Malware and exploit terms

A tunneling virus, or tunneling malware, is a type of malicious software that hides from regular security scans by using special techniques to go undetected.

A zombie computer is an infected device controlled without its owners’ knowledge.

A zip bomb is a malicious compressed file designed to crash the system trying to unarchive it.

The Zeus virus is malicious software, designed to steal banking data through Windows devices.

Zero day is a broad term that includes both vulnerabilities and exploits.

An XPath injection is a cyberattack that involves manipulating an application’s XPath (XML path) queries without proper input validation or sanitization.

XML Injection is a cyber attack that exploits vulnerabilities in web applications' handling of XML data.

An XML bomb is a type of DDoS attack where a small piece of code is sent to overwhelm the program that parses XML files and crash the server.

Website defacement is a malicious activity, an attack on a website that changes its visual appearance.

A web shell is a program or a script that allows someone to gain access to a web server or website.

The Wabbit virus is self-replicating malware that can adversely affect computer systems.

A virus signature is a set of unique characteristics that a known malware type has.

URL injection is a cyberattack where a fake page is created and inserted into a genuine website.

TrickBot is a sophisticated modular malware capable of system reconnaissance, data theft, and ransomware delivery.

A time bomb or a logic bomb is a specific kind of malware that is programmed to activate and execute malicious practices when a specific time comes or certain conditions are met.

TeslaCrypt, a type of ransomware, is malicious software that encrypts files on a victim's computer and demands payment to decrypt them.

Template injection is a vulnerability in web applications that generate dynamic content with templates.

A SYN flood, or TCP SYN flood, is a type of denial-of-service (DoS) attack that exploits part of the standard TCP/IP handshake process to overwhelm the targeted server's resources, rendering it unresponsive.

Storm worm refers to a notorious computer worm from 2007.

A stealth virus is any virus that attacks while trying to avoid detection by antivirus software.

Stalkerware is a spying software or app that allows someone else to track your device.

SQL injection is a cyberattack that uses malicious SQL code to manipulate a database and access sensitive information.

Spyware is software that collects data on a device and passes it to third parties without the device owners’ knowledge or consent.

SpyEye is a type of malware that uses keystroke logging to steal sensitive information from a user’s device and access their online banking account.

Spamware is malicious software designed to create, distribute, or facilitate spam, including unwanted messages and advertisements.

A spambot is an automated computer program designed to send or post unsolicited spam messages on the internet.

A sneaker bot is software designed to automatically and quickly buy limited-edition sneakers or other apparel from online stores.

Snake malware is a sophisticated cyber-espionage tool developed by the Federal Security Service (FSB) of Russia in 2003.

Smurfing is a type of DoS attack that involves sending a large number of ICMP (Internet Control Message Protocol) packets to a target computer or network.

A smurf attack is a certain type of denial-of-service (DoS) attack.

Shylock is a sophisticated banking Trojan malware that is ill-famed for its ability to steal sensitive financial information and carry out fraudulent transactions.

Sharking is a cyber exploit that is usually directed toward a card player.

Shamoon is destructive malware designed to overwrite and wipe targeted files, rendering infected systems unusable.

A self-replicating machine is a theoretical concept of a mechanical system that can replicate itself using raw materials from its environment.

Scumware is a malicious or undesirable software application that engages in unethical or deceptive practices.

Ryuk ransomware is ransomware that encrypts essential files on Windows computers and holds companies for Bitcoin ransom.

A rubber ducky attack, also known as a USB Rubber Ducky attack, is a type of cyberattack that involves a malicious USB device posing as a keyboard.

Rogueware, a subset of scareware, refers to malicious software disguising itself as legitimate security software (an antivirus) or system utilities.

Rogue security software is harmful software that tricks users into thinking their computer has viruses or malware.

Riskware is legitimate software that can be exploited or reused by hackers to wreak havoc on a computer and the whole network.

REvil ransomware is a virus that encrypts the victim’s files and holds them hostage until a ransom is paid.

A reverse brute-force attack is an indiscriminate cyberattack where the hacker tries one password on as many accounts as possible.

Resource exhaustion happens when a system or system user uses up all the available resources that the system has, leading it to be completely drained.

A resident virus is malware that embeds in the computer memory, enabling it to infect other computer files without even being executed.

A remote access trojan is a type of trojan malware that disguises itself as a harmless program but includes a back door for administrative control over the target device.

Quantum hacking is the process of finding and using vulnerabilities in quantum communication systems to capture or manipulate the quantum data being transferred.

