This glossary lists terms you may come across when reading about online security and threats. If you find a term you don't recognize, check here to find out what it means. Bookmark this page as a quick and handy reference.
A targeted cyberespionage or cybersabotage attack that is usually sponsored by a nation state with the goal of stealing information from an organization. The motivation behind an advanced persistent threat is to gain information for military, political, or economic advantage.
Software that automatically plays, displays, or downloads advertisements to a computer, often in exchange for the right to use a program without paying for it. The advertisements seen are based on monitoring of browser habits. Most adware is safe to use, but some can serve as spyware, gathering information about you from your hard drive, the websites you visit, or even your keystrokes. Certain types of adware have the capability to capture or transmit personal information.
Google's brand name for its Linux-based operating system for mobile devices (smartphones and tablets).
A type of application that defends against the threats that spam poses (such as viruses, phishing attempts, and denial-of-service attacks) and reduces the amount of spam entering an email system.
A type of software that scans a computer's memory and disk drives for viruses. If it finds a virus, the application informs the user and may clean, delete, or quarantine any files, directories, or disks affected by the virus. The term antimalware is preferred because it covers more threats.
A type of fraud or theft that occurs when an ATM is compromised with a skimming device. A card reader that can be disguised to look like a part of the machine. The card reader collects victims' account information and personal identification numbers (PIN).
The program that automatically updates McAfee software with the latest detection definition (.DAT) files and scan engine.
Computer programmers often build backdoors into software applications so they can fix bugs. If hackers or others learn about a backdoor, the feature may pose a security risk. It can also be referred to as a trap door.
A backup is a duplicate copy of data made for archiving purposes or for protection against damage and loss. A backup is usually kept physically separate from the originals for recovery when originals are damaged or lost.
Hackers who gain unauthorized access into a computer system or network with malicious intent. They may use computers to attack systems for profit, for fun, for political motivations, or as part of a social cause. Such penetration often involves modification and/or destruction of data, as well as distribution of computer viruses, Internet worms, and delivery of spam through the use of botnets.
A list of known sources of unwanted email used for filtering spam. A blacklist can also be a list of websites that are considered to be dangerous because they exploit browser vulnerabilities or send spyware and other unwanted software to users.
A general description for malicious programs that combine elements of multiple types of malware: viruses, worms, Trojans, etc.
A wireless technology commonly used to wirelessly link phones, computers, and other network devices over short distances. It can also be used to exchange data over short distances.
Short for "robot," a computer that has been infected with malicious software without the user's knowledge. Once the computer has been affected, a cybercriminal can send commands to it and other infected machines over the Internet. Since the compromised computers blindly follow the commands of the cybercriminals, infected machines are also called zombies.
Short for "robot network," a botnet is a network of hijacked computers controlled remotely by a hacker. The hacker can use the network to send spam and launch Denial of Service (DoS) attacks, and may rent the network to other cybercriminals. A single computer in a botnet can automatically send thousands of spam messages per day. The most common spam messages come from zombie computers.
A type of malware that alters your computer's browser settings so that you are redirected to websites that you had no intention of visiting. Most browser hijackers alter browser home pages, search pages, search results, error message pages, or other browser content with unexpected or unwanted content.
A hacking method used to find passwords or encryption keys by trying every possible combination of characters until the correct one is found.
An unintentional fault, error, failure, or mistake in a software program that can produce an incorrect or unexpected result or cause a program to behave in unintended ways.
Pronounced like "cash," a cache stores recently used information in a place where it can be accessed extremely fast. Computers have a disk cache; this stores information that the user has recently read from the hard disk. Web browsers also use a cache to store the pages, images, and URLs of recently visited websites on the user's hard drive. When users visit web pages that they have been to recently, the pages and images don't have to be downloaded again.
This is the practice of causing the telephone network to display a false number on the recipient's caller ID. A number of companies provide tools that facilitate caller ID spoofing. Voice over Internet Protocol (VoIP) has known flaws that allow for caller ID spoofing. These tools are typically used to populate the caller ID with a specific bank or credit union, or just with the words "Bank" or "Credit Union."
A technique used by thieves to verify the validity of stolen card data. The thief will use the card information on a website that has real-time transaction processing. If the transaction is processed successfully then the thief knows the card is still good. The purchase is usually for a small amount to avoid using the card's limit and to avoid attracting the attention of the card owner.
