Antivirus Glossary

This antivirus glossary was compiled to assist any first-timers with all the necessary terms and words one should be familiar with in the world of antivirus software and protection.




A program through which unwanted advertising content is exhibited, either popups or banners, by attaching itself onto content or software that the user wants to browse in order to subsidize its cost. The advertising content usually disturbs the user because it undermines productivity by slowing down the system or machine, changing the browser home/search page, or causing the loss of data via crashes. At worst, the adverts may contain security threats, or the adverts cannot be removed and redirect to advertising websites.


Advanced Encryption Standard - an encryption method.

Alias Virus Name

This is a nickname given to a virus to describe a particular feature or characteristic of that virus despite the fact that each virus has a specific name.

Antivirus/ Antivirus Program

An antivirus software or program scans the disk drives and memory, and other parts of a computer or IT system for viruses. Some of these programs also remove pre-existing malware from systems.


Viruses used this technique to mask themselves from antivirus detection.



This is when a system is infected, typically by a type of Trojan malware, without a user knowing because a program enters a computer and bypasses security to create a backdoor without detection and through which it can control the system.

Banker Trojan

A malicious program that infiltrates online payment platforms and banks in order to steal confidential information using different techniques.


In the world of malware, behavior refers to the actions malware performs on an infected system once its executed.

Boot Virus

A virus that attacks the boot sector of floppy disks and hard disks.


Short for the word "robot," and singular for "botnets," a bot is an automated program, coded with instructions and manipulated by a bot herder or master, to control a system remotely by interaction with humans and websites via Web interfaces (IMs) without the consent or knowledge of the user. The bot master launches DDos attacks and spamming on one or more compromised machines.

Bot Herder

Also known as a bot master or zombie master, a bot herder is a person or group of people that control a botnet.


A group or network of (bots) zombie computers under the control of bot owners. Botnets send instructions to the Zombie computers, which include commands to issue new download threats, to update the bot, to display an advert, or to launch denial of service attacks.

Buffer Overflow

A buffer overflow that can allow attackers to execute arbitrary code.


An error or fault in a program.



Short for "Control & Command," this is when online criminals or bot masters issue commands from a centralized computer or server in order to control malware and bots and receive reports from them.

Category of Virus

Viruses are defined by certain characteristics and are thereby divided into different categories to discern between the numerous types.


A virus or worm can infect a file without changing its size, but rather by occupying the cavities within the infected file. This technique makes it hard to detect the virus or worm.

Common Name

The general term by which a virus is known.

Companion Virus

Otherwise known as spawning, this form of a virus does not insert itself into programs; rather it attaches itself to a program.


When a user visits a web page, a text file is sometimes sent in order to register the visit to the site and page in order to record certain details regarding the visit.

Country of Origin

The country where the first case of a virus was first recorded.


A person who tries to illegally break into restricted computer systems.


These are documents, messages, or programs that are used directly or indirectly to commit fraud at the expense of users and third parties.

Cross Site Scripting

Cross Site Scripting allows an attacker to execute script code in the context of another user of a website.


Damage Level

A factor used to measure the Threat Level, the damage level evaluates the level of negative effects that a virus can emit on an infected system, computer, or device.

DDoS (Distributed Denial of Service)

This is an attack that targets a single server by multiple computers at the same time. An attacker accesses vulnerable computers to use them to carry out the attack.


A tool that reads programs' source codes.


This is a process that converts ciphertext, created by encryption, back into plaintext.


An attack that affects server availability.


Extremely high phone bills can be an indication that a dialer program has redirected a user's Internet connections. This malicious program disconnects the legitimate phone connection that is used to connect to the Internet, and re-connects it via a premium rate number.

Direct Action

A term for a particular type of virus.


An antivirus software carries out disinfection when it detects a virus and eliminates it.

Distribution Level

Another factor used to calculate the Threat Level, this value is an indication of the extent to which a virus has spread or the speed at which it spreads.

