Adware: Adware, or advertising-supported software, is any software package that automatically renders advertisem*nts in order to generate revenue for the author. The advertisem*nts may be in the user interface of the software or presented in the web browser. Adware may cause tabs to open automatically that display advertising, make changes to the home page settings in your web browser, offer ad-supported links from search engines, or initiate redirects to advertising websites.
APT: An APT (Advanced Persistent Threat) is a set of stealthy and continuous computer hacking processes, often orchestrated by cyber criminals targeting a specific entity. An APT usually targets organizations and/or nations for business or political motives.
Backdoor: A Backdoor is a type of Trojan that enables threat actors to gain remote access and control over a system. The Backdoor is often the final stage in gaining full control over a system.
Botnet: A botnet is a number of Internet-connected systems infected with malware that communicate and coordinate their actions received from command and control (C&C) servers. The infected systems are referred to as bots. The most typical uses of botnets are DDoS attacks on selected targets and the propagation of spam.
Browser Hijacker: A Browser Hijacker is any malicious code that modifies a web browser’s settings without a user’s permission, to inject unwanted advertising into the user’s browser or redirect to fraudulent or malicious sites. It may replace the existing home page, error page, or search page with its own. It can also redirect web requests to unwanted destinations.
Bulletproof Hosting: Bulletproof hosting is a service provided by some domain hosting or web hosting firms that allows their customer considerable leniency in the kinds of material they may upload and distribute. This type of hosting is often used for spamming, phishing, and other illegal cyber activities.
Cryptojacking: Cryptojacking is malicious cryptomining and the covert use of a systems computer resources to mine cryptocurrency. Cryptojacking is initiated by malware or through webcryptominers embedded in website code.
Drive-by Download: Any download that happens without a person’s consent or knowledge.
Dropper: A dropper is a program or malware component that has been designed to “install” some sort of malware (ransomware, backdoor, etc.) to a target system. The dropper may download the malware to the target machine once it is received from the command and control server or from other remote locations.
Exploit Kit: An exploit kit is a software kit designed to run on web servers with the purpose of identifying software vulnerabilities in client machines communicating with it, and discovering and exploiting vulnerabilities to upload and execute malicious code on the client.
Fast Flux Botnet: Fast flux is a DNS technique used by botnets to hide phishing and malware delivery sites behind an ever-changing network of compromised hosts acting as proxies. It can also refer to the combination of peer-to-peer networking, distributed command and control, web-based load balancing and proxy redirection used to make malware networks more resistant to discovery and counter-measures.
Information Stealer: An information stealer is a trojan that can harvest keystrokes, screenshots, network activity, and other information from systems where it is installed. It may also covertly monitor user behavior and harvest personally identifiable information (PII) including names and passwords, chat programs, websites visited, and financial activity. It may also be capable of covertly collecting screenshots, video recordings, or have the ability to activate any connected camera or microphone. Collected information may be stored locally and later retrieved, or may be transmitted to a command and control server.
Loader: A loader is a type of malware or malicious code used in the loading of a second-stage malware payload onto a victim’s system. The loader is able to hide a malware payload inside the actual loader code instead of contacting a remote location to download a second-stage payload.
Malvertising: Malvertising involves injecting malicious or malware-laden advertisem*nts into legitimate online advertising networks and webpages. Malvertising is often used in exploit kit redirection campaigns.
Mobile Trojan: A mobile trojan is a trojan designed to target and infect mobile phones running Android, iOS, Windows or other mobile operating systems.
Point-of-sale Malware: Point-of-sale malware (POS malware) is used by cybercriminals to target point of sale terminals with the intent to obtain credit card and debit card information by reading the device memory from the retail checkout point of sale system.
Ransomware: Ransomware is computer malware that installs covertly on a victim’s computer, encrypts files, and demands a ransom be paid to decrypt the files or to prevent the attacker from publishing the victim’s data publicly.
Remote Access Trojan (RAT): A Remote Access Trojan (RAT) is malware that allows covert surveillance or unauthorized access to a compromised system. RATs make use of specially configured communication protocols. The actions performed vary but follow typical trojan techniques of monitoring user behavior, exfiltrating data, lateral movement, and more.
Rootkit: A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or areas of its software that would not otherwise be allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software.
Scareware: Scareware is a form of malicious software or website that uses social engineering to give the perception of a threat in order to manipulate users into buying or installing unwanted software. Scareware misleads users by using fake alerts to trick them into believing there is malware on their computer, and manipulates them into paying money for a fake malware removal tool or allowing an entity remote access to their system to clean the malware. Instead of remediation, the software or remote entity delivers malware to the computer.
Sinkhole: A DNS sinkhole, also known as a sinkhole server is a DNS server that gives out false information, to prevent the use of the domain names it represents. Traffic is redirected away from its intended target. DNS sinkholes are often used to disrupt botnet command and control servers.
Spam: Spam is an unwanted, unsolicited message that can be received through email or SMS texts. Spam is sent to many users in bulk. It is often sent through the means of a botnet. Spam can contain advertising, scams, or soliciting. In the case of malspam or malicious spam, it contains malicious attachments or links that lead to malware.
Spyware: Spyware gathers information about a person or organization without their knowledge. It may assert control over a computer without the user’s knowledge.
Trojan: A Trojan is malware which is used to compromise a system by misleading users of its true intent. Trojans typically create a backdoor, exfiltrate personal information, and can deliver additional malicious payloads.
Worm: A computer worm is malware that replicates itself in order to spread to other computers. Worms typically spread through the computer network or removable storage devices that are shared between systems, relying on security failures on the target computer.