Qbot is a type of Trojan virus that can infect devices with malware.

Pseudoransomware refers to a type of malware that mimics the behavior of ransomware, a virus that encrypts the data on the device and demands a ransom to give it back.

A proxy Trojan is malware that turns an infected computer into a proxy server, allowing attackers to route their internet traffic through it anonymously.

Process hollowing is a code injection method that replaces parts of the code in a legitimate process without changing how it appears to work.

Poweliks is a type of Trojan malware that can hide in the Windows Registry, making it challenging to detect and remove.

A potentially unwanted application is an application that installs itself alongside another type of software.

A polymorphic virus is a complex form of malware that creates modified versions of itself (mutates) to avoid detection by security systems.

Polymorphic malware is a wider term for malicious software that can change or mutate its code and appearance to avoid detection.

Pirated software is unauthorized software that entities copy and distribute without permission from the copyright holder.

A ping of death is a denial of service (DoS) attack in which a hacker sends oversized or malformed data packets to crash, destabilize, or freeze the targeted computer.

PHP injection is an application vulnerability allows attackers to exploit PHP applications when performing malicious actions.

Phlashing is a cyberattack that aims to “brick” (make completely useless, akin to a brick) the target system by destroying its firmware or hardware.

Petya is a family of encrypting ransomware that emerged in 2016.

A payload is a part of malicious software that performs the hostile action, such as deleting or encrypting data, logging your keystrokes, or sending out spam.

A passive attack refers to an unauthorized attempt to covertly access and monitor network traffic without actually altering or tampering with the data.

Pass the hash is a hacking technique that allows an attacker to use a hashed password without actually knowing the user's plaintext password.

Packet monkey is a pejorative term for individuals who intentionally flood servers with large volumes of data packets to cause a denial-of-service (DOS) attack.

In cybersecurity, an overwriting virus is a malware that targets files and changes the original code entirely with malicious code.

OGNL injection is a software application security vulnerability where a hacker uses the OGNL (Object-Graph Navigation Language) to manipulate and execute malicious code within an application.

A nuker is a hacker who carries out a nuke — a remote denial-of-service (DoS) attack aiming to bring a computer to a complete halt.

An NTP amplification attack is a type of DDoS attack where the attacker relies on misconfigured or insecurely configured NTP servers that respond to requests from unauthorized sources in order to flood their victims with traffic.

NotPetya, sometimes referred to as Petya, is a destructive cyberattack that masquerades as ransomware.

Netwalker ransomware is a type of malicious software that encrypts a victim's data, rendering it inaccessible, and then demands a ransom in exchange for the decryption key.

The Morris worm is one of the oldest internet computer worms.

Mode of attack refers to tactics and strategies attackers use to exploit vulnerabilities in a computer system or network.

Mobile malware is malicious code or software that targets smartphones, tablets, and other widely used mobile devices to access and exploit private data.

Metamorphic malware is a type of malware that rewrites its code as it makes its way through a system.

Memory rootkit refers to a type of malicious software that operates at the kernel or system level of a computer's memory, allowing it to hide and persistently control the compromised system.

Malware sandboxing is a method where experts and analysts run possibly dangerous code or files in a protected space known as a sandbox.

Malware obfuscation is the practice of modifying malicious software (malware) to make it more difficult for cybersecurity measures to identify.

Malware-as-a-service functions similarly to a legitimate business model like software-as-a-service — access to a user-friendly interface and control panel that lets “customers” manage the software’s activities remotely.

Malvertising is malicious advertising that criminals use to steal data or install malware onto their victims’ devices.

Malicious code is an umbrella term for a variety of harmful computer programming scripts designed to cause damage by creating or exploiting system vulnerabilities.

Malicious active content is executable code embedded in web pages, emails, or software applications that’s designed to perform malicious actions.

Madware is a fusion of the words mobile and adware.

A macro virus refers to malicious software propagating via contaminated macro-enabled files, like those in Microsoft Word or Excel.

A logic bomb is malicious code inserted into a computer system, network, or software, that lies dormant until specific conditions are met.

Locky ransomware is a serious global threat known for encrypting sensitive data on computers using complex encryption schemes, such as RSA and AES algorithms.

Leakware is a subtype of ransomware, which attacks victims by stealing and threatening to leak sensitive or confidential information.

Kovter is an invisible, fileless malware that targets the Windows operating system.

Killware is a cyberattack deployed to cause serious physical harm or even death.

A keylogger is software or hardware used to record (log) the keys being pressed on a keyboard, often without the user’s knowledge.