A radio network that is distributed over land areas called cells. Each cell is associated with a radio transceiver, when the cells are joined together they can provide radio coverage over a wide geographic area allowing mobile phones to communicate with each other.
When a thief steals the identities of children to use for fraudulent financial transactions. It can take years before the theft is discovered, often the victims discover this when they engage in their first financial transactions. The dangers associated with child identity theft include damaged credit and income tax liability.
Cloud computing refers to applications and services that are offered over the Internet. These services are offered from data centers around the world that collectively are referred to as the "cloud."
A noncash payment transaction that doesn't need a physical connection between the payment device, which can be a number of things ranging from traditional plastic cards to mobile phones, and the physical point-of-sale terminal (for example, a cash register).
Malicious software such as viruses, Trojan horses, spyware, and other programs used to commit crimes on the Internet including identity theft and fraud.
When a criminal fraudulently identifies himself to police as another individual at the point of arrest. In some cases criminals have previously obtained state-issued identity documents using credentials stolen from others, or have simply presented fake identification.
Bullying that takes place in cyberspace. This includes the Internet and mobile phone communication. It may involve harassing, threatening, embarrassing, or humiliating someone online.
A criminal activity done using computers and the Internet. This can take many shapes and forms, such as downloading illegal music files to stealing money from online bank accounts. Cybercrime can also include nonmonetary offenses, such as creating and distributing viruses. One of the most prominent cybercrime offenses is when cybercriminals use the Internet to steal personal information from others and commit identity theft.
Cybercriminals are hackers, crackers, and other malicious users who use the Internet to commit crimes such as identity theft, PC hijacking, illegal spamming, phishing and pharming, and other types of fraud.
Cybergangs are groups of hackers, crackers, and other cybercriminals that pool their resources to commit crimes on the Internet. Organized crime is often involved in cybergang activity.
Registering, trafficking in, or using a domain name with malicious intent to profit from the goodwill of a trademark or brand name belonging to someone else. The cybersquatter then offers to sell the domain to the person or company who owns a trademark contained within the name at an inflated price. Cybersquatters also sometimes register variations of popular trademarked names as a way of distributing their malware.
Also known as a data file, these files are used to update software programs, sent to users via the Internet. .DAT files contain up-to-date virus signatures and other information antivirus products use to protect your computer against virus attacks. .DAT files are also known as detection definition files and signatures.
A broad term to describe information that has been translated into a form that is more convenient to move or process.
Data can be in the form of text documents, images, audio files, software programs, and many more forms. Data can be processed on a computer or a mobile device, such as a mobile phone or tablet.
A change made to the home page or other key pages of a website by an unauthorized individual or process, usually unknown to the website owner.
The password on a system when it is first delivered or installed.
An attack specifically designed to prevent a system from functioning properly as well as denying access to the system by authorized users. Hackers can cause denial-of-service attacks by destroying or modifying data or by overloading the system's servers until service to authorized users is delayed or prevented.
Dialers include software programs that redirect Internet connections to a party other than the user's default ISP and are designed to run up additional connection charges for a content provider, vendor, or other third party.
Method of breaking into a password-protected computer, mobile device, or online account by entering every word in a dictionary as a password.
A type of denial-of-service (DoS) attack in which more than one traffic generator directs traffic to a targeted URL. Traffic-generating programs are called agents, and the controlling program is the master. DoS agents receive instruction from a master to carry out an attack, which is designed to disable or shut down the targeted URL.
This is a name that identifies a website; for example, mcafee.com is the domain name of McAfee's website. Each domain name is associated with an IP address. Domain names are used in URLs to identify particular web pages.
This is the process in which data is sent to your computer. Whenever you receive information from the Internet, you are downloading it to your computer. For example, you may have to download an update for your web browser. The opposite of this process, is sending information to another computer is called uploading.
A program that is automatically downloaded to your computer without your consent or even your knowledge. It can install malware or potentially unwanted programs merely by your viewing an email or website.
This is an executable file, created specifically to introduce a virus, worm, or Trojan on a computer system.
The practice of sifting through commercial or residential trash in the hopes of finding information to steal or commit fraud.
Encryption is a security method of coding or scrambling data so that it can be decoded or read only by authorized users. This is commonly used to secure websites, online purchases, and other transactions.
A type of computer file that when opened runs a program or series of instructions contained in the file. These types of files have the potential to be dangerous since they run code when opened, and are often used by cybercriminals to distribute viruses, malware, and spyware.