DoS (Denial of Service)

An attack, sometimes as a result of viruses, Denial of Service prevents access by users to services in the operating system, like web servers etc.

Drive-by Download

The general term for files that are downloaded unintentionally usually bundled with a program of software that is downloaded and installed by a user. The files are sypware, adware, or PUPs and usually happen when a user visits a website or views an email in HTML format.


A dropper is an executable file that has numerous kinds of viruses.


Emergency Disk/Rescue Disk

A rescue disk scans a computer for viruses by using "command line antivirus," and without having any antivirus software installed in the system.


When plaintext is converted into ciphertext. This is a tactic used by ransomware cyber criminals. Encrypted codes disguise the real content of a message, files, or folders when sent or stored so that antivirus applications cannot detect them.

EPO (Entry Point Obscuring)

A virus uses this technique to infect a program by attempting to hide its entry point so that it won't be detected. The virus does not attack the system as soon as the program is run or used; rather it lets the program run as usual and then goes into action after a while.


A type of malware designed to allow the exploit's creator to take over a vulnerable system or software bug and to compromise it.

Exploit Kit

This is a collection of exploits that are packaged together for use by cyber criminal gangs in spreading malware.



When a system or network connects to another network, for example the Internet, a firewall protects all the information in the system/network by acting as a barrier against any threats from the Internet network.

First Appeared On

The time a certain virus was first discovered.

First Detected On

The date recorded if when a certain malware was detected and included for the first time in the Virus Signature File.


When a program saturates, floods or collapses a system or computer by means of repeatedly sending out large messages or texts through messaging systems.


Free of charge software that is legally distributed.




A hacker is someone who enters a computer, device, or system without authorization and illegally.

Hacking Tool

This is a program used by hackers to access systems illegally, and to cause problems for the user of the affected device. A hacking tool allows a hacker to control a device, steal information, and scan communication ports.

Heuristic Scan

A technique used by computers to detect unknown viruses using trial and error problem solving.


This is a program that manipulates the browser settings and changes them from what the user originally selected, such as the home page or default search page.


This is a false warning of a virus that doesn’t exist which encourages a user to install a fake software, or contact an alleged support team which will trick you into giving them your personal details and payment details under the guise of a payment for a virus removal software or a service.


Identity Theft

This is when a program or person accesses a user's personal information, usually banking or ID, by cracking your passwords, so that someone else can impersonate an affected user.

In Circulation

When a virus is in circulation, there are actual cases of it being detected in the world.

In The Wild

Every month there is an official list drawn up of reported viruses.


This is the process by which a virus enters a system or device to destroy files and different areas of a computer or device.




When a user makes keystrokes, a keylogger program - a type of Trojan spyware - collects and saves them in order to publish them, so that third parties can access the data for personal gain. Usually the keylogger collects passwords, key combinations, emails, and document text.


Link Virus

This virus accesses your files and changes the address of where the file is stored to the address of the virus. When the file is opened and used the virus is activated, rendering the original file unusable and the system infected.

Logic Bomb

Similar to a virus in its effect, a logic bomb is a program that appears harmless, but when activated, can have damaging effects on a computer.


Macro Virus

This is a virus that attacks programs, otherwise known as macros – or the series of instructions which define a program – such as Word documents, PowerPoint presentations, and Excel spreadsheets.


Malware that is delivered via email.


(Malware + Advertising) - Online advertising that spreads malware by injecting malware-laden or malicious advertisements into legitimate online webpages and advertising networks.


These are all programs that contain a malicious code (Malicious Software). It is the umbrella term for viruses, worms, and Trojans.

Means of Transmission

When a virus spreads from one computer to another or one device to another, this is called the means of transmission, which sets out how it transfers and spreads.


When a virus attacks a system using the combination of a few techniques used by other viruses, it is called a multipartite virus. This characteristic therefore refers to a sophisticated type of virus.

