ActiveX controls are components that add dynamic and interactive features to
Web pages. With ActiveX tools, multimedia effects, animation, and functional
applications can be added to Web sites.
ActiveX controls are typically installed with user permission. However, security
measures can be circumvented. In some instances, ActiveX components in Web pages
are able to run automatically when the Web pages are opened. Visiting users
are also sometimes tricked into accepting unwanted ActiveX controls. The unauthorized
installation and execution of ActiveX controls can open opportunities for malicious
code to install components or to make modifications on visiting systems.
Address Bar Spoofing
Alteration of a browsers address bar to display a legitimate address.
This is done by running a script that removes the browsers address bar
and replaces it with a fake one, which is made up of text or images.
Adware is software that displays advertising banners on Web browsers such as
Internet Explorer and Mozilla. While not categorized as malware, many users
consider adware invasive. Adware programs often create unwanted effects on a
system, such as annoying popup ads and, in some instances, the degradation in
either network connection or system performance.
Adware programs are typically installed as separate programs that are bundled
with certain free software. Many users inadvertently agree to installing adware
by accepting the End User License Agreement (EULA) on the free software.
Adware are also often installed in tandem with spyware programs. Both programs
feed off of each other's functionalities - spyware programs profile users' Internet
behavior, while adware programs display targeted ads that correspond to the
gathered user profiles.
Affected file type
Malware and grayware may arrive as files of a certain type. The term affect
here could mean the file format (eg. PE or Win32) that the malware or grayware
comes as, or the formats that it attaches to in the case of file infectors.
Affected software, Platform and Systems Affected indicate the area(s) affected
by a particular threat, whether it is malware, grayware, or vulnerabilities.
This list contains the operating systems or applications that need to be installed
in the users system before the threat performs its malicious rountines.
It is known that a threat may behave differently across different platforms.
Different vendors often have their own approaches towards detection, whether
it involves malware, grayware, or vulnerabilities, which can result in different
naming conventions. The aliases field in the Virus Encyclopedia, Spyware/Grayware
and Vulnerabilities pages indicate other names used to refer to the same threat.
The term backdoor often refers to backdoor programs - applications that open
computers for access by remote systems. These programs typically respond to
specially-built client programs, but can be designed to respond to legitimate
messaging applications. Many backdoor programs actually make use of the IRC
backbone, receiving commands from common IRC chat clients via the IRC network.
Boot sector viruses
Boot sector viruses infect the boot sector or the partition table of a disk.
Computer systems are typically infected by these viruses when started with infected
floppy disks - the boot attempt does not have to be successful for the virus
to infect the computer hard drive. Once a computer is infected, boot sector
viruses usually attempt to infect every disk accessed on the infected system.
In general, boot sector viruses can be successfully removed.
There are a few viruses that can infect the boot sector after executing as
a program. They are known as multi-partite viruses and are relatively rare.
Browser Helper Objects
Browser Helper Objects (BHOs) are companion applications for Microsoft Internet
Explorer. They usually come in the form of toolbars, search helpers, and monitoring
applications. Some adware and spyware programs have employed BHOs to monitor
user browsing habits and deliver targeted advertising as well as to steal information.
A Common Malware Enumeration (CME) number is a unique, vendor-neutral identifier
for a particular threat (see CME Initiative and US-CERT).
For additional information about the CME project and a list of available CME
numbers, please refer to the Common Malware Enumeration website at http://cme.mitre.org/.
The CME initiative is an effort headed by the United States Computer Emergency
Readiness Team (US-CERT), in collaboration with key organizations within the
security community. Through the adoption of a neutral, shared identification
method, the CME initiative seeks to: reduce the public's confusion in referencing
threats during malware incidents; enhance communication between anti-virus vendors;
and improve communication and information sharing between anti-virus vendors
and the rest of the information security community.
For additional information about the CME project and a list of available CME
numbers, please refer to the Common Malware Enumeration website at http://cme.mitre.org/.
Compression reduces a file's size for processing, storage, and transmission.
Malware and grayware authors may use different compression types or algorithms
to reduce their program's size or hide the original digital structure of their
program. Recent outbreaks were due to the application of different compression
algorithms on existing malware variants to produce new ones that eluded antivirus
Cookies are text files that are created on computers when visiting Web sites.
They contain information on user browsing habits. When a user returns to a Web
site, a cookie provides information on the user's preferences and allows the
site to display in customized formats and to show targeted content such as advertising.