A piece of software that takes advantage of a bug, glitch, or design flaw in software in order to cause unintended or unanticipated behavior on computer software. This can include gaining control of a computer system, changing access privileges, or denying access or resources to users.
An error that occurs when antivirus software fails to detect that an infected file is truly infected. False negatives are more serious than false positives, although both are undesirable. False negatives are more common with antivirus software because they may miss a new or a heavily modified virus.
An error that occurs when antivirus software wrongly claims that a virus is infecting a clean file. False positives usually occur when the string chosen for a given virus signature is also present in another program.
A piece of hardware or software that is designed to block unauthorized access while permitting authorized communications. It is configured to permit or deny network transmissions based upon a set of rules. They are designed to protect the network's resources from users on other networks.
Term used to describe the capability to detect and record where you and other people are located. Geolocation information can be obtained in a number of ways, including using data from a user's IP address, MAC address, RFID, Wi-Fi connection location, or GPS coordinates.
Process of adding geographical identification data to various types of media, such as a photograph or video taken with your camera or mobile device. This data usually consists of latitude and longitude coordinates, and they can also contain altitude, bearing, distance, and place names.
Software that is based on a satellite navigation system that provides location and time information anywhere on the Earth where there is a clear line of sight from the device that the software is being used on to four or more GPS satellites.
New mobile phones have this software and can calculate the position of the device by using signals received from multiple GPS satellites. Mobile phone users can use the software to see where they are located on a map, route them to a desired location, and show them different routes to reach their destination.
Skilled hackers who sometimes act legally, sometimes in good will and sometimes not. They are a hybrid between white and black hat hackers. They usually do not hack for personal gain or have malicious intentions, but may or may not occasionally commit crimes during the course of their technological exploits.
A broad term for a person who uses programming skills and technical knowledge to create and modify computer software and hardware by finding weaknesses and exploiting them, including computer programming, administration, and security-related items. Hackers can be motivated by a number of reasons both positive and negative, such as profit, protest, or challenge. Criminal hackers create malware in order to commit crimes. See also: malware, cybercriminals, cybergangs.
In the early days of computing, hacker was a term used to describe a programmer who had a curiosity and appreciation of programs and systems and how they worked. Over time, however, the term gained a negative connotation and began to refer to someone who uses the knowledge to break into other people's systems to steal information and cause havoc. We also call programmers who use their skills for harm "crackers."
A vulnerability in the design software and/or hardware that allows the circumvention of security measures.
A term often used to describe the computer file to which a virus attaches itself. Most viruses run when the computer or user tries to use the host file.
A hotspot is a site that offers Internet access over a wireless connection. Hotspots typically use Wi-Fi technology and are generally found in coffee shops and various other public locations.
A clickable word, phrase, or image on a website that once clicked takes the user from one web page to another, or to another resource on the Internet. They are typically underlined or set apart by a different color. When you move your cursor over a hyperlink, whether text or image, the arrow should change to a small hand pointing at the link.
A virus is "in the wild" (ITW) if it is verified as having caused an infection outside a laboratory situation. Most viruses are in the wild and differ only in prevalence.
This term refers to the condition of a file after a virus, spyware, or malware has inserted malicious code into it. Computer systems are infected if a virus or Trojan is installed and running on that system. Static malware, such as viruses and Trojans with entirely malicious code, is also said to be infected. If a potentially unwanted program is installed on a system, the system is not considered infected, even though there may be other consequences.
Infection is the action a virus carries out when it enters a computer system or storage device.
People who supply stolen data but do not necessarily use it to commit fraud. The information obtained by harvesters is sold to criminal networks that trade the information in Internet back alleys.
A number 15 or 17 digits in length that is unique to each mobile phone and tablet. It is used to identify users on the Global System for Mobile Communications (GSM) and the Universal Mobile Telecommunications System (UMTS). It is usually found printed inside the battery compartment of the phone. If a mobile phone is lost or stolen, the owner can call the network provider and instruct them to blacklist the phone based on the IMEI number and make it useless on the network.
A unique identification associated with all Global System for Mobile Communications (GSM) and Universal Mobile Telecommunications System (UMTS) network mobile phone users. The IMSI is a unique number identifying a GSM subscriber stored inside the subscriber identity module (SIM).
