable pop up and pop under browser windows.

Content Control Systems - Software or Hardware systems that typically involve web filtering software and is designed to control what content a reader is permitted to access.  Frequently used to restrict material delivered over the Internet Web sites. Sometimes called censorware.

Content Filtering - Also known as Internet Filtering.

Crimeware - a computer program or system designed to expressly facilitate illegal activity.   Often defined as malware crimeware is designed (through technical stealth, social engineering, or other methods) to facilitate or commit identity theft in order to access a computer user's financial information such as accounts at online financial services or retailers for the purpose of taking funds from those accounts or completing unauthorized transactions that enrich the thief controlling the crimeware.

Crimeware frequently is designed to export confidential or sensitive information from a computer or network for financial exploitation.  Many spyware programs such as browser hijackers and keyloggers are considered crimeware, although only those used illicitly.  Crimeware also includes phishing kits designed to facilitate identity theft. 

Data Haunts - Methods for collecting electronic data about someone without leaving a trace.  This includes intercepting e-mail with keystroke loggers or man in the middle attacks, and illegally obtaining a persons phone, bank, or other records. 

Dialers - programs that use a computer or modem to dial a phone number (or internet site) that accrues charges to the users phone bill.  Variants include Dialer Virus and Dialer Malware.

DNS Changer - malicious software that modifies a client computer DNS host settings to redirect valid URL requests to fraudulent web sites. Variants include DNS cache poisoning and HOST file modifiers.

DNS Spoofing - A method that assumes the DNS name of another system.  Frequently accomplished by either corrupting the name service cache of a victim system, (DNS cache poisoning) or by compromising a domain name server.

Drive By Download - a malicious program that is automatically installed without the users consent or knowledge when a potential victim visits a booby-trapped website. The malicious program can be initiated by simply visiting a Web site or viewing an HTML e-mail message.  According to Wikipedia the expression drive-by download is used in three increasingly strict meanings:

1. Any download that happens without knowledge of the user.
2. Download of spyware, a computer virus or any kind of malware that happens without knowledge of the user. Drive-by downloads may happen by visiting a website, viewing an e-mail message or by clicking on a deceptive popup window: the user clicks on the window in the mistaken belief that, for instance, it is an error report from his own PC or that it is an innocuous advertisement popup; in such cases, the "supplier" may claim that the user "consented" to the download though he was completely unaware of having initiated a malicious software download.
3. Download of malware through exploitation of a web browser, e-mail client or operating system bug, without any user intervention whatsoever. Websites that exploit the Windows Metafile vulnerability may provide examples of "drive-by downloads" of this sort.  Wikipedia - July 19, 2007

Also know as drive-by install

Downloader - Malware that exists to install itself so it can then download and install more sophisticated malware.

Employee Internet Content Filtering - Similar to content-control software but specializing in employers restricting what content (for example pornography) may be viewed by employees while on the job.

Encryption - A process for transforming information so it is unreadable to anyone except those possessing special knowledge, usually referred to as a key. A cryptographic technique.

Firewall - hardware or software designed to permit, deny, or proxy data through a computer network.

Software firewalls - Software configured to permit, deny, or proxy data through a computer network typically run on an end users computer.

Grayware - an umbrella classification for software that causes a computer to behave in an annoying, undesirable or unwanted way.  Grayware typically encompasses spyware, adware, and malware.

Honeypot - system, or part of a system, purposely made to be enticing to an intruder or system cracker as part of a trap set to detect or deflect unauthorized access or use of computer system resources. Honeypots are used by Internet Security vendors to gather information for use in building security defenses.

Honeyclient - a computer (or virtual computer) the appears to attackers as an unprotected personal computer.

Sugarcane - A honeypot that masquerades as an open proxy.

Internet Filtering - Similar to content-control software and used to restrict material delivered over the Internet Web sites. Commonly used to disallow access to pornography sites for children and employees.

Internet Security Products - products and services designed to protect from adware, bots, malware, phishing, spam, virus, zombies and other Internet threats.

Intrusion Detection Systems - are software or hardware that monitor events occurring in a network or computer system and analyze them for signs of intrusions or attempts to compromise security mechanisms.

IP Address - An Internet Protocol Address is a locator for one IP device such as a computer or server to find another and interact with it.  An IP address is similar to a street address or a phone number.  Your IP address can be static, it stays the same, or dynamic, changing each time you connect to the Internet

Keylogger - software used to capture the user's keystrokes. Keyloggers provide a means to obtain passwords or encryption keys and other information such as bank codes or computer passwords.   Also known as keystroke logging.

