Cyber SentryTrend Micro
Your current security is already out of date
Virus Info
Free Online Virus Scan
Virus Alerts
Virus Tracking Center
Our System
How It Works
Services for ISP's
Help Section
FAQ
A Service, Not A Product
Why do you need this?
System Test
Hoax Virus Alerts
What is a Virus?
Safe Computing Guide
Glossary of Terms
More Info on Virus's
Register
End Users
Usage Policy
Marketing Resources
Logos
More
Contact Us
Jobs at Cyber Sentry
Glossary of Virus Terms

ActiveX malicious code
ActiveX controls allow Web developers to create interactive, dynamic Web pages with broader functionality such as HouseCall, Cyber Sentry's free on-line scanner. An ActiveX control is a component object embedded in a Web page which runs automatically when the page is viewed. In many cases, the Web browser can be configured so that these ActiveX controls do not execute by changing the browser's security settings to "high." However, hackers, virus writers, and others who wish to cause mischief or worse may use ActiveX malicious code as a vehicle to attack the system. To remove malicious ActiveX controls, you just need to delete them.

Aliases
There is no commonly accepted industry standard for naming viruses and malicious mobile code. Each may be known by several different names or aliases. See virus types for an explanation of Cyber Sentry's virus-naming conventions.

Boot sector viruses
Boot sector viruses infect the boot sector or partition table of a disk. Computer systems are most likely to be attacked by boot sector viruses when you boot the system with an infected disk from the floppy drive - the boot attempt does not have to be successful for the virus to infect the hard drive. Also, there are a few viruses that can infect the boot sector from executable programs- these are known as multi-partite viruses and they are relatively rare. Once the system is infected, the boot sector virus will attempt to infect every disk that is accessed by that computer. In general, boot sector viruses can be successfully removed.

Destructive viruses
In addition to self-replication, computer viruses may have a routine that can deliver the virus payload. A virus is defined as destructive if its payload does some damage to your system, such as corrupting or deleting files, formatting your hard drive, and committing denial-of-service attacks etc.

ELF
ELF refers to Executable and Link Format, which is the well-documented and available file format for Linux/UNIX executables. Cyber Sentry's products detect malicious code for Linux/UNIX as "ELF_Virusname."

Encrypted viruses
Indicates that the virus code contains a special routine that encrypts the virus body to evade detection by antivirus software. Cyber Sentry’s antivirus products have the ability to decrypt the virus body and detect such viruses.

File infecting viruses
File infecting viruses infect executable programs (generally, files that have extensions of .com or .exe). Most such viruses simply try to replicate and spread by infecting other host programs - but some inadvertently destroy the program they infect by overwriting some of the original code. There is a minority of these viruses that are very destructive and attempt to format the hard drive at a pre-determined time or perform some other malicious action. In many cases, a file-infecting virus can be successfully removed from the infected file.  If the virus has overwritten part of the program's code, the original file will be unrecoverable.

In-the-Wild virus list
The In-the-Wild virus list is a list of the most common viruses that have been found infecting users’ computers worldwide. The list is compiled by the renowned antivirus researcher Joe Wells. Wells updates the list regularly, working closely with antivirus research teams around the world, including Cyber Sentry. When ICSA (International Computer Security Association) conducts virus testing of antivirus products, the In-the-Wild virus list serves as the basis for its comparative analysis. More info: http://www.wildlist.org

Java malicious code
Java applets allow Web developers to create interactive, dynamic Web pages with broader functionality. Java applets are small, portable Java programs embedded in HTML pages. They can run automatically when the pages are viewed. However, hackers, virus writers, and others who wish to cause mischief may use Java malicious code as a vehicle to attack the system. In many cases, the Web browser can be configured so that these applets do not execute by changing the browser's security settings to "high."