An IP address is a unique numerical label assigned to a device, such as a computer or other device on a network, including the Internet. IP addresses allow computers, routers, printers, and other devices to identify one another to communicate.
Apple's brand name for its mobile operating system.
Process of removing limitations imposed by Apple on devices running the iOS operating system (iPhone, iPad, and iPod). Users do this to gain root access to the operating system to be able to install apps obtained through means other than the official App Store. While this can allow the user greater control of what is installed on the device, it can also cause data corruption and make the device less secure.
Software that tracks or logs the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. This is usually done with malicious intent to collect information including instant messages, email text, email addresses, passwords, credit card and account numbers, addresses, and other private data.
A service accessible by mobile devices that uses information on the geographical position of the mobile device. Applications like this can help locate the nearest coffee shop or ATM, receive a warning about a nearby traffic jam, or see an ad for a local sale or promotion.
An excessively large email (typically many thousands of messages) or one large message sent to a user's email account. This is done to crash the system and prevent genuine messages from being received.
A mobile application (app) disguised as a legitimate app that can contain viruses, worms, Trojan horses, malware, spyware, or any other items that may harm user devices or personal data. Once a malicious app is downloaded, it can wreak havoc in multiple ways including sending text messages to premium-rate numbers, taking control of the infected device, and downloading the user's contact lists. Cybercriminals distribute malicious apps through legitimate app stores like Google Play by masquerading as a legitimate app.
A piece of code designed to damage a system and the data it contains, gather sensitive information, gain unauthorized access, or to prevent the system from being used in its normal manner.
This is usually executed by hiding malicious code within relatively safe-looking online advertisements. These ads can lead a victim to unreliable content or directly infect a victim's computer with malware, which may damage a system, access sensitive information, or even control the computer through remote access.
A generic term used to describe any type of software or code specifically designed to exploit a computer or the data it contains, without consent. Malware includes viruses, Trojan horses, spyware, adware, most rootkits, and other malicious programs.
A hardware identification number that is a unique code assigned to every piece of hardware that connects to the Internet. This includes Internet-capable phones, network interface cards for desktop and notebook computers, wireless access cards, and even some memory cards. The MAC address is manufactured into every network card, such as an Ethernet card or Wi-Fi card, and can't be changed.
This occurs when someone uses a person's name and sometimes other parts of their identity—such as insurance information—without the person's knowledge or consent to receive benefits such as treatments, prescriptions, or other medical services in another person's name. The dangers of medical identity theft include being denied health coverage, or being given the wrong treatment. (The doctor could be given the wrong medical history, such as a different blood type.)
A web browser that is designed and optimized to display content on a mobile device. Mobile browsers are used on mobile devices to browse the Internet, just as a web browser is used on a computer.
Mobile service providers have data plans that allow users to access the Internet (including sending and receiving email, using apps and GPS) anywhere a mobile phone signal can be accessed. Data plans are based on the number of gigabytes (GBs) of data that are uploaded and downloaded from the Internet per month via a smartphone or a tablet.
Software with a malicious purpose that commonly performs actions without a user's knowledge. It may be designed to disable your phone, remotely control your device, send unsolicited messages to the user's contact list, make charges to the user's phone bill, or steal valuable information. Mobile malware uses the same techniques as PC malware to infect mobile devices.
An alternative payment where a consumer can use their mobile phone to make a payment, instead of using cash or credit cards. This is sometimes referred to as a mobile wallet.
Also known as SMS spam, text spam, or mobile spamming. Mobile phone spam is unsolicited and generally unwanted commercial advertisements that are sent to a user's mobile phone by way of text messaging.
A standard way to send messages that includes multimedia content to and from mobile phones. The most popular use is to send photos, but it can also be used for delivering videos, text pages, and ringtones.
A set of standards for smartphones and similar devices to establish radio communication with each other by touching them together or bringing them into close proximity, usually no more than a few inches or centimeters. This technology is currently being used for contactless payment transactions and data exchange.
A network can consist of two or more computers, mobile devices (phones and tablets), gaming devices, Internet connected TVs, etc. connected to each other. Networks can be connected by cables or wirelessly. The purpose of a network is to share files and information.
An attempt to obtain or decrypt a user's password for illegal use. Hackers can use cracking programs, dictionary attacks, and password sniffers in password attacks. Defense against password attacks is rather limited but usually consists of a password policy including a minimum length, unrecognizable words, and frequent changes.
