/ Spyware Information Center
AdTool are programs that facilitate delivery for advertising
content to the user and in some cases gather information
from the user's computer, including information related
to Internet browser usage or other computer habits.
They can take up your computers resources and are largely
responsible for the countless popup ads you receive
on the web. AdTool is often bundled with or embedded
within freeware programs like such as clocks, messengers,
alerts, weather, and so on.
Adware : An Adware’s
main purpose is to display targeted ads based on the
user behavior it is tracking. Adware are programs that
facilitate delivery of advertising content to the user
and in some cases gather information from the user's
computer, including information related to Internet
browser usage or other computer habits. They can take
up your computers resources and are largely responsible
for the countless popup ads you receive on the web.
Adware is often bundled with or embedded within freeware
programs like such as clocks, messengers, alerts, weather,
and so on, and software such as screensavers, cartoon
cursors, backgrounds, sounds, etc.
Annoyance : Any Trojan
that does not cause damage other than to annoy a user,
such as by turning the text on the screen upside down,
or making mouse motions erratic.
ANSI Bomb : Character
sequences that reprogram specific keys on the keyboard.
If ANSI.SYS is loaded, some bombs will display colorful
messages, or have interesting (but unwanted) graphical
AOL Pest : Any password
stealer, exploit, DoS attack, or ICQ hack aimed at users
of AOL. They may subject users to various risks, including
Spoofing, eavesdropping, sniffing, spamming, breaking
passwords, harassment, fraud, forgery, 'importuning',
electronic trespassing, tampering, hacking, nuking,
system contamination including without limitation use
of viruses, worms and Trojan horses causing unauthorized,
damaging or harmful access and/or retrieval of information
and data on your computer and other forms of activity
that may even be considered unlawful."
AV Killer : Any hacker
tool intended to disable a user's anti-virus software
to help elude detection. Some will also disable personal
Backdoor : A Backdoor
is a software program that gives an attacker unauthorized
access to a machine and the means for remotely controlling
the machine without the user's knowledge. A Backdoor
compromises system integrity by making changes to the
system that allow it to be used by the attacker for
malicious purposes unknown to the user.
Badjoke : Software
that is designed to mimic the actions of a virus but
is not malicious and does not harm the machine. Although
some Low Risk Software programs may track online habits
Agreement (EULA) -- or display advertising within the
applications themselves, these programs have only vague,
minimal or negligible effects on your privacy.
Banker : These Trojan
monitor and steal the user's internet access and on-line
banking details such as such as bank accounts, usernames,
passwords and credit card details from your computer
and sends it to the attacker.
Binder : A tool that
combines two or more files into a single file, usually
for the purpose of hiding one of them. A binder compiles
the list of files that you select into one host file,
which you can rename. A host file is a simple custom
compiled program that will decompress and launch the
source programs. When you start the host, the embedded
files in it are automatically decompressed and launched.
When a Trojan is bound with Notepad, for instance, the
result will appear to be Notepad, and appear to run
like Notepad, but the Trojan will also be run.
Browser Helper Object (BHO):
BHO is an application that extends Internet Explorer
and acts as a plug-in. Spyware as well as browser hijackers
often use BHOs to display ads or redirect the browser
to alternate sites and alternate search results. BHO
may not necessarily need your permission to install
and they can be used for malicious purposes like gathering
info on your surfing habits and search data to facilitate
targeted or contextual advertising.
A buffer overflow occurs when a program writes more
data in memory than it was initially allotted (buffer
Clicker: This family
of Trojans redirects victim machines to specified websites
or other Internet resources. Clickers either send the
necessary commands to the browser or replace system
files where standard Internet urls are stored (e.g.
the 'hosts' file in MS Windows).
Clickers are used:
1. To raise the hit-count of a specific site for advertising
2. To organize a DoS attack on a specified server or
3. To lead the victim to an infected resource where
the machine will be attacked by other malware (viruses
Commercial RAT : Any
commercial product that is normally used for remote
administration, but which might be exploited to do this
without user consent or awareness.
Constructor : Virus
writers use constructor utilities to create new malicious
programs and Trojans. It is known that constructors
to create macro-viruses and viruses for Windows are
in existence. Constructors can be used to generate virus
source code, object modules and infected files.
