Home / National Webcast Initiative

---

Glossary of Terms

The following definitions are provided as a resource to help familiarize you with some common cyber security terms and phrases you will hear during the May 18, 2005 webcast. We do not warrant the accuracy of any information contained in the resources and neither endorse nor promote the advertising of any resources. The information provided below is by no means an exhaustive list, however it can be utilized as a foundation from which you can build your knowledge of cyber security terms and further pursue these topics on your own.

---

AgoBot – AgoBot is an example of a common bot.

Antispyware program – Antispyware programs detect and remove spyware.

Antivirus program – Antivirus programs protect your computer from the installation of unwanted programs such as viruses and trojans. Antivirus programs are usually sold as a collection of programs. Expect to find an on-access scanner that monitors every file that is used, an on-demand scanner that can scan your entire computer for viruses, and an update program that automatically updates virus definitions.

Automatic updates – Automatic updates are a feature of operating systems that enables you to automatically receive security updates and critical program patches. Automatic updates are required for safe computing and are recommended for all operating systems that offer the feature.

Binary – Binary is used as a synonym for a program. When you say that you are running a binary, it means that you are running a program.

Blackmail – A crime in which the perpetrator sends anonymous mail to request a favor, usually a large sum of money. The perpetrator promises not to perform some sort of illicit activity in exchange for the favor. Blackmailers are using the threat of a DDOS attack for monetary gain.

Bot – A bot is a program that remotely controls a computer; it is short for robot. Synonyms are zombie or drone.

Bot master – A hacker who controls the bots.

Botnets – A group of computers that have been compromised and are under the control of a bot master. Among other things, botnets are used to generate spam, DDOS Attacks, and ID Theft.

Broadband – Broadband describes a network connection that has enough capacity to carry a large amount of traffic, such as high-speed Internet traffic.

Clan – A clan is an organized group of network users who collaborate online. Clans have a social structure with clear leaders, workers, and soldiers. Some clans enjoy network games. Other clans collaborate on building bots and botnets.

Corporate warfare – An aggressive business practice aimed at damaging competitors. Botnets have been used as a weapon in corporate warfare.

DDOS – DDOS is short for Distributed Denial of Service attack. DDOS describes a family or class of attack. A DDOS attack is commonly launched by a large number of compromised computers. Hundreds and often thousands of compromised computers are used to create an attack that is very difficult to stop.

Defenestration – The act of throwing something out a window—an effective but not recommended way to rid your computer of a bot, virus, or trojan. Unfortunately, some computer owners are disposing of compromised computers as a way to deal with difficult systems.

Drone – A drone is a program that remotely controls a computer. Synonyms are bot and zombie.

Endpoint – A term that used to describe an individual computer on a network. An endpoint is the smallest part of a network. It sometimes is used to describe the only part of a network that is under your control.

Firewall – A firewall is a technology that enforces some sort of network restriction. There are many types of firewalls. The oldest meaning refers to a device that receives all network transmissions that are sent to an isolated part of the network (such as a corporate network); the transmissions are screened then resent to the isolated network. Some firewalls are capable of restricting network ports. Other firewalls can also identify and restrict network traffic created by known software. Personal firewalls are software products installed on individual computers to restrict network traffic.

Hacker – The current popular meaning of the term is to describe those who break into computer systems or networks, destroy data, steal copyrighted software, and perform other destructive or illegal acts.

HTTP get attack – An HTTP get attack uses thousands of computers to request a particular web page; each compromised system sends dozens of requests per second. This exploit provides a way to deny network service to a particular website.

Identity Theft – Identity theft results from the theft of key personal information. The perpetrator uses the information to create identification and credit cards. Identity theft often results in months of turmoil for the victim. Many people find that they need to restore credit ratings and to be freed from liability for illegal purchases.

IRC – IRC is short for Internet Relay Chat. IRC groups have been in existence for many years. A small subset of the IRC groups have formed clandestine groups that are responsible for many botnets. A specific chat is called a channel.

IRC Chat Server – A server or collection of servers that host IRC channels.