Software designed to enable a user or administrator to recover lost or forgotten passwords from accounts or data files. In the hands of an attacker, these tools offer access to confidential information and are a security and privacy threat.
The use of a sniffer (software or a device that monitors a network and makes a copy of data sent over a network) to capture passwords as they cross a network. The network could be a local area network, or the Internet itself.
Malware specifically used to transmit personal information, such as usernames and passwords.
The "cargo" code in a virus rather than the portions used to avoid detection or replicate. The payload code can display text or graphics on the screen, or it may corrupt or erase data. Not all viruses contain a deliberate payload. However, these codes affect CPU usage, hard disk space, and the time it takes to clean viruses. Payload can also refer to the data or packets sent during an attack.
A distributed system of file sharing in which any computer on the network can see any other computer on the network. Users can access each others' hard drives to download files. This type of file sharing is valuable, but it brings up copyright issues for music, movies, and other shared-media files. Users are also vulnerable to viruses, Trojans, and spyware hiding in files.
Any information that, by itself or when combined with other information, can identify an individual.
The process of redirecting traffic to a fake website, often through the use of malware or spyware. A hacker sets up a fraudulent website that looks like a legitimate website in order to capture confidential information from users.
A form of criminal activity using social engineering techniques through email or instant messaging. Phishers attempt to fraudulently acquire other people's personal information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication. Typically, phishing emails request that recipients click on the link in the email to verify or update contact details or credit card information. Like spam, phishing emails are sent to a large number of email addresses, with the expectation that someone will act on the information in the email and disclose their personal information. Phishing can also happen via text messaging or phone.
The practice of gaining unauthorized access to a system by exploiting an authorized user's legitimate connection without their explicit permission or knowledge.
Often legitimate software (nonmalware) that may alter the security state or the privacy of the system on which they are installed. This software can, but not necessarily, include spyware, adware, keyloggers, password crackers, hacker tools, and dialer applications and could be downloaded in conjunction with a program that the user wants.
The isolation of files that are suspected of containing a virus, spam, suspicious content, or PUPs. Quarantined files cannot be opened or executed.
A two-dimensional code that can be scanned with a QR barcode reader or a camera-enabled smartphone with QR reader software. Once a QR code is scanned, it can direct a user to just about anything: a web page, call a phone number, or an SMS text message. QR codes provide organizations with a quick and easy way to direct their customers to online content. QR codes are often found in magazines, product packaging, on advertisements, online, and in other marketing collateral.
A generic term to describe a system that transmits the identity (in the form of a unique serial number) of an object or person wirelessly using radio waves.
Malicious software created by a hacker to restrict access to the computer system that it infects and demand a ransom paid to the creator of the malicious software for the restriction to be removed. Some forms of ransomware may encrypt files on the system's hard drive, while others may simply lock the system and display messages to coax the user into paying.
A method used to direct someone or something to a different place than was intended. Cybercriminals can use these to route a legitimate website's traffic to a counterfeit website.
Software designed to give an administrator remote control of a system. Hackers can install malicious RAT software on a computer without the user's knowledge and take control of it remotely without the user's knowledge. RATs can be installed by opening an infected attachment, clicking links in a popup window, or through any other software that poses as legitimate.
The process by which a virus makes copies of itself to carry out subsequent infections. Replication is one of the major criteria separating viruses from other computer programs.
Any program intended to damage programs or data, or to breach a system's security. It includes Trojan horse programs, logic bombs, and viruses.
A way that users of mobile devices (mobile phones, tablet PCs, and other devices running the Android operating system) hack their devices to gain privileged access to the operating system. This gives the user the ability to alter or replace system applications and settings, run apps that require administrator permissions, or perform operations that otherwise would have not been possible.
A stealthy type of malware that is designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer. Rootkits are the hardest type of invasive software to detect and nearly impossible to remove. As eluded to in the name, they dig into the root of a hard drive. They are designed to steal passwords and identifying information.
A common trick cybercriminals use to make users think that their computer has become infected with malware to get them to purchase a fake application. Often the fake application that the user is tricked into purchasing is actually a malicious program which can disable real antivirus software and wreak havoc on a user's machine.
A program that searches information on the Internet for specified keywords and returns a list of where the information can be found. They have electronic catalogs of millions of sites on the Internet so that once a user types in a keyword or set of keywords into the search engine, it can quickly direct the user to websites containing information based on the keyword. Google, Yahoo, and Bing are all examples of search engines.