Mutex (Mutual Exclusion Object)

When a virus uses a mutex, it controls or accesses the resources of systems, programs, or even other viruses, with the sole purpose to stop a few processes from using the same resource simultaneously. This is done so that antivirus software cannot detect the virus easily.



A network is a cluster of IT devices, such as computers that are connected with telephone lines, cables, or electromagnetic waves so that they devices can communicate and share resources. The Internet is an example of a vast network, but it has lots of sub-networks with millions of computers and devices connected.

Nuke (Attack)

This type of attack is targeted at the network connection, causing it to fail and for the computers that have been nuked to block.


A program or person who launches a nuke attack rendering connection failure and blocked computers, is coined a nuker.



P2P (Peer-to-Peer)

Viruses or other types of threats use peer-to-peer to spread within a network or program connection by offering internet services such as file sharing.


This is the effect of the virus on a system.


A barrier designed to restrict user-access to a file, folder, program, or other system area only to those who know the sequence of characters to enter the system.

Password Stealer

A program that steals passwords by accessing and saving confidential data using different means, one of which is keyloggers. The program can publish the passwords to third-parties so they can use the data at the detriment and expense of the affected user.

Penetration Testing

Otherwise known as "pen testing," penetration testing is the practice of releasing controlled attacks on a PC system (network, application, Web application etc.) in order to find and manipulate unpatched flaws or vulnerabilities. When an organization performs a pen test they find ways to harden and safeguard their system against potential attacks.

Permanent Protection

Some antivirus providers/software offer this process whereby the program continually scans files and folders in any operations, except for the user and operating system. Permanent protection is also coined resident or sentinel protection.


Cyber criminals replicate commercial websites or send mass emails that appear as reliable sources in order to defraud an online account holder of financial information, like credit card details and personal information. The most typical type is the sending of emails that are supposedly sent from an online bank in order to get details entered in a spoof web page.


A program that adds a new functionality or feature to a preexisting system.


This is when a virus either gives different instructions to encrypt, or encrypts its signature in different ways, every single time it undergoes an encryption process.

POP (Post Office Protocol)

This is the procedure for sending and receiving emails.

PUP (Potentially Unwanted Program)

When a program, or bundle of programs, is installed without express consent from a user as part of software a user wants. These PUP components are in the form of unnecessary offers, add-ons, toolbars, deals, adverts, and pop-ups which are unrelated to the sole wanted program, and in order for criminals to carry out illegal activities like control of private information, use of computer resources, manipulation of system, etc.


Viruses use this technique to add their code to the beginning of a file so that it is infected. The infection is activated when the file is in use.

Proactive Protection

A mechanism by which malware behavior is studied and analyzed in order to protect a system from unknown malware. This technique means that a virus signature file does not need to be periodically updated.

Process Killer

When a program is used to cease all activity of an active/running computer so that the actions or processes cannot pose a threat.




Cyber criminals use malicious software, infections and viruses to infiltrate a system by either locking users out of their PCs or devices or by encrypting all the data. A warning flyer/banner will appear on the screen demanding a medium-large ransom sum, usually in Bitcoins, in order to unlock the device or to receive the decryption key to save all your data, files, and folders.


When a virus makes duplicates of itself in order to spread the infection further.

Resident Virus

When a file or program is stored in a computer's memory and constantly monitors the operations taking place in the system, it is called a resident.


A system whereby a third party gains unauthorized access to your computer system to control it. The rootkit is a software that infiltrates a system without being detected. The rootkit software is not harmless itself, but it's used by hackers to mask their activities in previously compromised systems. Some malware use rootkits in order to hide themselves on systems.

RunPE Technique

A common technique used by malware criminals whereby the original executable is run, suspended, and then unmapped from the memory; the payload is then mapped in its place and the executable is run again.