Some constructors come with a user interface where the
virus type, objects to attack, encryption options, protection
against debuggers and disassembles, text strings, multimedia
effects etc. can be chosen from a menu. Less complex
constructors have no interface, and read information
about the type of virus to be built from the configuration
Cracking Tool : Any
software designed to modify other software for the purpose
of removing usage restrictions. An example is a 'patcher'
or 'patch generator’, which will replace bytes
at specified locations in a file, rendering it a licensed
version. A music file ripper is a program that enables
the user to digitally copy songs from a CD into many
different formats such as MP3, WAV, or AIFC.
DDoS : A distributed
denial of service attack (DDoS) occurs when multiple
compromised systems flood the bandwidth or resources
of a targeted system, usually a web server(s). Script
kiddies use them to deny the availability of well known
websites to legitimate users. More sophisticated attackers
use DDoS tools for the purposes of extortion —
even against their business rivals
Dialer : A Dialer is a program that
uses the computer's modem to dial telephone numbers,
often without the user's knowledge and consent. A Dialer
can connect to a phone number that adds long distance
charges to the telephone bill without the user's knowledge
or permission. Dialers may be downloaded through exploits
and installed without notice and consent.
DoS : DoS is Denial
of Service Trojan. This is a DDoS (Distributed Denial
of Service) Trojan. It conducts a SYN Flood attack on
a number of servers in the bootcom.com domain. It works
under Windows NT. When launched, it creates a service
named Secure transactions provider, which covertly starts
each time the system boots up. The service launches
five threads, each of which sends TCP packets to one
of the servers under attack at high frequency, with
SYN flags set. This will cause the network to slow noticeably.
Always run in DOS mode.
Downloader : Downloader is a program
typically installed through an exploit or some other
deceptive means and that facilitates the download and
installation of other malware and unwanted software
onto a victim's PC. Downloader may download adware,
spyware or other malware from multiple servers or sources
on the internet.
DNSChanger : The DNSChanger
Trojan is usually a small file (about 1.5 kilobytes)
that is designed to change the 'NameServer' Registry
key value to a custom IP address. This IP address is
usually encrypted in the body of a Trojan. As a result
of this change a victim's computer will contact the
newly assigned DNS server to resolve names of different
webservers. And some of the resolved names will not
point to legitimate websites - they will point to fake
websites that look like real ones, but are created to
steal sensitive information (like credit card numbers,
logins and passwords).
Dropper : Spyware dropper
when run will install spyware. In other words dropper
is a carriage for malicious or spying software. Finding
it on your computer means that your computer is infected
with Dropper and crucial data could be endangered or
Encryption Tool : Any
software that can be used to scramble documents, software,
or systems so that only those possessing a valid key
are able to unscramble it. Encryption tools are used
to secure information; sometimes unauthorized use of
encryption tools in an organization is a cause for concern.
Error Hijacker : Any
software that resets your browser's settings to display
a new error page when a requested URL is not found.
Hijacks may reroute your info and address requests through
an unseen site, capturing that info. In such hijacks,
your browser may behave normally, but be slower.
Exploit : Exploits
use vulnerabilities in operating systems and applications
to achieve the same result. Or in other words, this
is a type of malware containing a piece of software,
a chunk of data, or sequence of commands that take advantage
of a bug, glitch or vulnerability in order to cause
unintended or unanticipated behavior to occur on computer
software. This frequently includes such things as gaining
control of a computer system or allowing privilege escalation
or a denial of service attack.
Fake Anti Spyware :
A Fake Anti Spyware is software that purports to scan
and detect malware or other problems on the computer,
but which attempts to dupe or badger users into purchasing
the program by presenting the user with intrusive, deceptive
warnings and/or false, misleading scan results. They
spuriously warn users that their computers have been
infected with spyware, directing them to purchase programs
which do not actually remove spyware or even worse,
may add more spyware of their own. It typically uses
aggressive, deceptive advertising and may be installed
without adequate notice and consent, often though exploits.
Firewall Killer :
Programs that alters/bypasses security system that uses
rules to block or allow connections and data transmission
between your computer and the Internet.