Joke programs
Joke programs are ordinary executable programs. They are added to the detection list because they are found to be very annoying and/or they contain pornographic images. Joke programs cannot spread unless someone deliberately distributes them. To get rid of a Joke program, delete the file from your system.

Language
This refers to the language locale of the virus working platform such as MS Word in English or Chinese.

Malware
Malware is a general term used to refer to any unexpected or malicious programs or mobile codes such as viruses, Trojan, worm, or Joke programs.

Macro virus
Macro viruses are viruses that use another application's macro programming language to distribute themselves. They infect documents such as MS Word or MS Excel.  Unlike other viruses, macro viruses do not infect programs or boot sectors - although a few do drop programs on the user's hard drive. The dropped files may infect executable programs or boot sectors. Macro viruses can be removed safely from the infected document while passing thro' the Cyber Sentry mail servers.

Special note: Occasionally, you may get an "illegal operation" error when you try to start MS Word after cleaning a Word macro virus. If this happens, search for the file "normal.dot" and rename it to "normaldot.bak." MS Word will generate a new, clean "normal.dot" the next time it is started. This problem occurs because some viruses can leave harmless code residue that MS Word may be reading incorrectly, causing erratic behavior. Cyber Sentry's antivirus software only removes malicious viral code and not user-created macros.

NE
NE refers to New Executable, which is the standard Windows 16-bit executable file format. Windows 16-bit viruses are detected by Cyber Sentry products as "NE_Virusname."

Password
Some viruses set a password when they infect a document. The main objective of the virus here is to make the document inaccessible. This password can be a word, phrase, or even a randomly generated number.

Payload
A virus’ payload is an action it performs on the infected computer. This can be something relatively harmless like showing messages or ejecting the CD drive, or something destructive like deleting the entire hard drive.

PE
PE refers to Portable Executable, which is the standard Win32 executable file format. Windows 32-bit viruses are detected by Cyber Sentry products as "PE_Virusname."

Platform
Indicates the computer operating system or application on which a virus can run and perform an infection. Generally, a particular operating system is required for executable viruses and a specific application is needed for macro viruses.

Risk rating
The risk rating of a virus is an assessment of the threat posed by a virus.  It is based on a number of different factors including, but not limited to, potential to spread, destructiveness of the payload, and actual number of cases reported etc.

Size of macro/malicious code/virus
Indicates the size of the virus code in bytes. This number is sometimes used as part of the virus name to distinguish it from its variants.

Script viruses (VBScript, JavaScript, HTML)
Script viruses are written in script programming languages, such as VBScript and JavaScript. VBScript (Visual Basic Script) and JavaScript viruses make use of Microsoft's Windows Scripting Host to activate themselves and infect other files. Since Windows Scripting Host is available on Windows 98 and Windows 2000, the viruses can be activated simply by double-clicking the *.vbs or *.js file from Windows Explorer.

HTML viruses use the scripts embedded in HTML files to do their damage. These embedded scripts automatically execute the moment the HTML page is viewed from a script-enabled browser.

Trigger condition or date
This is to indicate the condition or date on which the virus’ payload will be triggered. Please note that date-activated viruses may infect your computer 365 days a year. Your computer may be infected by these viruses prior to the date specified.

Trojan
A Trojan horse is a program that performs some unexpected or unauthorized, usually malicious, actions such as displaying messages, erasing files or formatting a disk. A Trojan horse doesn’t infect other host files, thus cleaning is not necessary. To get rid of a Trojan, simply delete the program.

Virus types
Viruses and other malware are classified into various types depending on their file formats and infection routines. To distinguish among these types, Cyber Sentry uses the following prefixes:

Worm
A computer worm is a self-contained program (or set of programs) that is able to spread functional copies of itself or its segments to other computer systems. The propagation usually takes place via network connections or email attachments. To get rid of a worm you just need to delete the program.

 

 © 2001 Cyber Sentry Ltd. All Rights Reserved
Cyber Sentry -- Application Development Sitemap 1 2 3