A scam is a fraudulent plot to trick people or organizations into giving money under false premises of economic gain like goods, vacations, prizes, lottery, etc.

Security Patch

When more files are added to an application or software program to fix flaws, problems, or vulnerabilities.

Security Risk

When anything negative can happen to a user of a device, such as a program that creates viruses or Trojans.


These are messages or emails sent indiscriminately to a large number of recipients on Internet. These messages usually contain inappropriate or irrelevant content.


A person who uses a program that sends unsolicited mass-mail and commercial emails. These emails can be ridden with worms and Trojans.

Spear Phishing

This is a phishing attack targeted at a specific target using sophisticated and well thought-out techniques to collect personal user data. This type of phishing is planned by its creators, which means they never use spam to obtain the wanted information.


Much like espionage, spyware is software that uses tracking codes to monitor and transmit the activities, interests and information of a user and their PC or device, usually covert information, from the hard drive to spread it or steal it. This information is taken by the creator of the application or third-parties to commit ID theft or fraud most of the time, as well as the carrying out of other crimes, makes you lose your data, poses security risks to your devices and servers, it might be a component of adware that is connected to wanted software, and lastly, it is sometimes used by parents as part of parental control or by companies.


Threat Level

A calculation of the level of danger that a virus poses to users.


The ring on a disk upon which data can be written.


These are programs designed to monitor the activities of users on the Internet, such as banners clicked on, pages visited, downloaded data, in order to create profiles that can be used for advertisers.


A type of "tricky" attack software that is automatically downloaded, so that it can download and install software without any user interference or interaction. It is usually used to install unauthorized applications; it can also be used for automatic updates or other maintenance that uses an automatic system.


This is a state that renders the activation of a virus or release of the virus's payload.


A Trojan, otherwise known as a Trojan horse, is a malicious program used to enter a computer under the disguise of a harmless program in order to install itself and collect information that compromises the user's confidentiality, such as stealing sensitive data, uploading files to a third-party server, monitoring webcams, or pranks like opening the CD tray, switching off the screen, and redirecting users to shock sites. Trojan programs appear to do one function but actually do another malicious one; they come in the form of downloads, attachments, and fake programs or videos.


A technique used by viruses to thwart protection by antivirus software.


Is a practice to deliberately register a domain name similar to an existing popular name in order to get traffic on the site by visitors who mistype the URL of the popular domain.


Unauthorized Tracking Cookies

These is another tracking technology using a passive method in that it does not need to be installed on the user's computer. The cookies accumulate information about the user's activities and personal information for customization or personalization. These are also used by advertisers to check which sites you visit and offer similar items so that the same ad is not shown too often to the same person.



A technique used by antivirus software to store file information and detects possible infections when there is a change noted in files.


When a virus is modified in that it varies from the original virus in terms of how it infects and affects a system.


Viruses are malicious and harmful programs that enter PCs or IT devices and systems in several ways. The effects of a virus can range from simple annoyances and interruptions of the system, to widespread and high-destructive infiltration of the system that can be irreparable, such as log keystrokes, system resource slow-downs, and destruction of data. One way is for the virus to attach itself to another program as a document that can replicate and spread after the initial execution on the target system where human interaction is needed.

Virus Constructor

This is a malicious program designed to create new viruses without needing any programming skills. This software contains an interface through which you can pick the features of the newly created malware in terms of payload, the type, encryption, target files, polymorphism (occurring in different forms), and more.

Virus Signature File

An antivirus program uses this file to detect viruses.


When an IT program or system contains security flaws and holes that makes it easy for viruses to infect it.



A worm is similar to a virus, but it varies in that it is not required to be attached to another program in order to spread, and that the main purpose of the program is to make duplicates of itself or parts of the worm to destroy the system.





When a computer is under the control of bots.

Zoo Virus

This type of virus is not in circulation; rather it is present in laboratories to research the effects and techniques of viruses. A zoo virus is therefore an experimental virus.