Cookies can collect user information that can then be obtained by another site
A malware's damage potential rating may be high, medium, or low based on its
inherent capacity to cause both direct and indirect damage to systems or networks.
Certain malware are designed specifically to delete or corrupt files, causing
direct damage. Denial of service (DoS) malware may also cause direct and intended
damage by flooding specific targets. Mass-mailers and network worms usually
cause indirect damage when they clog mail servers and network bandwidth, respectively.
- System becomes unusable (e.g. flash bios, format HDD)
- System data or files are unrecoverable (e.g. encryption of data)
- System cannot be automatically recovered using tools
- Recovery requires restoring from backup
- Causes large amounts of network traffic (packet flooders, mass-mailers)
- Data/files are compromised and sent to a third party (backdoor capabilities)
- System/files can be recovered using Trend
Micro products or cleaning tools
- Minor data/file modification (e.g. file infectors)
- Malware that write minimal amount of data to the disk
- Malware that kill applications in memory
- Causes medium amount of network traffic (e.g. slow mailers)
- Automatically executes unknown programs
- Deletes security-related applications (e.g. antivirus, firewall)
- No system changes
- Deletion of less significant files in the system
- Changes can be recovered by users without using any tools
- Damage can be reversed just by restarting the system
Data Miners (Tracking Cookies)
Data Miners are applications that monitor, analyze, and collect specific information
found in a database or volume of data from various sources. Data miners are
not always used with malicious intent. Data mining programs allow companies
to compile important client information, in order to enhance their services.
Data miners may be used by Web sites to monitor, analyze, and collect particular
user activities on a computer to collect information that typically will be
used for marketing purposes. Usually, data miners are uploaded to a computer
to search for Web sites visited, products searched, and services used. The data
is then sent back to be used for targeted advertising.
Data miners may be used maliciously and in some instances have been employed
to steal personal information like logon credentials and credit card numbers.
Denial of service
Denial of service (DoS) is a malware routine that interrupts or inhibits the
normal flow of data into and out of a system. Most DoS attacks consume system
resources, such that, in a short period of time, the target is rendered useless.
A form of DoS attack is when a Web service (like a Web site or a download location)
is accessed massively and repeatedly from different locations, preventing other
systems from accessing the service and retrieving data from it. When a DoS attack
is launched from different locations in coordinated fashion, it is often referred
to as a distributed denial of service attack (DDoS).
A threat tagged as destructive causes direct damage to files or computer systems,
often resulting in the loss of important data. Routines such as corrupting or
deleting important files and formatting the hard drive are considered destructive.
A program that was designed to consume resources in a denial of service attack
is also tagged as destructive.
Dialers, as the name implies, dial to predefined numbers to connect to certain
sites. Many users run dialers without knowing that some of these programs actually
dial long distance numbers or connect to pay-per-call sites; and that they are
being charged for the calls. Dialers are often offered as programs for accessing
Distribution potential is derived from the characteristics of the malicious
program. Fast-spreading network worms can spread across continents within just
minutes. Some malicious programs also use numerous infection and spreading techniques
often referred to as blended threats or mixed threats. The Nimda virus,
for example, was able to spread via email, network shares, infected Web sites,
as well as Web traffic (http/port 80).
As new systems are made and improved with added functionality, proof-of-concept
malware often follows. This uniqueness, as well as the widespread implementation
of a particular operating system or software, also influences the potential
distribution of each malware. Many viruses written in the past do not run or
spread on newer operating systems or operating systems that have all the latest
security patches installed.
- Blended threats (i.e. spreads via email, P2P, IM, network shares)
- Mass mailers
- Spreads via network shares
- has spread via third-party or media
- spreads in IRC, IM, or P2P
- requires user intervention to spread
- URL/Web site download
- no network spreading
- requires manual distribution to spread
A dropped detection is a detection that has been removed from the pattern file
due to one or several reasons. Typically, a threat detection is dropped when
it conflicts with other detections or with unrelated files. Detections that
cause performance issues, as well as other technical conflicts, are also dropped
from the pattern file if Trend
Micro deems that these detections do not pose as immediate threats.
Droppers are programs designed to extract other files from their own code.
Typically, these programs extract several files into the computer to install
a malicious program package. Droppers may have other functions apart from dropping
ELF (Executable and Link Format) is an executable file format for the Linux
and Unix platforms. Trend
Micro antivirus detects malicious executable code for Linux and UNIX as
Encryption is the process of converting data into a form that cannot easily
be read without knowledge of the conversion mechanism (often called a key).