JSONP injection is a security vulnerability that can occur when a website uses JSONP to bypass the same-origin policy in web browsers.

Jackware is a type of malicious software that targets computers and IoT devices.

IoT botnet is a network of IoT devices that are infected by malware and take commands from an attacker.

An internet worm is a type of malware that self-replicates and distributes copies of itself across a network.

An internet bot is a software application that performs automated tasks on the internet for another user or program.

InstallCore is a download manager for distributing and installing software.

An input validation attack is an unauthorized manual injection of harmful information into a standard user input field.

Industroyer refers to a highly sophisticated and destructive malware that specifically targets industrial control systems (ICS) used in critical infrastructure sectors such as energy, transportation, and manufacturing.

ILOVEYOU (also known as the Love Bug or Love Letter) is one of the most infamous computer worms in the history of malware.

A hybrid attack is a type of cyberattack where the perp uses more than one tool to get into a device or network.

The 'hug of death' refers to the unintentional crashing or slowing down of a website or server due to a sudden surge in traffic.

HTML Injection is a cyberattack where hackers insert malicious code into a web page's input fields, comments, or other user-controllable sections.

A heuristic virus is a term that is used to describe viruses due to the way it’s discovered by antivirus software.

HermeticWiper is a type of disk-wiping malware designed to penetrate Windows devices and shut them down by destroying files, corrupting the master boot record (MBR), and distressing physical drives.

Greyware refers to software that isn’t necessarily carrying malware but is still malicious.

GPS jamming is the deliberate disruption of Global Positioning System (GPS) signals.

Ghostware refers to a type of malware designed to avoid detection by traditional security measures.

GhostNet is a large-scale cyber spying operation that was discovered in 2009.

GandCrab is a type of ransomware, a malicious software that encrypts a victim's files and demands a ransom to decrypt them.

A fragment overlap attack is a type of denial of service (DoS) attack that abuses the way devices send data in IP packets (datagrams).

A form grabber is a type of malware specifically designed to steal information that users enter into web forms on internet browsers.

A fork bomb is a type of denial-of-service (DoS) attack that involves overloading systems by continuously using fork system calls until the systems slow down or become unresponsive.

A flooder is malware used to send large amounts of garbage data (a “flood”) to the target, disrupting their communications.

FileRepMalware is a tag that many antivirus programs assign to potentially dangerous files.

Fileless malware is malicious software that works without planting an actual file on the device.

A file-infecting virus is a type of malicious software (malware) that attaches itself to legitimate executable files on a system.

A file binder is a type of software that combines multiple files into a single one.

A fault injection attack is a security breach where an attacker induces errors or “faults“ in a system to cause it to behave in unintended ways.

A fake antivirus is malicious software that masquerades as a genuine antivirus application, seeking to deceive users into downloading it.

Expression language injection is a security vulnerability (weakness) where an attacker is able to insert malicious code into an application's expression (programming) language.

Email virus refers to a type of a computer virus that spreads via email messages.

Email bombing is a cyberattack where cybercriminals send large volumes of messages to an email address to overwhelm it.

Elk Cloner was among the first computer viruses to spread outside a controlled laboratory environment.

Dyreza is a type of Trojan malware first discovered in 2014.

Duqu refers to a sophisticated and stealthy malware discovered in 2011.

A dropper is a type of trojan.

A drive-by attack is a cyberattack that secretly downloads and installs malicious files onto a user's computer or mobile device without any interaction needed from the user beyond loading the website.

Dridex is a highly potent malware that infiltrates Windows-based computers to steal valuable financial information.

A downloader trojan is a type of malware designed to install malicious software or files onto a victim’s device (e.g., smartphone or computer) without them knowing.

A DNS reflection attack, also known as a DNS amplification attack, is a type of DDoS attack that exploits open DNS servers to amplify the volume of traffic directed towards a target.

DLL injection is a method, frequently referred to as process injection, where developers and cyberattackers alter a program's functionality by executing extraneous code within another process's realm.

Disassociation attack refers to a type of denial of service (DoS) attack on a wireless network.

A data-sending trojan is a type of malware.

A cyberthreat is any activity, device, software, or person that has the potential to steal, alter, deny, or delete data without permission.

Cyberattack is a broad term for cybercrime that covers any deliberate assault on computer devices, networks, or infrastructures.

Cyber vandalism is a destructive cyberattack without any obvious profit or ideological motive.