Software provided to users without payment on a trial basis and is usually offered with limited features. Shareware requires payment to the author for full rights. If, after trying the software, you do not intend to use it, you simply delete it. Using unregistered shareware beyond the evaluation period is pirating. Also known as trialware or demoware.
Telephone numbers shorter than full telephone numbers that can be used only for messaging on mobile phones. They are designed to be easier to read and remember. Short codes are widely used for value-added services such as television program voting, ordering ringtones, charity donations, and mobile services. Messages sent to a short code can be billed at a higher rate than a standard text message and may even subscribe a customer to a recurring monthly service that will be added to the their mobile phone bill until the user texts the word "STOP"(for example) to terminate the service.
A form of text messaging on mobile phones.
The use of direct observation techniques, such as looking over someone's shoulder, to get information. A criminal can get access to your personal identification number (PIN) or password by watching over your shoulder as you use an automated teller machine (ATM) or type on your computer.
Data files containing detection and/or remediation code that antivirus or antispyware products use to identify malicious code.
A small electronic card, approximately the size of a postage stamp, that is placed underneath a mobile phone's battery. The SIM card stores data such as user identity, location phone number, network authorization data, personal security keys, contact lists, and stored text messages.
A mobile device that combines the functions of a wireless phone and functions typically associated with a computer. These functions include email access, the ability to browse the Internet, access to online banking, synchronization between the device and a computer, as well as many more functions.
The act of using social engineering techniques similar to phishing but via text messaging. The name is derived from "SMS (Short Message Service) phishing." SMS is the technology used for text messages on mobile phones. SMiShing uses text messages to try and get you to divulge your personal information. The text message may link to a website or a phone number that connects to automated voice response system.
Software or device that monitors network traffic. Hackers use sniffers to capture data transmitted over a network.
The act of manipulating people into performing actions or divulging confidential information. It relies on human interactions, such as trying to gain the confidence of someone through trickery or deception for the purpose of information gathering, fraud, or computer system access. This can take many forms, both online and offline.
An unwanted electronic message, most commonly unsolicited bulk email. Typically, spam is sent to multiple recipients who did not ask to receive it. Types include email spam, instant messaging spam, web search-engine spam, spam in blogs, and mobile phone-messaging spam. Spam includes legitimate advertisements, misleading advertisements, and phishing messages designed to trick recipients into giving up personal and financial information. Email messages are not considered spam if a user has signed up to receive them.
The act of sending an email that appears to come from a legitimate source, such as a bank, a company's internal IT department, an internal employee, or a business partner. While phishing uses mass email, spear phishing targets a very small number of recipients. The email sender information may be spoofed so the email appears to originate from a trusted source. Messages typically request username and password details, provide a link to a website where visitors can enter personal information, or have an attachment containing a virus, Trojan, or spyware.
A type of spam specific to instant messaging. The messages can be simple unsolicited ads or fraudulent phishing mail.
A combination of the words spam and blog that has been created for the purpose of distributing spam. Splogs contain fake articles created for search engine spamming. Splogs are created to attract people to spam sites, primarily via search engines.
A website that mimics a real company's site—mainly financial services sites—in order to steal private information (passwords, account numbers) from people tricked into visiting it. Phishing emails contain links to the counterfeit site, which looks exactly like the real company's site, down to the logo, graphics, and detailed information.
Spoof means to hoax, trick, or deceive. Spoofing can take many forms on the Internet, like faking the email address of another user. A spoofed website is one that mimics a real company's site—mainly financial services sites—to steal private information (passwords, account numbers) from people tricked into visiting it.
Spyware spies on a user's computer. Spyware can capture information like web browsing habits, email messages, usernames and passwords, and credit card information. Just like viruses, spyware can be installed on a computer through an email attachment containing malicious software.
A portable computer that uses a touchscreen as its primary input device. Most tablets are small and weigh less than the average laptop.
Process of connecting your mobile phone to a laptop or similar data device using a data cable or wirelessly via Bluetooth. This is commonly done to connect a device, such as a laptop, to the Internet using a mobile phone.
The process of sending or receiving written messages using a mobile phone. Texting is a common form of communication among mobile phone users. See also: Short Message Service (SMS).
A malicious action triggered at a specific date or time.