Flooder : A program
that overloads a connection by any mechanism, such as
fast pinging, causing a DoS attack. An E-Mail Flooder
is a program used to send mass e-mail to flood or disrupt
a PC or network.
FraudTool : These
are programs which look like any legitimate program
but usually download without users permission, entice
users into buying them by showing fake results to improve
users PC performance. They may also download spyware
and other unwanted programs.
FTP Server : When
installed without user awareness, an FTP server allows
an attacker to download / upload any file on the user's
GameThief : A threat
that attempts to steal vital information from the user
with regards to online gaming activity and is capable
of connecting to a remote site to download possible
updates of its application.
HackTool : HackTool
is a utility designed to penetrate remote computers.
These types of malware connect to the remote machines
and use them as zombies without any giving prior information
to the owner. Many hacktools download malicious programs
on the victim machines.
Hijacker : Hijackers
are software programs that modify users' default browser
home page, search settings, error page settings, or
desktop wallpaper without adequate notice, disclosure,
or user consent. When the default home page is hijacked,
the browser opens to the web page set by the hijacker
instead of the user's designated home page.
In some cases, the hijacker may block users from restoring
their desired home page.
Hoax : Hoax shows fake
security warnings that are quite annoying. The aim of
this spyware is to trick a computer user to download
third-party cleaning utilities, usually anti-spyware
Homepage Hijacker :
Any software that changes your browser's home page to
some other site. Hijacks may reroute your info and address
requests through an unseen site, capturing that info.
In such hijacks, your browser may behave normally, but
Hostile ActiveX : An
ActiveX control is essentially a Windows program that
can be distributed from a web page. These controls can
do literally anything a Windows program can do. A Hostile
ActiveX program does something that its user did not
intend for it to do, such as erasing a hard drive, dropping
a virus or Trojan into your machine, or scanning your
drive for tax records or documents.
Hostile Java : Browsers
include a ""virtual machine"" that
encapsulates the Java program and prevents it from accessing
your local machine. The theory behind this is that a
Java ""applet"" is really content
-- like graphics -- rather than full application software.
However, as of July, 2000, all known browsers have had
bugs in their Java virtual machines that would allow
hostile applets to ""break out""
of this ""sandbox"" and access other
parts of the system. Most security experts browse with
Java disabled on their computers, or encapsulate it
with further sandboxes/virtual-machines.
Hostile Script : A script is a text
file with a .VBS, .WSH, .JS, .HTA, .JSE, .VBE extension
that is executed by Microsoft WScript or Microsoft Scripting
Host Application, interpreting the instructions in the
script and acting on them. A hostile script performs
HTTP Server : When installed without
user awareness, an HTTP server allows an attacker to
use a web browser to view and thus retrieve information
collected by other software placed in the user's machine.
IM : A threat that
is capable to cause Denial-Of-Service attacks against
other instant messenger client systems.
Installer: A utility
that copies system software or an application from floppy
disks or a CD-ROM to your hard disk. An Installer may
also decompress the new files, remove obsolete files,
place extensions and control panels in their proper
folders, and/or create new folders.
IRC: Internet Relay
Chat or Computer conferencing on the Internet. There
are hundreds of IRC channels on numerous subjects that
are hosted on IRC servers around the world. After joining
a channel, your messages are broadcast to everyone listening
to that channel. The IRC client is a program that runs
on your computer and sends and receives messages to
and from an IRC server. Spyware utilize this free tool
to broadcast inappropriate or unwanted information.
IRC War : Any
tool that uses Internet Relay Chat for spoofing, eavesdropping,
sniffing, spamming, breaking passwords, harassment,
fraud, forgery, 'imposture', electronic trespassing,
tampering, hacking, nuking, system contamination including
without limitation use of viruses, worms and Trojan
horses causing unauthorized, damaging or harmful access
and/or retrieval of information and data on your computer
and other forms of activity that may even be considered
Joke Program : A Joke
Program is software that is designed to mimic the actions
of a virus but is not malicious and does not harm the
machine. Although some Low Risk Software programs may
track online habits -- as provided for in a privacy
policy or End User License Agreement (EULA) -- or display
advertising within the applications themselves, these
programs have only vague, minimal or negligible effects
on your privacy.
