Welcome to the Malware Education Repo glossary! This document provides definitions and explanations of terms and concepts used throughout the project, specifically related to computer viruses and cybersecurity.
Malware that automatically displays or downloads advertising material when a user is online.
Example: Adware can slow down your computer and compromise your privacy.
A program designed to detect and remove malware, including computer viruses.
Example: Installing antivirus software can help protect your computer from malicious attacks.
The process of observing how malware interacts with the system, including file operations, network communications, and registry modifications.
Example: Behavioral analysis can help identify the impact of malware on a system.
A type of computer virus that infects the boot sector of a storage device, making it difficult to remove.
Example: Boot sector viruses can prevent a computer from starting up properly.
A server used by attackers to communicate with and control malware on infected systems.
Example: Malware often communicates with a C2 server to receive commands.
A type of malicious software that attaches itself to a host file and can replicate and spread to other files and systems.
Example: A computer virus can corrupt files and disrupt system operations.
A method by which a computer virus or malware is automatically downloaded and installed when a user visits a compromised website.
Example: Drive-by downloads can infect your computer without your knowledge.
A tool used to capture memory dumps of a system for analysis.
Example: DumpIt can be used to capture the memory state of an infected system.
The process of executing malware in a controlled environment to observe its behavior and interactions with the system.
Example: Dynamic analysis helps understand how malware behaves in real-time.
A type of computer virus that spreads through email attachments or links.
Example: Opening an infected email attachment can introduce an email virus to your system.
A type of computer virus that attaches itself to executable files and spreads when the infected file is run.
Example: File infector viruses can corrupt or delete files on your computer.
Malware that resides in memory or uses legitimate system tools to avoid detection and does not write any files to disk.
Example: Fileless malware can be difficult to detect because it doesn't leave traditional file traces.
A web debugging proxy tool used to capture and analyze HTTP/HTTPS traffic.
Example: Fiddler can be used to analyze network traffic generated by malware.
The process of collecting, preserving, and analyzing digital evidence to understand and respond to security incidents.
Example: Forensic analysis helps in understanding the extent of a security breach.
A free and open-source reverse engineering tool developed by the NSA, used for disassembling and analyzing malware.
Example: Ghidra can be used to reverse engineer malware binaries.
Software that is not outright malicious but can be annoying or harmful, such as adware or spyware.
Example: Grayware can slow down your computer and compromise your privacy.
A method used by antivirus software to detect new, unknown viruses by analyzing their behavior.
Example: Heuristic analysis can identify potential threats based on suspicious activity.
A powerful disassembler and debugger used for reverse engineering malware.
Example: IDA Pro is commonly used to analyze the assembly code of malware.
The process of detecting, containing, and mitigating malware incidents to minimize damage and restore normal operations.
Example: Incident response involves steps like detection, containment, and recovery.
A file that has been compromised by a computer virus or malware.
Example: Running an infected file can spread the virus to other parts of your system.
Unsolicited and often irrelevant or inappropriate email, also known as spam.
Example: Junk email can contain links to malicious websites or attachments.
A type of malware that records keystrokes to capture sensitive information such as passwords.
Example: Keyloggers can steal your personal information without your knowledge.
A piece of code intentionally inserted into software that will set off a malicious function when certain conditions are met.
Example: A logic bomb can delete files or corrupt data when triggered.
Malicious software designed to harm, exploit, or otherwise compromise a computer system.
Example: Malware can include viruses, worms, trojans, and ransomware.
The process of capturing and analyzing the contents of a system's memory (RAM) to uncover hidden malware and understand its behavior.
Example: Memory forensics can reveal malware that resides only in memory.
The process of capturing and examining network communications to understand malware behavior and identify command-and-control (C2) servers.
Example: Network traffic analysis can help identify suspicious network activity.
A type of computer virus that spreads through network connections.
Example: Network viruses can infect multiple computers connected to the same network.
Techniques used by malware authors to hide the true functionality of the code, making it difficult to analyze.
Example: Obfuscation can involve encrypting strings or inserting junk code.
An assembly-level debugger used for analyzing and debugging binaries.
