This is a device or software that adds extra functionality to another device or program. Consider, for example, browser extensions or plug-ins, which are software packages that get added to the browser to give users extra options.

Address bar

An address bar usually refers to the text box in your browser that shows the URL location a browser tab or window is currently on or viewing. A user can manually fill in the URL he wants to visit from here. Or he/she can visit a site in another way (e.g. by clicking a link) and the address bar will show the resulting URL.

Sometimes, the address bar refers to a path that is shown in a file explorer utility.

Note that under some circumstances, the address bar also functions as a search bar if the text that is entered is not recognized as a valid URL.


Adware is a form of malicious software which displays unwanted advertising on your computer.  For more information, see this blog post.


Stands for Advanced Persistent Threat, which is a prolonged, aimed attack on a specific target with the intention of compromising their system and gaining information from or about the target. For more information, see this blog post.


Stands for Address Resolution Protocol, which is used to find a physical address that belongs to an IP address.

The normal procedure is to send an ARP request over the network and the machine that has the requested IP will answer with an ARP reply. This procedure then associates a physical machine with an IP address. Attackers can abuse this protocol by ARP spoofing, broadcasting an IP address so that the traffic meant for that IP address can be intercepted by the attacker.



Typically a type of Trojan malware that allows its creator or proponent to gain access to a system by bypassing its security. The term “backdoor” can also refer to the method of gaining access to user systems undetected; should not be mistaken for exploits.

Other form/s: backdooring


In the context of computer malware, behavior refers to the actions malware performs on an affected system once executed.


A derivative of the word “robot.” It usually pertains to (1) one or more compromised machines controlled by a bot master or herder for the purpose of spamming or launching DDoS attacks, and (2) an automated program coded with certain instructions to follow, which includes interacting with websites and humans via the use of Web interfaces (e.g. IMs). A collective of bots is called a botnet.

Synonym: zombie machine


A collection of bots.  The term also refers to the malware run on a connected device to turn it into a bot.


A bundler is a group of programs that are bunched up together to be installed with a main program, which is usually what users desire to install onto their systems. These additional programs are other unwanted software, such as adware and toolbars.



Stands for command and control, which may pertain to a a centralized server or computer that online criminals use to issue commands to control malware and bots and to receive reports from them.

Other forms: command & control, C2



DDoS stands for Distributed Denial of Service.  It is a network attack that involves attackers forcing numerous systems (usually infected with malware) to send network communication requests to one specific web server. The result is the receiving server being overloaded by nonsense requests and either crashing the server and/or distracting the server enough that normal users are unable to create a connection between their system and the server.  This attack has been popularized in many “Hacktivism” attacks by numerous hacker groups as well as state-sponsored attacks conducted by governments against each other.


DNS stands for Domain Name Service.  It is an internet protocol that allows user systems to use domain names/URLs to identify a web server rather than inputting the actual IP address of the server.  For example, the IP address for is, but rather than typing that into your browser, you just type ‘’ and your system reaches out to a ‘DNS Server’ which has a list of all domain names and their corresponding IP address, delivering that upon request to the user system.  Unfortunately, if a popular DNS server is taken down or in some way disrupted, many users are unable to reach their favorite websites because without the IP address of the web server, your system cannot find the site.


In computer security related terminology domain refers to either:

  1. A group of computers that are under the control of a common operator and administered as one unit, or
  2. The name of a Web resource following the rules of the Domain Name System (DNS), which translates the Domain Name into an IP address


or Trojan-Downloader is malware with the sole intention to download other programs, usually more malware, to the infected system as soon as an internet connection is available.

Drive-by download

Pertains to (1) the unintended download of one or more files, malicious or not, onto the user’s system without their consent or knowledge. This usually happens when a user visits a website or views an email on HTML format. It may also describe the download and installation of files bundled with a program that users didn’t sign up for. These files can be adware, spyware, or PUPs; (2) the general term used for files that were downloaded unintentionally; i.e. “drive-by downloads.”