Keygen : Keygen is
a type of software which does not belong to particular
legitimate software company but it generates key or
more specifically cracks for legitimate software. Many
times such types of software are bundled with Spyware.
Keylogger (Keystroke Logger): A keylogger
is a program that captures and logs keystrokes on the
computer without the user's knowledge and consent. The
logged data is typically sent to a remote attacker.
The keylogger is usually hidden from the user and may
use cloaking (Rootkit) technology to hide from other
software in order to evade easy detection by anti-Spyware
KillAV : KillAV is
a Trojan that tries to terminate and/or remove any antivirus
software that is running on the computer.
Loader : Any
program designed to load another program.
Mail Bomber : Software
that will flood a victim's inbox with hundreds or thousands
of pieces of mail. Such mail generally does not correctly
reveal its source.
Mailer : A program
that creates and sends email with forged headers, so
that the source of the mail it sends cannot be traced.
Mailfinder : A tool
which finds email addresses on the internet for one
or more domains.
Malware : Malware is
a generic term for any malicious software designed to
disrupt the working of a network. Virus, worms and Trojans
fall under the category of Malware. Malware utilize
popular communication tools to spread, including worms
sent through email and instant messages, Trojan horses
dropped from web sites, and virus-infected files downloaded
from peer-to-peer connections. Malware seek to exploit
existing vulnerabilities on systems making their entry
quiet and easy.
Mass Mailer : Mass
mailer can spread through email by sending copies of
itself to everyone in the user's address book. A mass
mailer may consume a large amount of system resources
and cause the machine to become noticeably sluggish
Monitor : Monitoring
tools record each and every activity that user does
on his PC by taking frequent snapshots and mailing them
to the designated email address.
NetTool : These are programs which
enables you to remotely work on a computer in real time.
Malware programs take control of users’ PC and
can view, send, read any other program or information.
Notifier : The purpose
of these Trojans is to inform the author or ‘master’
that malicious code has been installed on the victim
machine and to relay information about the IP address,
open ports, e-mail address and so on. Trojan Notifiers
are typically included in a Trojan ‘pack’
that contains other malware.
Nuker : Nuker is a generic term for
several TCP/IP DoS attacks. In some cases, it selects
some folders and deletes them. Through TCP/IP it sends
packets to targeted computers containing malicious programs
which may destroy some specified data.
Peer-to-peer (P2P) is a method of file sharing over
a network in which individual computers are linked via
the Internet or a private network to share programs/files,
often illegally. Many P2P programs bundle third-party
advertising programs, and are currently the second largest
source of virus, Trojan and data mining infections.
Packed : Spyware files which are compressed
as they make their work undetectable by anti-virus products.
Packer : A utility
which compresses a file, encrypting it in the process.
It adds a header that automatically expands the file
in memory, when it is executed, and then transfers control
to that file.
Password Capture : A variant of the
keylogger that captures passwords as they are entered
or transmitted. Some password captures Trojans impersonate
the login prompt, asking the user to provide their password.
Password Cracker : A tool to decrypt
a password or password file. Password crackers have
legitimate uses by security administrators, who want
to find weak passwords in order to change them and improve
Password Cracking Word List
: A list of words that a brute force password
cracker can use to muscle its way into a system.
Phreaking Tool : Any
executable that assists in hacking the phone system,
such as by using a sound card to imitate various audible
A ping of death (abbreviated “POD”) is a
type of attack on a computer that involves sending a
malformed or otherwise malicious ping to a computer.
A ping is normally 64 bytes in size; many computer systems
cannot handle a ping larger than the maximum IP packet
size, which is 65,535 bytes. Sending a ping of this
size often crashes the target computer.
Traditionally, this bug has been relatively easy to
exploit. Generally, sending a 65,536 byte ping packet
is illegal according to networking protocol, but a packet
of such a size can be sent if it is fragmented; when
the target computer reassembles the packet, a buffer
overflow can occur, which often causes a system crash.