Certain malware have the ability to encrypt copies of themselves such that
antivirus scanners may find it diffucult to detect them using existing signatures
of available samples. More complex malware use variable encryption keys for
each new copy, requiring more complex formula-based patterns from antivirus
End User License Agreement (EULA)
An End User License Agreement or EULA is a legal contract between a software
publisher and the software user. It typically outlines restrictions on the side
of the user, who can refuse to enter into the agreement by not clicking "I
accept" during installation. Clicking "I do not accept" will,
of course, end the installation of the software product.
Many users inadvertently agree to the installation of spyware and adware into
their computers when they click "I accept" on EULA prompts displayed
during the installation of certain free software.
Explicit display of Phishing URL
The actual phishing URL is displayed on the address bar. In some cases, it
involves the use of domain names and resembles those of legitimate domains.
An exploit is code that takes advantage of a software vulnerability or security
hole. Exploits are often incorporated into malware, which are consequently able
to propagate into and run intricate routines on vulnerable computers.
File infecting viruses
File infecting viruses or file infectors generally copy their code onto executable
programs such as .COM and .EXE files. Most file infectors simply replicate and
spread, but some inadvertently damage host programs. There are also file infectors
that overwrite host files. Some file infectors carry payloads that range from
the highly destructive, such as hard drive formatting, or the benign, such as
the display of messages.
Form within Email
Email that uses an embedded form to gather personal and/or account information
from users. Stolen details are usually sent to a specified email address or
are posted to a specified Web site.
Grayware is Trend Micro's
general classification for applications that have annoying, undesirable, or
Grayware applications do not fall into any of the major threat (ie. Virus or
Trojan horse) categories as they are subject to system functionality, as well
as user debate.
Some items in the Grayware category have been linked to malicious activities,
while others are used to provide users with targeted information in terms of
Organizations dealing with sensitive information should be generally alarmed
by the capability of any application with data gathering functionality.
The majority of grayware fall into the following classes:
Trend Micro recognizes
that some users prefer to have tools to determine whether grayware are running
on their systems, and thus, provides additional options to scan for and/or remove
This field indicates the size (or size range) of the grayware's code in bytes.
Hacking tools are programs that generally crack or break computer and network
security measures. Hacking tools have different capabilities depending on the
systems they have been designed to penetrate. System administrators have been
known to use similar tools - if not the same programs - to test security and
identify possible avenues for intrusion.
The infection channels listed for a particular malware on the Virus Encyclopedia
enumerate the possible avenues of distribution.
A factor derived from the characteristics of the program, application, and/or
files. Some spyware or other forms of grayware are known to steal confidential
information, such as personal data, passwords, personal user habits or psychographic
Threats tagged as in-the-wild by Trend
Micro are threats seen in real world computers - as opposed to test systems.
Trend Micro monitors
real world infections and detections using the World Virus Tracking Center.
Java applets allow Web developers to create interactive, dynamic Web pages
with broader functionality. They are small, portable Java programs embedded
in HTML pages and can run automatically when the pages are viewed. Malware authors
have used Java applets as a vehicle for attack. Most Web browsers, however,
can be configured so that these applets do not execute - sometimes by simply
changing browser security settings to "high."
Joke programs are considered relatively harmless and are often designed to
annoy or make fun of users. They do not infect files, cause damage, or spread
to other systems.
Many joke programs are designed to cause unnecessary panic - especially those
that cause computers to behave as if something has been damaged. Abnormal system
behaviors caused by joke programs include the closing and opening of the CD-ROM
tray and the display of numerous message boxes.
Keyloggers are programs that log keyboard activity. Certain malware employ
these programs to gather user information. There are also legitimate keylogging
programs that are used by corporations to monitor employees and by parents to
monitor their children. Keyloggers usually catch and store all keyboard activity
- leaving a person or another application to sort through the keystroke logs
for valuable information like logon credentials and credit card numbers.
Kits are malware-generating applications that often provide users the option
to create customized malware. Most kits can produce multiple variations of a
malware. Many have been used to generate new variants of existing worms. Antivirus
scanners should be capable of detecting kits and their spawn.
During the late 1990s and early 2000, macro viruses were the most prevalent
viruses. Unlike other virus types, macro viruses are not specific to an operating
system and spread with ease via email attachments, floppy disks, Web downloads,
file transfers, and cooperative applications.
