Adware is a form of malicious software which displays unwanted advertising on your computer.  For more information, see this blog post.



Typically a type of Trojan malware that allows its creator or proponent to gain access to a system by bypassing its security. The term “backdoor” can also refer to the method of gaining access to user systems undetected; should not be mistaken for exploits.

Other form/s: backdooring


In the context of computer malware, behavior refers to the actions malware performs on an affected system once executed.


A derivative of the word “robot.” It usually pertains to (1) one or more compromised machines controlled by a bot master or herder for the purpose of spamming or launching DDoS attacks, and (2) an automated program coded with certain instructions to follow, which includes interacting with websites and humans via the use of Web interfaces (e.g. IMs). A collective of bots is called a botnet.

Synonym: zombie machine


A collection of bots.  The term also refers to the malware run on a connected device to turn it into a bot.


A bundler is a group of programs that are bunched up together to be installed with a main program, which is usually what users desire to install onto their systems. These additional programs are other unwanted software, such as adware and toolbars.



Stands for command and control, which may pertain to a a centralized server or computer that online criminals use to issue commands to control malware and bots and to receive reports from them.

Other forms: command & control, C2



DDoS stands for Distributed Denial of Service.  It is a network attack that involves attackers forcing numerous systems (usually infected with malware) to send network communication requests to one specific web server. The result is the receiving server being overloaded by nonsense requests and either crashing the server and/or distracting the server enough that normal users are unable to create a connection between their system and the server.  This attack has been popularized in many “Hacktivism” attacks by numerous hacker groups as well as state-sponsored attacks conducted by governments against each other.


DNS stands for Domain Name Service.  It is an internet protocol that allows user systems to use domain names/URLs to identify a web server rather than inputting the actual IP address of the server.  For example, the IP address for is, but rather than typing that into your browser, you just type ‘’ and your system reaches out to a ‘DNS Server’ which has a list of all domain names and their corresponding IP address, delivering that upon request to the user system.  Unfortunately, if a popular DNS server is taken down or in some way disrupted, many users are unable to reach their favorite websites because without the IP address of the web server, your system cannot find the site.

Drive-by download

Pertains to (1) the unintended download of one or more files, malicious or not, onto the user’s system without their consent or knowledge. This usually happens when a user visits a website or views an email on HTML format. It may also describe the download and installation of files bundled with a program that users didn’t sign up for. These files can be adware, spyware, or PUPs; (2) the general term used for files that were downloaded unintentionally; i.e. “drive-by downloads.”



Pertains to (1) a type of malware programmed to take advantage of a software bug or vulnerability on a system in order to compromise it and allow the exploit’s creator or proponent to take control of it; (2) the act of successfully taking over a system by taking advantage of certain software vulnerabilities installed on it. A collection of exploits is called an “exploit kit.”

Exploit Kit

A collection of exploits which are packaged up for use by criminal gangs in spreading malware.



In the context of malware, a keylogger is a type of Trojan spyware that is capable of stealing or recording user keystrokes.

Other forms: key logger, keylogging
Synonyms: keystroke logger, system monitor



Malware which is delivered by email messages.  For more information, see


The shortened version of “malicious software.” Malware is the generic or umbrella term to refer to any malicious programs or code that are harmful to systems.


Penetration Testing

Penetration Testing (or “pen testing”) is the practice of running controlled attacks on a computer system (network, application, Web app, etc.) in an attempt to find unpatched vulnerabilities or flaws. By performing pen tests, an organization can find ways to harden their systems against possible future real attacks, and thus to make them less exploitable.


An attempt to fraudulently obtain credentials without permission, often done by email but also appears on social networks, in fake programs asking for login details, and over the phone.


Stands for “potentially unwanted program.” A program (or bundle of programs) which may be included with software the person downloading it wants. The PUP component may include unnecessary offers, add-ons, deals, adverts, toolbars, and pop-ups, all of which may be entirely unrelated to the functionality of the sole wanted program.



A type of software which locks users out of their computer and/or encrypts their files, offering to unlock on the condition that the victim pays a ransom. The ransom may involve Bitcoin or more traditional forms of payment. Ransomware ranges from crude to highly sophisticated, and only a few types are able to have their encryption successfully decrypted.

RunPE Technique

A common technique malware uses: running the original executable, suspending it, unmapping from the memory, mapping the payload on its place, and running it again.



A program which claims to perform one function but actually does another, typically malicious. Trojans can take the form of attachments, downloads, and fake videos/programs. Once on board a PC, the Trojan may do a number of things including steal sensitive data, monitor webcams, upload files to a third-party server, or just play pranks on the system owner by opening the CD tray, switching off the screen, or redirecting them to shock sites and other unwanted content.


Typosquatting is the practice of deliberately registering a domain name which is similar to an existing popular name, in the hope of getting traffic by people who mis-type the URL of the popular domain.  For more information, see the article typosquatting.



A virus is malware attached to another program (such as a document) which can replicate and spread after an initial execution on a target system where human interaction is required. Many viruses are harmful and can destroy data, slow down system resources, and log keystrokes.



A worm is much the same as a virus, with the key difference being it does not need to be attached to another program to spread.

Select your language