Porn-Tool : Porn-Tool is an application
designed to access pornographic content on a remote
Pornware : Pornware is the generic
term used to describe malware-related programs that
either use the computer’s modem to connect to
pornographic pay-to-view services, or download pornographic
content from the web, without the consent of the user.
Port Scanner : In hacker
reconnaissance, a port scan attempts to connect to all
65536 ports on a machine in order to see if anybody
is listening on those ports. Port scans are always automated
through tools called Port Scanners.
Probe Tool : A tool
that explores another system, looking for vulnerabilities.
While these can be used by security managers, wishing
to shore up their security, the tools are as likely
used by attackers to evaluate where to start an attack.
An example is an NT Security Scanner.
Proxy : Proxy Trojan
turns the victim's computer into a proxy server. This
gives the attacker the opportunity to do everything
from your computer, including the possibility of conducting
credit card fraud and other illegal activities, or even
to use system to launch malicious attacks against other
1. Connect to some proxy site
2. Has proxy related information into it
3. Sends mails via this proxy. So has mail related info.
Or SMTP port
4. Sending data out. (SYN_SENT)
PSW: This family of
Trojans steals passwords, normally system passwords
from victim machines. They search for system files,
which contain confidential information such as passwords
and Internet access telephone numbers and then send
this information to an email address coded into the
body of the Trojan. The ‘master’ or user
of the illegal program will then retrieve and misuse
Most common behavior:
1. Ask for password using fake window
2. Change ICQ, MSN and AOL configuration
3. Get cached Windows passwords
PUP: PUP or Potentially
unwanted program is a term used to describe unwanted
programs such as Trojans, Spyware and Adware which come
bundled along with other malware.
Ransom : Ransom are Trojans that demand
money in exchange for fixing some menace they create
on your PC such as encrypt files or threaten to delete
RAT : A Remote Administration Tool,
or RAT, is a Trojan that when run, provides an attacker
with the capability of remotely controlling a machine
via a ""client"" in the attacker's
machine, and a ""server"" in the
RemoteAdmin : These
are programs which enables you to remotely work on a
computer in real time. Malware programs take control
of users’ PC and can view, send, read any other
program or information.
RiskTool : This is
an application that is not necessarily harmful if properly
installed by the user or administrator of the PC, but
which could be harmful or disruptive to the user, PC,
or network if deployed by unauthorized parties for potentially
Rootkit : A Rootkit
is a collection of tools (programs) that enable administrator-level
(root) access to a computer or computer network. A Rootkit
may consist of spyware and other programs that: monitor
traffic and keystrokes; create a "backdoor"
into the system for the hacker's use; alter log files;
attack other machines on the network; and alter existing
system tools to escape detection. They are usually hidden
and difficult to clean as they ingranulate deeply within
the Registry and system files.
Search Hijacker: Any
software that resets your browser's settings to point
to other sites when you perform a search. Hijacks may
reroute your info and address requests through an unseen
site, capturing that info. In such hijacks, your browser
may behave normally, but be slower. Search results when
such a hijacker is running will sometimes differ from
SMS : This malware
pretends to allow users to visit WAP sites without using
a WAP connection or other programs by sending and receiving
free SMSs but in fact sends SMS at premium rate numbers
at $5-$6 per SMS.
Sniffer : A program
and/or device that monitors data traveling over a network.
Sniffers can be used both for legitimate network management
functions and for stealing information off a network.
Unauthorized sniffers can be extremely dangerous to
a network's security because they are virtually impossible
to detect and can be inserted almost anywhere. Sniffer
may be able to read the data in the packet as well as
the source and destination addresses.
SpamTool : This program
is designed to send spam to email addresses harvested
from the victim computer. In addition to wasting people's
time with unwanted e-mail, spam also eats up a lot of
network bandwidth. When sending spam e-mails, the Trojan
can generate fake senders e-mail addresses automatically.
It is remotely controlled and can upgrade its file from
Spoofer : To spoof
is to forge your identity. These attacks use spoofed
packets against amplifiers in order to overload the
victim's connection. This is done by sending a single
packet to a broadcast address with the victim as the
source address. All the machines within the broadcast
domain then respond back to the victim, overloading
the victim's Internet connection. Since smurfing accounts
for more than half the traffic on some backbones, ISPs
are starting to take spoofing seriously and have started
implementing measures within their routers that verify
valid source addresses before passing the packets.