Popular applications that support macros (such as Microsoft Word and Microsoft
Excel) are the most common platforms for this type of virus. These viruses are
written in Visual Basic and are relatively easy to create. Macro viruses infect
at different points during a file's use, for example, when it is opened, saved,
closed, or deleted.
A malware is a program that performs unexpected or unauthorized, but always
malicious, actions. It is a general term used to refer to both viruses and Trojans,
which respectively include replicating and non-replicating malicious code.
Malware Related: Trojan, Spyware
Some malware may arrive from an email or execute from a malicious Web site.
Once installed, it modifies the Windows Hosts file in such a way that whenever
the user visits certain legitimate business sites, such as banks or credit card
companies, the browser will be redirected to a spoofed Web site.
Some are memory-resident, meaning they monitor the affected user's Internet
browsing activities and wait for the user to visit certain legitimate business
sites, such as banks or credit card companies, where they activate.
When the title bar of any window contains certain strings related to the targeted
business is activated, a bogus logon window is displayed that is used to trick
the user into entering personal account information. Once gathered, the personal
information is sent to the malicious user via email.
This field indicates the size (or size range) of the malware's code in bytes.
For file infectors, this typically indicates the size of the infecting code.
Older file infecting viruses are often given names based on their file size
to distinguish variants from the same malware family.
Malware-related hoaxes are warnings that contain incorrect information about
malware or computer system events. These warnings often describe fantastical
or impossible malware program characteristics meant to trick users into performing
unwanted actions on their computers. Malware-related hoaxes typically reach
users as email and often suggest that users forward them, resulting in a waste
of time and bandwidth.
Memory-residency is the ability to stay in computer memory after execution
and continuously run. This capability is generally expected of certain malware
types, specifically backdoors, which stay in memory to await commands. Certain
file infectors also stay in memory to infect files as they are opened; while
some worms stay in memory to continually send email.
Programs that stay in memory are generally referred to as memory-resident.
The files related to these running programs cannot be modified, deleted, or
moved unless they are terminated.
Multi-partite viruses have characteristics of both boot sector viruses and
file infecting viruses.
NE refers to New Executable, which is the standard Windows 16-bit executable
file format. Windows 16-bit viruses are detected by Trend
products as NE_malwarename.
A network firewall protects a computer network from unauthorized access and
is often considered the first line of defense in protecting a computer network
against outside threats. On most configurations, data packets entering or leaving
a network pass through a firewall, which examines each packet and drops those
that do not meet specified criteria. Network firewalls may also be configured
to limit how internal users connect externally.
Firewalls, in general, can be implemented as hardware, software, or a combination
A network virus is a self-contained program (or set of programs) that can spread
copies of itself or its segments across networks, including the Internet. Propagation
often takes place via shared resources, such as shared drives and folders, or
other network ports and services. Network viruses are not limited to the usual
form of files or email attachments, but can also be resident in a computer's
memory space alone (often referred to as memory-only worms).
In many cases, network viruses exploit vulnerabilities in the operating system
or other installed programs. Some existing network viruses have the ability
to spread themselves via legitimate network ports, such as port 80 (HTTP), 1434
(SQL), or 135 (DCOM RPC).
Once a network virus infects a new system, it often searches for other potential
targets. It achieves this by searching the network for other vulnerable systems.
Once a new vulnerable system is found, the network virus will attempt to infect
the other system as well.
Some network viruses also have payloads, such as denial of service (DoS) attacks.
When such an attack is carried out, infected computers will attempt to overwhelm
the target system until it is unable to function properly. Example: The MSBLAST
virus carried out a denial of service attack against the URL windowsupdate.com.
The most notorious network viruses are CodeRed, Nimda, SQLSlammer, and MSBlast.
CodeRed spreads as a series of packets in system memory via network port 80
(http) by exploiting a vulnerability hole (MS01-033) in Microsoft IIS (Internet
Nimda spreads via network port 80 (http) by exploiting a vulnerability hole
(MS00-078) in Microsoft IIS (Internet Information Service). Nimda is considered
a blended threat, since it also has the ability to spread itself across the
network via shared drives and email attachments.
SQLSlammer spreads as a series of packets in system memory via UDP network
port 1434 (SQL) by exploiting a vulnerability hole in Microsoft SQL Server 2000
and Microsoft Desktop Engine 2000 (MSDE).