Pertains to (1) a type of malware programmed to take advantage of a software bug or vulnerability on a system in order to compromise it and allow the exploit’s creator or proponent to take control of it; (2) the act of successfully taking over a system by taking advantage of certain software vulnerabilities installed on it. A collection of exploits is called an “exploit kit.”

Exploit Kit

A collection of exploits which are packaged up for use by criminal gangs in spreading malware.



Stands for Host Intrusion Prevention System, which describes a software package that monitors for suspicious activities occurring within a host machine. This helps keeps a system secure, without depending on a specific threat to be added to a detection update. For more information, see the article HIPS.


A hoax  is the term we use to generally describe a fake or false warning. Hoaxes did start  out as emails, but nowadays they are most active on social media, especially on Facebook. This has considerably increased the speed with which they spread. For more information, see the article hoax.


IP address

An IP address is a number assigned to each system that is participating in a network using the Internet Protocol, such as the World Wide Web.

There are two standards in use: IPv4 and IPv6, but every computer that has an IP address has at least an IPv4 address. An IPv4 address consist of 4 elements each ranging from 0 to 255. A well-known example is the IP-address, which points back at the computer that sends the query.




In the context of malware, a keylogger is a type of Trojan spyware that is capable of stealing or recording user keystrokes.

Other forms: key logger, keylogging
Synonyms: keystroke logger, system monitor



Malware which is delivered by email messages.  For more information, see


The shortened version of “malicious software.” Malware is the generic or umbrella term to refer to any malicious programs or code that are harmful to systems.



In computing this stands for Operating System. The most well-known operating systems are Microsoft Windows, Linux, Apple’s MacOS, Android, and Google’s Chrome OS. Most of these can be divided in more specific operating systems (e.g. Windows 8.1) or grouped into more general clusters of operating systems (e.g. Chrome OS is based on the Linux kernel)



Is essentially a short and simple password. Consider for example the 4 digit numerical code to unlock a smartphone.


Is essentially a complex password made up of a sequence of words. The differences with a regular password are the presence of spaces and the length that makes a passphrase more complex.


Is a method of authentication that has become popular due to its ease of use. The growing need for complex and longer passwords has diminished that ease of use a bit. More information can be found in our blogpost The Password and You.

Penetration Testing

Penetration Testing (or “pen testing”) is the practice of running controlled attacks on a computer system (network, application, Web app, etc.) in an attempt to find unpatched vulnerabilities or flaws. By performing pen tests, an organization can find ways to harden their systems against possible future real attacks, and thus to make them less exploitable.


An attempt to fraudulently obtain credentials without permission, often done by email but also appears on social networks, in fake programs asking for login details, and over the phone.


Stands for “potentially unwanted program.” A program (or bundle of programs) which may be included with software the person downloading it wants. The PUP component may include unnecessary offers, add-ons, deals, adverts, toolbars, and pop-ups, all of which may be entirely unrelated to the functionality of the sole wanted program.


QR Code

Is a 2-dimensional barcode. They are squares filled with black and white blocks invented to keep track of cars during manufacturing. Because of the speed with which they can be read and the amount of data they can store, they are rapidly becoming popular in a growing range of fields.


Is by origin a medical term which means keeping infected persons or animals away from healthy ones, to minimize the chances of spreading a contagious disease. This term was picked up by the AV-industry, that uses the term for files they have moved to a safe location on a system, because they were identified as malware. In quarantine the files can no longer be executed, but the user can restore them if he feels the detection was false.



A type of software which locks users out of their computer and/or encrypts their files, offering to unlock on the condition that the victim pays a ransom. The ransom may involve Bitcoin or more traditional forms of payment. Ransomware ranges from crude to highly sophisticated, and only a few types are able to have their encryption successfully decrypted.