Spyware: Any software
that covertly gathers user information through the user's
Internet connection without his or her knowledge, usually
for advertising purposes. Spyware applications are typically
bundled as a hidden component of freeware or shareware
programs that can be downloaded from the Internet. Once
installed, the spyware monitors user activity on the
Internet and transmits that information in the background
to someone else. Spyware can also gather information
about e-mail addresses and even passwords and credit
StartPage: This Trojan
modifies the configuration of Microsoft Internet Explorer
without the knowledge or consent of the user.
Surveillance : Any
software designed to use a webcam, microphone, screen
capture, or other approaches to monitor and capture
information. Some such software will transmit this captured
information to a remote source.
Telnet Server : Software
that allows a remote user of a Telnet client to connect
as a remote terminal from anywhere on the Internet and
control a computer in which the server software is running.
Toolbar : A Toolbar
is a type of browser plug-in that adds a third-party
utility bar to the web browser, usually just below or
next to the browser's address bar. A Toolbar typically
has a search function and provides search results for
Tracking Cookies :
Tracking cookies allow multiple web sites to store and
access records that may contain personal information
(including surfing habits, user names and passwords,
areas of interest, etc.), and subsequently share this
information with other web sites and marketing firms.
Trackware : Programs
that track system activity, gather system information,
or track user habits and relay this information to third-party
Trojan : A destructive
program that masquerades as a benign application. Unlike
viruses, Trojan horses do not replicate themselves but
they can be just as destructive. One of the most insidious
types of Trojan horse is a program that claims to rid
your computer of viruses but instead introduces viruses
onto your computer.
Trojan Horse : A Trojan
Horse portrays itself as something other than what it
is at the point of execution. While it may advertise
its activity after launching, this information is not
apparent to the user beforehand. A Trojan Horse neither
replicates nor copies itself, but causes damage or compromises
the security of the computer. A Trojan Horse must be
sent by someone or carried by another program and may
arrive in the form of a joke program or software of
some sort. The malicious functionality of a Trojan Horse
may be anything undesirable for a computer user, including
data destruction or compromising a system by providing
a means for another computer to gain access, thus bypassing
normal access controls.
Usage Track : Usage
tracks permit any user (or their software agent) with
access to your computer to see what you've been doing.
Such tracks benefit you if you have left the tracks,
but might benefit another user as well.
VirTool : Any program
intended to be used to create viruses, accepting user
input to make the created viruses different from others
created by the program.
Virus Creation Tool : A
program designed to generate viruses. Even early virus
creation tools were able to generate hundreds or thousands
of different, functioning viruses, which were initially
undetectable by current scanners.
Virus: A computer virus is a computer
program that can copy itself and infect a computer without
permission or knowledge of the user. A virus might corrupt
or delete data on your computer, use your e-mail program
to spread itself to other computers, or even erase everything
on your hard disk. It often attaches itself to an executable
file or an application. A computer virus is not standalone
and needs a host file or program to work or replicate.
War Dialer : (demon-dialling, carrier-scanning)
War-dialing was popularized in the 1983 movie War Games.
It is the process of dialing all the numbers in a range
in order to find any machine that answers. Many corporations
have desktop computers with attached modems; attackers
can dial in order to break into the desktop, and thereafter
WebToolbar : A group
of buttons which perform common tasks. A toolbar for
Internet Explorer is normally located below the menu
bar at the top of the form. Toolbars may be created
by Browser Helper Objects. They allow malware programs
to monitor internet activities.
Worm : A Worm is a
malicious program that spreads itself without any user
intervention. Worms are self-replicating. Worms spread
without attaching to or infecting other programs and
files. A Worm can spread across computer networks via
security holes on vulnerable machines connected to the
network. Worms can also spread through email by sending
copies of itself to everyone in the user's address book.
A Worm may consume a large amount of system resources
and cause the machine to become noticeably sluggish
Worm Creation Tool :
A program designed to generate worms. Worm creation
tools can often generate hundreds or thousands of different,
functioning worms, most of which are initially undetectable
by current scanners.