Leet exploit – One type of computer vulnerability.

Leet flood – Starts a SYN-flood on ports 21, 22, 23, 25, 53, 80, 81, 88, 110, 113, 119, 135, 137, 139, 143, 443, 445, 1024, 1025, 1433, 1500, 1720, 3306, 3389, 5000, 6667, 8000, 8080.

P2P – P2P is short for peer-to-peer networking, a popular technique for sharing files. Some bots use P2P vulnerabilities to spread themselves.

PayPal – A popular service that builds on the existing financial infrastructure of bank accounts and credit cards to allow online payments. PayPal has been targeted regularly by phishing schemes. The PayPal staff recommends that you always go directly to their website, www.paypal.com and disregard e-mail containing links to their site.

Pay per click scheme – Some web advertisers offer a small payment to other websites that direct consumers to their site. This “pay per click” method of advertising provides alternate ways for consumers to find a website. The pay per click scheme uses bots and other techniques to hijack consumer web clicks and redirect them through the perpetrator’s website. These stolen web clicks generate an unearned income for the perpetrator.

Phishing – Phishing is a term that describes the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information, typically financial information. The most common phishing scheme involves the sending of spam to a broad audience, usually with spambots. The message seems to be coming from a bank and directs you to update your financial information. You are provided with a link to a compromised web server that impersonates the website of the bank. The information you enter is recorded on a compromised web server and is retrieved by the persons running the phishing scheme.

To be safe from phishing schemes, you should always go directly to a bank’s website by typing the URL in your web browser. Never use a link that is provided in e-mail.

Ports – Your Internet connection is subdivided into thousands of possible connections called ports. Every program that uses the Internet uses a local port and a remote port to make a connection. The local port is a port on your computer and the remote port is a port on another computer.

Ports are categorized by the network protocol that they support and are numbered as well. For example, the TCP protocol has ports numbered from 1 to 65535. When specifying a network port, you specify its number and protocol.

Port 6667 (tcp) – The default network port used by IRC servers. Other ports in the range 6660-6669 are also in common use by IRC.

Port 80 (tcp) – The default network port used by web servers. Network engineers commonly use this term in a sentence like “traffic to port 80” as a synonym for “web traffic”. Because port 80 is difficult to restrict, it is used in a number of exploits.

Reformat – A term used in conjunction with a cleanup prescription from a security professional. It is usually used in a sentence such as: “You must reformat and reinstall the operating system.” This advice means that you must completely erase all the data from the hard drive to successfully remove a bot or trojan. When a hard drive has been reformatted, its data has been deleted.

SMTP – This is an acronym for Simple Mail Transport Protocol. SMTP is the most common mail protocol and is used by most mail servers.

Spam – A popular term for unwanted e-mail. The term originated as a reference to a skit performed on the Monty Python television series. Note that the e-mail is "spam" and the luncheon meat is "SPAM".

Spambot – A spambot is a bot that is engaged in sending SPAM. Millions of SPAMbots are installed on compromised systems world-wide.

SYN – Part of the initial connection between two computers preparing to talk.

SYN flood – Sending thousands of SYN packets a second to a computer, overwhelming its ability to communicate with any other computers and effectively taking it offline.

SYN spoof – A type of distributed denial of service attack.

TCP – An acronym for transmission control protocol.

UDP – An acronym meaning user datagram protocol. UDP is used to transmit data in cases where the transmission does not need to be reliable.

Unicast reverse-path forwarding – A feature in many enterprise class networking devices that validates the source of network traffic and drops the traffic if it detects someone faking the source address. This happens when hackers attempt to hide the source of their attacks.

Virus definitions – Antivirus programs must scan files on your computer to determine if the computer has been compromised by a bot, virus, or trojan. Information critical to the scanning process is kept in virus definition files. Virus definition files are updated by antivirus vendors on a regular basis. You should set your antivirus software to automatically update virus definitions.

Zombie – A zombie is a program that remotely controls a computer. Synonyms are bot and drone

Copyright © 2008 - Privacy Policy - Contact Us