MSBlast spreads via network port 135 (DCOM RPC) by exploiting a vulnerability
in the Windows Distributed Component Object Model (DCOM) Remote Procedure Call
(RPC) interface. It also uses several other network ports (UDP 69, TCP 4444)
during its propagation.
Password cracking applications
Password cracking applications are programs that are designed to crack through
password-protected systems. Most password cracking applications use a long list
of passwords and user names - accessing target systems using the list contents
or combinations of the contents until successful.
Although password cracking is generally illicit, many system administrators
regularly run password crackers to test passwords employed by network users.
The pattern file is a protection database that needs to be updated consistently,
so as to contain the signature of latest threats. The pattern file works hand
in hand with the scan engine module, which enables Trend
Micro products to detect known threats in a users system or network.
The term payload refers to an action that a malware or grayware performs, apart
from its main behavior. For example, payloads for a worm include all other actions
it performs apart from its propagation routines.
Payloads can range from something that is relatively harmless, like displaying
messages or ejecting the CD drive, to something destructive, like deleting the
contents of a hard drive.
Phishing is a form of identity theft in which a scammer uses an authentic-looking
e-mail from a legitimate business to trick recipients into giving out sensitive
personal information, such as a credit card, bank account, Social Security numbers
or other sensitive personal information.
The spoofed email message urges the recipient to click on a link to update
their personal profile or carry out some transaction. The link then takes the
victim to a fake Web site designed to look like the real thing. However, any
personal or financial information entered is routed directly to the scammer.
While the visible link is just essentially just display text for the link in
a phishing email, the phishing link is the actual link that the visible link
pertains to. Users may view the phishing link by passing the pointer over the
Polymorphic viruses are complex file infectors that change physical forms,
yet retain the same basic routines, after every infection. Such viruses typically
encrypt their codes during each infection, altering their physical file makeup
by varying encyrption keys every time.
This capability to change their physical makeup can allow polymorphic viruses
to evade antivirus scanners, and can require antivirus products to use complex
patterns and newer scan engines.
This technique uses a script that opens a legitimate Web site in the background,
while a spoofed pop-up window, usually identical to the legitimate Web site,
is opened in the foreground. In effect, this misleads the user into thinking
that pop-up window is directly related to the official page. In some cases,
the pop-up window covers a portion of a legitimate Web site.
A proof-of-concept is the earliest implementation of an idea. A proof-of-concept
malware usually contains code that runs on new platforms and programs or takes
advantage of newly discovered vulnerabilities.
Proof-of-concept malware often perform actions that have never been done before.
For example, VBS_BUBBLEBOY was a proof-of-concept worm - it was the first email
worm to automatically execute without requiring recipients to double-click on
an attachment. Most proof-of-concept malware are never seen in-the-wild. However,
malware writers will often take the idea (and code) behind a proof-of-concept
malware and implement it in future malware.
A proxy server is an Internet connection device. It accepts requests for Internet
resources (such as when a Web browser opens a Web page) and attempts to provide
the resources if it has it in cache. It will request the page from the actual
site if it doesn't have it in cache.
Apart from its caching function, a proxy server can control connection to specific
sites. The single point of contact also improves manageability of Internet connections
for huge networks.
Some malware have been known to function as proxy servers on infected machines,
allowing unauthorized computers to connect to the Internet via infected systems.
Trend Micro products
can be configured by a user or set by a network administrator to "quarantine"
a file for possible later inspection. Files tagged for quarantine are encrypted
and moved to a protected folder, preventing them from further executing and
causing any more harm to the user's system. Each product has a Quarantine Manager
where users can then permanently delete or restore files from quarantine. Upon
inspection of the stored files, an exception list (whitelist) option is also
provided to avoid possible false positive detection.
Remote Access Programs
Also known as remote access tools or RATs, these programs allow users to access
and manipulate remote systems. Many remote access programs are legitimate tools
used by all types of users to access files and data on remote computers. The
same programs, however, can be used for malicious purposes. Malicious individuals
can trick unsuspecting users into installing remote access programs on their
machines, or they may install these programs themselves.
Scams and Shams
Scams and shams include hoax email messages that promise material gain or even
luck to recipients who forward them to others users. Some luck-based hoaxes,
often called chain letters, play on people's fear of bad luck. Money-based hoaxes
offer incredibly quick cash for simply forwarding a message. Certain popular
email scams have actually tricked users into investing their own money in fruitless
Scripts are generally written code that are interpreted and implemented by
another application. In contrast, compiled programs can run on their own, but
are often harder to produce as they have to be compiled.