Example: OllyDbg is useful for stepping through malware code to understand its behavior.
A type of computer virus that overwrites the content of a file, making it irrecoverable.
Example: Overwriting viruses can destroy important data on your computer.
The process of compressing or encrypting malware to evade detection and hinder analysis, often using packers like UPX.
Example: Packing can make it difficult for antivirus software to detect malware.
The part of a computer virus that performs the malicious action.
Example: The payload of a virus can delete files or steal personal information.
A tool used to detect common packers, cryptors, and compilers for PE files.
Example: PEiD can help identify if a malware sample is packed.
Techniques used by malware to maintain a foothold on an infected system, ensuring it runs even after reboots or user logouts.
Example: Persistence mechanisms can include creating startup entries or scheduled tasks.
A powerful process viewer and memory editor with a wide range of features for analyzing and manipulating processes.
Example: Process Hacker can be used to inspect running processes and their memory.
A tool that monitors and logs system activity, including file system, registry, and process/thread activity.
Example: Process Monitor can help identify the actions performed by malware.
The process of isolating infected files to prevent the spread of malware.
Example: Antivirus software can quarantine suspicious files to protect your system.
An open-source framework for reverse engineering and analyzing binaries.
Example: Radare2 is used for disassembling and analyzing malware code.
A type of malware that encrypts a user's files and demands payment to restore access.
Example: Ransomware attacks can lock you out of your own data until you pay a ransom.
A tool used to take snapshots of the registry before and after executing malware to identify changes.
Example: Regshot can help identify registry changes made by malware.
The process of analyzing a compiled binary to understand its structure, functionality, and behavior, often using disassemblers and debuggers.
Example: Reverse engineering can reveal how malware operates and its purpose.
A tool that runs programs in an isolated environment to prevent them from making permanent changes to the system.
Example: Sandboxie can be used to safely execute and analyze malware.
A PowerShell feature that logs the content of all script blocks that are executed, useful for detecting and analyzing fileless malware.
Example: Script block logging can help identify malicious PowerShell commands.
Malware that secretly monitors and collects information about a user's activities without their knowledge.
Example: Spyware can track your browsing habits and steal personal information.
The process of examining malware code without executing it, often using disassemblers and decompilers.
Example: Static analysis can help identify the structure and functionality of malware.
A type of malware that disguises itself as a legitimate program to trick users into installing it.
Example: A trojan horse can create backdoors in your system for other malware to enter.
A tool that shows detailed listings of all TCP and UDP endpoints on a system, including the local and remote addresses and state of TCP connections.
Example: TCPView can help identify suspicious network connections.
A software patch that fixes vulnerabilities and improves security.
Example: Regular updates can protect your system from new threats.
A popular packer used to compress and encrypt executables to evade detection and hinder analysis.
Example: UPX can be used to pack malware to make it harder to analyze.
A type of malware that attaches itself to a legitimate program or file and spreads to other programs and files when executed.
Example: A computer virus can corrupt files and disrupt system operations.
A unique string of code that can be used to identify a specific virus.
Example: Antivirus software uses virus signatures to detect and remove malware.
A network protocol analyzer used to capture and analyze network traffic.
Example: Wireshark can be used to analyze network traffic generated by malware.
A type of malware that replicates itself to spread to other computers.
Example: Worms can spread rapidly across networks, causing widespread damage.
A markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable.
Example: The API can return data in XML format.
A tool used to identify and classify malware based on patterns and signatures, often used to create custom rules for malware detection.
Example: YARA rules can be used to detect specific malware families based on unique patterns in their code.
A tool commonly used to create and test YARA rules.
Example: YARA Editor provides a user-friendly interface for writing and testing YARA rules.
A rule used in YARA to identify and classify malware based on patterns and signatures, consisting of a rule name, meta information, strings, and conditions.
Example: A YARA rule can be written to detect malware by looking for specific strings and patterns in the code.
A vulnerability in software that is exploited by attackers before the developer has released a fix.
Example: Zero-day exploits can be particularly dangerous because they are unknown to the software vendor.