Remote access

Is controlling a computer system from another location. There are many programs that enable this method of working. Very convenient if you want to work on your office computer from home. Unfortunately, it is also a tool of choice for Tech Support Scammers.


Are also referred to as anti-anti-virus viruses. Which means that it tries to attack and disable any anti-virus, or other protective software, on the system they are trying to infect, so it won’t get detected.


Is software, generally classified as malware, that provides the attacker with administrator privileges on the infected system and actively hides from the normal computer user. They also hide from other software on the system, often even from the operating system.

RunPE Technique

A common technique malware uses: running the original executable, suspending it, unmapping from the memory, mapping the payload on its place, and running it again.


Safe Mode

It’s a boot option that loads only the most basic drivers needed for Windows to run. There are different sets of drivers that can be loaded, depending on the kind of “Safe Mode” the user selects. For more information, see the article safe mode.


In computer security related terminology a seed is one of the factors used to create (a series of) seemingly random numbers or strings. Consider for example Domain Generating Algorithms or encryption keys that are created on the fly. In the combination of factors, the seed is the constant that is the same for one set of random items. For example, the seed for the file encryption used on one victim, can be unique for that victim and for all his files. The seed for one series of generated domains is generally the same until the author switches to a new variant of the malware using the domains.


Is a form of blackmail in which the victim is forced to perform sexual favors for the blackmailer. This is often done by threatening to make embarrassing pictures public that were obtained under false pretenses over the internet.


Stands for Security information and event management. SIEM systems are designed to provide SOCs or other security managers with information about the entire system’s infrastructure to support detection and help with incident response and prevention.


Stands for Security Operations Center and is a centralized unit of personnel, processes and technology that guard the security and investigate security breaches for a bigger entity, usually a company or a network. A SOC does not necessarily have to be part of an organization, they can be hired externally.

Social engineering

In cyber-security social engineering is the description of methods that attackers use to get the victims to breach security protocol or give up private information. There are many tactics that lead to this goal, relying on basic human nature. Like seducing the victims by playing on their greed, vanity, or their willingness to help someone.


Is undesired electronic junk mail that is sent out in bulk. Because of it’s nature it is a waste of time and resources, and you will find that many organizations have some kind of filtering in place so that only (hopefully) a small portion of it ever reaches the end-user.


It is a kind of malware that is installed on the target’s computer with the intention of gathering and sending information to a third-party actor or organization that normally doesn’t have privileged access to such information. In earlier years, this term is also used for adware and cookies.


System optimizer

This type of software combines some or all of the below functionalities:

  • Registry cleaner
  • Driver Updater
  • Temp file cleaner
  • Disk optimizer (disk defragmenter)
  • Report system errors

Since all these functionalities are offered by free tools built into the Windows operating system, many system optimizers are considered Potentially Unwanted Programs (PUPs), especially if they exaggerate the seriousness of possible improvements that can be made on user system.



A program which claims to perform one function but actually does another, typically malicious. Trojans can take the form of attachments, downloads, and fake videos/programs. Once on board a PC, the Trojan may do a number of things including steal sensitive data, monitor webcams, upload files to a third-party server, or just play pranks on the system owner by opening the CD tray, switching off the screen, or redirecting them to shock sites and other unwanted content.


Typosquatting is the practice of deliberately registering a domain name which is similar to an existing popular name, in the hope of getting traffic by people who mis-type the URL of the popular domain.  For more information, see the article typosquatting.



Stands for Uniform Resource Locator and is a method to find resources located on the World Wide Web. A URL consists of (at least) a protocol (i.e. HTTP) and either a domain or an IP address. They can also include a path on the server to point to a particular file or site.



A virus is malware attached to another program (such as a document) which can replicate and spread after an initial execution on a target system where human interaction is required. Many viruses are harmful and can destroy data, slow down system resources, and log keystrokes.



A worm is much the same as a virus, with the key difference being it does not need to be attached to another program to spread.

Select your language