Malware Glossary

Malware is everywhere these days. In every email or IM and around every corner of the Internet is a new type of virus, worm or vulnerability, and you need to know exactly what you're up against. With this malware glossary, you can get up to speed on malware trends and terminology, both old and new.

One problem that plagues computer users of all ages and occupations is malware. It can find its way onto your system through any variety of ways, whether you choose to download a file or simply happen to visit the wrong Web site. In every email or IM and around every corner of the Internet is a new type of virus, worm or vulnerability, and you need to know exactly what you're up against. With this malware glossary, you can get up to speed on malware trends and terminology, both old and new.

Leap to a definition:
Adware - Executable
   Hybrid virus - Keylogger
   Malware - Probe
   Rootkit - Worm


A software application in which advertising banners are displayed while the program is running; sometimes, also tracks user information, which makes it also spyware.
Ask the experts: My adware is delaying reboots.

Antivirus software

A class of program that searches your hard drive and floppy disks for any known or potential viruses.
ITKnowledge Exchange: Antivirus programs -- which one do you prefer?

Back door

A means of access to a computer system that bypasses security mechanisms, installed sometimes by an authorized person, sometimes by an attacker.
Tip: How attackers install backdoors and what to do about it


A bot (short for "robot") is a program that operates as an agent for a user or another program or simulates a human activity. On the Internet, the most ubiquitous bots are the programs, also called spiders or crawlers, that access Web sites and gather their content for search engine indexes.
Tip: Invasion of the bots

Browser hijacker

Programming that alters your browser settings so that you are redirected to Web sites you had no intention of visiting.
Learning guide: Web Browser Security

Return to top

Buffer overflow

Type of attack that sends more data than a buffer was intended to hold; surplus data will overflow into adjacent buffers, corrupting or overwriting the valid data held in them or may. Data sent may include malicious code.
Tip: How buffer overflow attacks work

Data miner

In a malware context, a program that tracks and processes data about the user's browsing behavior for marketing purposes.

Denial of service (DoS)
An incident in which a user or organization is deprived of the services of a resource they would normally expect to have.
Article: New security hole in Firefox

Directory harvest attack
An attempt to determine the valid e-mail addresses associated with an e-mail server so that they can be added to a spam database.
Expert response: Deflecting e-mail spoofing

Distributed denial-of-service attack
One in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system.
Expert response: How do I find a program that activates only when the system goes into hibernation?

Return to top

Email virus

Malicious computer code sent to you as an e-mail note attachment. The best two defenses against e-mail viruses for the individual user are (1) a policy of never opening an e-mail attachment (even from someone you know) unless you have been expecting the attachment and know what it contains, and (2) installing and using anti-virus software to scan any attachment before you open it.
Security school: Email security

Ethical worm

Program used to automate network-based distribution of security patches.
Tip: Ethical worms: A bad idea


Type of file containing a program that will start it to run; viruses are often sent in executable files that will run when the user opens the file.
Expert response: Virus causing your computer to reboot?

Hybrid virus

A virus that combines characteristics of more than one type of virus to infect both program files and system sectors. The virus may attack at either level and proceed to infect the other once it has established itself.
Learning guide: Malware

Hybrid virus/worm

Malicious code that combines characteristics of both those types of malware, typically featuring the virus' ability to alter program code with the worm's ability to reside in live memory and to propagate without any action on the part of the user.
Tip: Eight steps to prevent malware outbreaks

Return to top

IM worm

Self-replicating malicious code that spreads in instant messaging networks.
Expert response: Scanning and removing worms received via IM messaging

In the wild

Malicious computer code that spreads in the real world as a result of normal day-to-day operations.


Type of spyware program that records the user's keystrokes invisibly and either transmits them to the attacker on an ongoing basis or saves them to a secret file in the user's computer to be sent at a later time.
Tip: Keylogger basics


Programming or files developed for the purpose of doing harm.
Tip: Malware removal: Four simple steps

Macro virus

Virus that infects a word processing application and causes a sequence of actions to be performed automatically when the application is started or something else triggers it. Macro viruses tend to be surprising but relatively harmless.
Tip: Securing your Office

Return to top

Password cracker

Program used to identify an unknown or forgotten password, often used by a human cracker to obtain unauthorized access.
Step-by-step guide: BIOS password hacking


Quick-repair job for a piece of programming, often as a result of some discovered vulnerability.
Toolbox: Patch Management

Patch management
Area of systems management that involves acquiring, testing, and installing multiple patches to an administered computer system.
Learning guide: Patch management


The eventual effect of a software virus.

Port scan

Series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a "well-known" port number, the computer provides.
ITKnowledge exchange: Local LAN Vulnerabilities and Open Ports NAT

Return to top


An attempt to gain access to a computer and its files through a known or probable weak point in the computer system.
Expert response: Troubleshooting a Trojan rootkit


A collection of tools (programs) that enable administrator-level access to a computer or computer network. It allows an attacker to mask intrusion and gain root or privileged access to the computer and, possibly, other machines on the network.
Expert advice collection: Rootkit education

Script kiddy

Derogatory term used to describe immature and unskilled -- but unfortunately still dangerous -- malware creators.

Social engineering

A non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures.
Tip: Online scams: Top 5 best of the worst


Unsolicited e-mail on the Internet
Learning center: Windows scam crackdown

Return to top


Programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties.
Expert response: Is all spyware dangerous?


Refers to an event, object or file that evades methodical attempts to find it.
Clinic: Rooting out a rootkit:

Stealth virus

A virus that includes mechanisms that enable it to hide from anti-virus programs.

Trojan horse

A virus in which malicious or harmful code is contained inside apparently harmless programming or data.
Tip: Spear phishing: Don't be a target


A piece of programming code usually disguised as something else that causes some unexpected and usually undesirable event. A virus is often designed so that it is automatically spread to other computer users. Generally, there are three main classes of viruses: file infectors, system or boot infectors, and macro viruses.
Expert response: The difference between antivirus and antispyware/malware software

Return to top

Virus hoax

A false warning about a computer virus. Virus hoaxes are usually forwarded using distribution lists and will typically suggest that the recipient forward the note to other distribution lists. If you get a message about a new virus, you can check it out by going to one of several Web sites that keep up with viruses and virus hoaxes.
Tip: Hoaxes: Nearly as deadly as a virus


Self-replicating virus that does not alter files but resides in active memory and duplicates itself. Worms use parts of an operating system that are automatic and usually invisible to the user. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks.
Expert response: Displaying hidden windows

Dig Deeper on Windows 10 security and management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.