Malicious Attacker Sites - Websites that host malicious software code, frequently without the site owners knowledge, which infects the computer of web site visitor.  Frequently used to install Trojan Horse, keylogger, or other malicious items.  Web site visitors do not have to click on any links or images in order for the code to download.  Also known as Web Attacker Sites and Malicious Web sites.

Malicious widgets -  A widget that secretly installs adware or malware.

Malware - software or applications (including Internet browser, widgets, and browser add ins) that conduct unwanted or unknown functions.  Generally used to mean a variety of hostile, intrusive, or annoying software or programs. Malware can turn computers into spam machines, platforms for computer attacks, or secretly record financial information and passwords. Formed from the words "malicious" and "software" also called badware.

Managed security service providers  - A Managed security service provider (MSSP) typically provides a multitude of managed security services, including managed firewall, VPN, anti-spam, anti-virus, malware filtering, intrusion detection, and content filtering services. These services offer the entire security solution, including hardware and software to provisioning and monitoring. 

Man in the Middle Attacks - In computer and Internet use this refers to a malicious individual or system (attacker)  in which the attacker is able to read, insert and modify information between the users computer and destination site / web page.  This most often occurs in a wireless / Wi-Fi spot where victims believe they are connecting to the Internet but are actually connecting through the attacker to the Internet. A sometimes abbreviated as MITM.

Password Stealer - A program that steals the login credentials for local or online applications or systems.  A key component in identity theft. Also known as PWS.

Pharming - refers to an attack where a user believes they are at a legitimate web site but are in fact at a malicious web site impersonating the legitimate site.  This occurs when infected computers or networks redirect Internet traffic from one Web site to a different, identical-looking site in order to trick you into entering information such as your bank account or other information.  This can occur even if the user correctly enters the web address into their browser.  Also known as DNS cache poisoning as one type of pharming is related to a DNS exploit.

Phishing - a variant of fishing this refers to increasingly sophisticated lures to "fish" for information such as a user's usernames, passwords and credit card details often utilizing social engineering and frequently delivered via e-mail or instant messaging. Phishers attempt to fraudulently acquire sensitive information by masquerading as a trustworthy entity.

Phishing e-mail - a phishing attempt utilizing e-mail.

Phishing kit - a collection of tools assembled to make it easier for people with little technical skill to launch a phishing exploit.  Kits typically include Web site development assistance, complete with graphics, coding, and content that can be used to create convincing imitations of legitimate sites, and spamming software to automate the mass mailing process.

Phishing prevention - products and services designed to prevent or educate potential victims about phishing.

Social phishing - phishing using social engineering techniques

Spear Phishing - luring victims into attacks by using precisely targeted researched personal information schemes.

Whaling - phishing attacks targeted at high level company executives or employees (often new employees) for sensitive company information or for identity theft or other financial exploits.

Pop up or Pop under - A new browser window typically containing an advertisement that is automatically displayed in a second smaller browser window over or behind the current window upon loading or exiting a normal web page.

Pretexting - Obtaining information by pretending to be someone else.

Replicating Malware - Malware that replicates.  Also known as self-replicating malware.

Rootkits - a set of software tools designed to conceal running processes, files or system data from the computer operating system thus allowing processes to run unbeknownst to the computer. 

Secure E-mail - an e-mail system whereby transmissions of messages are encrypted or otherwise protected from view.

Secure Instant Messaging - an instant messaging system whereby transmissions of messages are encrypted or otherwise protected from view.

Shellcode - a relocatable piece of code or software used as the payload in the exploitation of a software bug. These bugs typically allow an unauthorized user to communicate with a computer to exploit a software vulnerability.

Social Engineering - a collection of techniques aiming to trick or manipulate people into divulging confidential information or performing actions to provide information.  Typically with the goal of  gaining computer system access.

Software Bug (or "bug") - an error or flaw in a computer program that prevents it from operating as intended. Many bugs arise from mistakes and errors in either a program's source code or caused by compilers producing incorrect code.  Serious bugs may cause a computer or program to crash or freeze. Others qualify as security risks that might, for example, enable a malicious user to bypass controls.

Spam - unwanted or undesired e-mail.  Frequently sent as bulk electronic messages.

Spambot - an Internet or web bot that crawls websites looking for e-mail addresses that are then sent unwanted,  undesired, or bulk email.