Malware authors have taken advantage of relative ease of producing scripts
and have produced significant numbers of script malware - many of which are
Malware authors have taken advantage of relative ease of producing scripts
and have produced significant numbers of script malware - many of which are
Many scripts can run on most systems without the installation of a special
interpreter program. For example, certain Windows systems have Windows Scripting
Host, which can interpret different script types. Also, HTML scripts are loaded
by Web browsers, which are commonly installed on most computers.
A spyware is a program that monitors and gathers user information for different
purposes. Spyware programs usually run in the background, with their activities
transparent to most users. Many users inadvertently agree to installing spyware
by accepting the End User License Agreement (EULA) on certain free software.
Many users consider spyware an invasive form of data gathering. Spyware may
also cause a general degradation in both network connection and system performance.
The state of California classifies spyware as: programs that are installed
under deceptive circumstances; software that hides in personal computers; software
that secretly monitors user activity; keylogging software; and software that
collects Web browsing histories.
A stealer is a Trojan that gathers information from a system. The most common
form of stealers are those that gather logon information, like usernames and
passwords, and then send the information to another system either via email
or over a network. Other stealers, called key loggers, log user keystrokes which
may reveal sensitive information.
A factor derived from the behavior and characteristics of the program. Some
spyware or other forms of grayware are known to make system modifications without
clear notice and consent. Performance and stability issues also contribute to
A trigger is a system condition or date that sets off the payload of a specific
threat. A trigger condition can be anything from the presence of certain file
or a specific user action, such as the clicking of certain buttons. For example
a trigger date could be a specific year, month, week, day, day of the week,
hour, minute, or second, or a combination of any of these time points.
The term Trojan has traditionally been used to refer to malware that performed
unexpected or unauthorized actions. Taken from the mythological icon, the Trojan
horse, the term originally described malware received by users as legitimate
Current malware taxonomies typically group non-replicating malware as Trojans.
Urban legends are stories told around day-to-day things, but are incorporated
with unusual twists in the form of unlikely facts that are difficult to verify.
Designed to elicit emotional response, the most popular urban legends are health
and animal scares. Many urban legends are gaining popularity as they spread
along with other email hoaxes.
A technique that involves masking a URL to conceal its true destination. By
using a malformed link, which triggers vulnerability in Internet Explorer, a
URL is displayed in the address bar, which loads the contents of another Web
site. The malicious Web site can thus control what is seen in the address bar.
Established in 2003 to protect the USA's Internet infrastructure, US-CERT coordinates
defense against and responses to cyber attacks across the nation. US-CERT interacts
with federal agencies, industry, the research community, state and local governments,
and others to disseminate reasoned and actionable cyber security information
to the public.
The Virus Map is a graphical representation of threat prevalence based on World
Virus Tracking Center (WTC) statistics. It displays the most prevalent threats
and corresponding statistics for selected geographical regions around the world.
Trend Micro has been
collecting this data in real-time since November 1999.
The majority of viruses fall into five main classes:
Phishing emails contain a link where users are asked to update or validate
their account information. The link displayed in the email body is called the
visible link. Most phishing emails use visible links that are legitimate, making
users believe that the email is from a legitimate source. Some use text strings
(e.g. Click here) in hyperlink form, or a command button to hide
the phishing link.
The visited link is the actual link that a user is redirected to once he or
she clicks on the phishing link. It may or may not differ from the phishing
link. There are instances where the phishing link redirects to another spoofed
page. The visited link is the actual address of the phishing Web site.
A vulnerability is a security weakness in a computing system that is typically
found in programs and operating systems. The presence of known vulnerabilities
in computing systems can leave these systems very much open to malware and hacker
attack. This is because programs that take advantage of known vulnerabilities,
commonly referred to as exploits, are often publicly available as source code,
which can be customized to create a malware or a hacking tool.
Software vendors typically provide fixes or patches for vulnerabilities found
on their products.
Web site Spoofing
Making an entire replica of a trusted site, all links visible in a spoofed
site are under one phishing domain. Logos, fonts and colors of existing legitimate
sites are used to make the spoofed site look realistic.
A computer worm is a self-contained program (or set of programs) that is able
to spread functional copies of itself or its segments to other computer systems.
The propagation usually takes place via network connections or email attachments.