An action built into a virus that is set off by a specific condition. Examples include a message displayed on a specific date or reformatting a hard drive after the 10th execution of a program.
Malicious programs disguised as legitimate software. Users are typically tricked into loading and executing it on their systems. One key factor that distinguishes a Trojan from viruses and worms is that Trojans don't replicate.
A virus technique designed to prevent antivirus applications from working correctly. Antivirus programs work by intercepting the operating system before it can execute a virus. Tunneling viruses try to intercept the actions before the antivirus software can detect the malicious code. New antivirus programs can recognize many viruses with tunneling behavior.
Also known as URL hijacking, it relies on mistakes such as typographical errors made by Internet users when inputting a website address into a browser. If the user accidentally enters the incorrect website address, they are lead to an alternative website that usually is designed for malicious purposes.
A computer program file capable of attaching to disks or other files and replicating itself repeatedly, typically without user knowledge or permission. Some viruses attach to files so when the infected file executes, the virus also executes. Other viruses sit in a computer's memory and infect files as the computer opens, modifies, or creates the files. Some viruses display symptoms, and others damage files and computer systems, but neither is essential in the definition of a virus.
The criminal practice of posing as a legitimate source to obtain information over the telephone system (phishing via phone/ voicemail). It is facilitated by Voice over IP because it can spoof (fake) caller ID to gain access to personal and financial information.
Telephone service that uses the Internet as a global telephone network. Skype is an example of a VoIP offering for both regular and mobile phones.
An exploitable defect in a software application or operating system that allows hackers to crash systems, access information on systems, or use systems for their own purposes.
Process in which a computer is used to automatically call a list of telephone numbers, usually dialing every number in a local area code to search for computers and fax machines that can successfully make a connection with the computer. When each call is made, the program makes a list of which numbers made a successful connection with a computer and a fax machine. That list can be later used by hackers for various reasons, including hacking a wireless access point with an unprotected login or an easily cracked password to gain access to a network.
The act of stealing personal information by driving around looking for unsecured wireless connections (networks) using a portable computer or a personal digital assistant (PDA). If your home wireless connection is not secured, thieves can access data on all the computers you have connected to your wireless router, as well as see information you type into your banking and credit card sites.
An application that lets a user access and display content from the Internet.
A type of scam in which phishers find the name and email address of a company's top executive or team of executives (information often freely available on the web), and craft an email specific to those people and their role at the company. The email attempts to lure the executives into clicking on a link that will take them to a website where malware is downloaded onto their machines to copy keystrokes or ferret out sensitive information or corporate secrets.
Also known as "ethical hackers," white hat hackers are computer security experts who specialize in penetration testing and other testing methodologies to ensure that a company's information systems are secure. These security experts may utilize a variety of methods to carry out their tests, including social engineering tactics, use of hacking tools, and attempts to evade security to gain entry into secured areas.
A list of legitimate email addresses or domain names that is used for filtering spam. Messages from whitelisted addresses or domains are automatically passed to the intended recipient.
The name commonly given to wireless networks. Wi-Fi (short for wireless fidelity) networks are commonly used by many businesses and these networks can be protected so that only authorized users may access them.
A virus that spreads by creating duplicates of itself on other drives, systems, or networks. A mass-mailing worm is one that requires a user's intervention to spread, (e.g., opening an attachment or executing a downloaded file). Unlike viruses, worms do not infect other files. Most of today's email viruses are worms. A self-propagating worm does not require user intervention to spread.
Also known as zero-hour threats and vulnerabilities, they include threats that take advantage of a security hole before the vulnerability is known. The security hole is usually discovered the same day the computer attack is released. In other words, software developers have zero days to prepare for the security breach and must work as quickly as possible to fix the problem.
A computer that has been compromised by a virus or Trojan horse that puts it under the remote control of an online hijacker. The hijacker uses it to generate spam or makes the computer unusable to the owner, and the user is usually unaware that their computer has been compromised. Generally, a compromised machine is only one of many in a botnet, and will be used to perform malicious tasks under remote direction.
A collection of viruses used for testing by researchers. See also: in the wild, zoo virus.
A virus found only in virus laboratories that has not moved into general circulation.
Ultimate PC Protection:
Trusted anti-virus, identity management & privacy protection for every device you own.
PC Infected? Get Expert Help!
Connect to one of our security experts by phone. Have your PC fixed remotely - while you watch!
© 2003-2015 McAfee, Inc.