Spyware - software that is surreptitiously installed on a personal computer to intercept or take partial control over the user's interaction with the computer, without the user's consent.

"Spyware programs can collect various types of personal information, but can also interfere with user control of the computer in other ways, such as installing additional software, redirecting Web browser activity, or diverting advertising revenue to a third party." Wikipedia - July 19, 2007

Trackware - an internet marketing technique using malware to covertly track system activity, gather system information, or track user information and behavior and relay this information to a third-party.  Trackware as spyware can gather and report personally identifiable or other sensitive information.

Trojan Horse - a file (or program) that appears harmless until opened or executed. Different from computer virus, Trojan horses do not insert their code into other computer files.  Also called a Trojan.

Typosquatting - also called URL hijacking, occurs when a user makes a mistake such as typing www.gooogle.com (three o's intead of two) instead of www.google.com into their browser. A typosquatter will register the mis-spelled domain and may serve ads or even put malware on the website.  It is a form of cyber squatting. Also called URL hijacking.

Unified Threat Management - UTM appliances combine firewall, Virtual Private Network, antivirus, anti spam, content filtering, intrusion detection, and other security services on a single platform removing the need for multiple management stations and servers.  Also known by the acronym UTM.

Virus - A computer program that can copy itself and infect a computer without permission or knowledge of the user. The original may modify itself or imbed itself in another file.  Virus can easily spread to other computers via e-mail, the Internet, or tile transfers.

metamorphic virus - software code that can reprogram itself by translating its code into a temporary representation and then write itself back to normal code again.  This is used by some viruses so the "children" will never look like the "parents" in order to evade pattern recognition of anti-virus software.

polymorphic virus - code that mutates while keeping the original intact. This technique is sometimes used by computer viruses, shellcodes and computer worms to hide their presence.

Vishing - Also known as voice phishing, vishing attacks send text messages indicating that a persons bank account information has been tampered with and asking mobile phone users to provide personally identifiable information either over the phone or by using the phones Internet browser.  Vishing schemes involving a phone call are often directed to an automated "bank" greeting that prompts the caller to provide credit card or bank numbers.

VPN - Virtual Private Network - A Virtual Private Network creates a secure tunnel between the points within the VPN. Only devices with the correct "key" will be able to work within the VPN. The VPN network can reside within a typical LAN (Local Area Network), and/or over public networks such as Internet.

Web Address Error Redirect - a service that monitors for non-existing domain responses (such as those going to typosquatter pages and queries to "malicious attacker sites") and, conditionally, redirects these responses to useful landing pages.

Web Bot - also known as an Internet bot or simply a bot, software applications that run automated tasks over a computer network.

Whaling - A form of Phishing, see entry under Phishing, Whaling.  Also known as Whaling attacks.

White List or Whitelist - A list of trusted or accepted web sites, e-mail senders, file types or other items.  Those not on the white list are rejected.  This is the opposite of a blacklist which accepts all except what is blacklisted.

Widget - mini applications embedded within a web page that add dynamic content frequently supplied by a third party.  Known as modules, snippets, and plug-ins. people use to add entertainment and functionality to a web site.  A popular use of Widgets are in Social Networking sites (Facebook, Myspace, etc). 

Worm - A a self-replicating computer program that uses a network to send copies of itself to other computers or hardware.  Unlike a virus worms harm the network (if only by consuming bandwidth), whereas viruses infect or corrupt files on a targeted computer.

Zero-day Attack - a virus or other exploit that takes advantage of very recently or newly discovered security "openings" or vulnerabilities in a program or operating system before the software developer has made a fix available. Also known as a zero-hour attack.

Zombie - A computer attached to the Internet that has been compromised by a computer virus, trojan horse, or person.  The compromised computer is frequently used as part of a botnet to perform malicious tasks under remote direction. Most owners of zombie computers are unaware that their system is being used.

"Infected zombie computers are now the major delivery method of spam. Zombies have been used extensively to send e-mail spam; as of 2005, an estimated 50–80% of all spam worldwide was sent by zombie computers. This allows spammers to avoid detection and presumably reduces their bandwidth costs, since the owners of zombies pay for their own bandwidth." Wikipedia - July 19, 2007

Zombie and Bot Remediation - a system that monitors network traffic for zombie and bots that prevents access to known zombie and bot resources and redirects infected users to a "Walled Garden" to allow them to remove the infection.
 

Additional definitions can be found at Wikipedia, an open source encyclopedia.