A Cyber Pearl Harbor refers to a hypothetical cyberattack on the critical infrastructure of a city or nation.

A CTB locker is a type of ransomware and is part of the crypto-ransomware family.

Cryptowall is a malicious program that encrypts a user's data, making it impossible to access, and then demands payment in cryptocurrency as ransom to restore it.

A cryptovirus is a type of malicious software that encrypts the victim's files, making them inaccessible until a ransom is paid.

Cryptovirology is the study of combining cryptographic techniques and computer virology to create powerful malware (e.g., ransomware).

Cryptolocker ransomware is a trojan virus that targets Windows devices.

Crypto malware (or cryptojacking) is malicious software that mines cryptocurrencies on the victim’s computer without their knowledge or consent.

CryptBot refers to an infostealer targeting Windows operating systems.

Creepware refers to malicious software, designed to invade the privacy of individuals without their knowledge or consent, spy on their activities, and report data back to the attacker.

The Creeper virus was a worm, which is the type of virus that spreads itself by replicating and hopping from one device to another.

CoreBot is a notorious banking Trojan that emerged in 2015.

A copy-paste compromise is a cyberattack that primarily uses publicly available open-source code or exploits known vulnerabilities.

A computer worm is a type of malware that replicates — spreads copies of itself — from computer to computer.

Computer virus refers to malicious software created to harm a file or a device.

A computer network attack seeks to harm the normal functioning of a system.

Command injection is a cyber attack involving the execution of malicious commands in apps or computer systems.

Code injection is an attack that involves malicious code being injected into an application.

Clop ransomware is a notorious malicious software that encrypts the victim's files, rendering them inaccessible until a ransom is paid.

A Chernobyl packet triggers a broadcast storm in computer networks by exploiting vulnerabilities in network protocols or device configurations.

Chargeware is malware disguised as legitimate software, service, or a free application that often tempts users with enticing and unrealistic features.

A C&C server is a centralized server or a network of servers used by attackers to manage and control compromised devices or systems within a botnet or malware network.

Carberp is a type of malware that targets computers and is specifically designed to steal sensitive information, especially financial data.

In cybersecurity, camfecting refers to accessing and controlling a user's webcam without their knowledge or consent.

A brute-force attack is a a rapid trial-and-error approach to guess the correct password, PIN, or encryption keys to gain access to any password-protected account, platform, or system or to decrypt password-protected data.

Browser hijacking happens when a user’s internet browser settings are modified without the user’s permission.

Browser hijacker is a piece of malicious software that takes control of your browser, redirecting you to specific pages and altering your settings.

Bot herder refers to a person or group of individuals who control a botnet, a network of compromised computers.

A bootkit is a malicious program or malware that modifies a computer's master boot record.

Booter is a DDoS attack offered as a software-as-a-service by cybercriminals to anyone who wants to perform the attack.

A boot sector virus is a type of computer virus that infects the boot sector (space reserved for essential instructions on how to start up) of a storage device — typically the master boot record of a hard drive.

Bloatware is software you don’t want that slows down your device.

A blended threat is a type of cyberattack that combines multiple methods and techniques in order to exploit vulnerabilities of the target network or system.

Bladabindi is trojan virus that allows the cybercriminal to gain access to the infected device through a back door.

BlackEnergy is a complex malware strain initially designed to launch distributed denial-of-service (DDoS) assaults.

A birthday attack is an attack that occurs when someone exploits the mathematics behind the birthday problem in probability theory to launch a cryptographic attack.

Beaconing is a signal malware sends out to the command and control server, indicating that it has infected a device and asking for further instructions.

Bait apps are mobile apps designed to lure users into downloading them by promising features that do not exist.

BadUSB is a type of cyberattack that uses compromised USB devices to execute malicious code.

A backdoor is an undocumented way to bypass existing cybersecurity measures and gain access to the target system.

Autorun worms are types of malware that can spread through removable media or hardware, like CDs or USB flash drives.

An armored virus, or an encrypted virus, is a malicious computer program designed to conceal its code by encrypting its payload (the part responsible for carrying out malicious actions).

Anna Kournikova virus was a cyber threat that began to spread worldwide in February 2001.

AFTS (or Automatic Funds Transfer Services) is a payment processing platform specializing in secure money transfers and address verification.

An advanced persistent threat is a criminal group that gains access to a network and performs malicious activities.

An advanced evasion technique is a cyberattack that enables the hacker to access a network without authorization and detection.

An active attack is when an attacker attempts to break into a system and change the existing data, affect operations, or take control of the hardware device.