Glossary

ActiveX control
Also known as a browser add-on. ActiveX controls give you extra features in Internet Explorer, such as automatic updates and website animations. Some websites will ask you to install an ActiveX control when you visit. Malware can take advantage of vulnerabilities in ActiveX controls. Cybercriminals can make malicious ActiveX controls to download and run programs on your computer. See also: browser helper object.

Adware
Software that shows you extra advertisements as you use your computer. You wouldn't see the extra ads if you didn't have adware installed.

Alert level
We give all the malware that we detect an alert level . This level depends on how easily the malware can spread and the potential damage it can do. The different alert level s are explained on the following webpages:

Alias
A different name for the same malware. Malware names can differ from one security provider to another.

API
Stands for "Application programming interface". APIs are used to access common, low-level functions. Programmers can use APIs to easily access these functions when they develop their software.

Authenticated user
Someone who has signed in to a website or logged on to a computer or network with the correct user name or password.

Authentication bypass
A loophole or vulnerability that lets an attacker use a program on your computer without needing a user name or password.

Backdoor trojan
A type of trojan that gives an attacker access to and control of your computer. This means they may be able to tell your computer what to do or monitor what you do online. A bot is a type of backdoor trojan.

Behavior
A type of detection based on file actions that are often associated with malicious activity.

Behavior monitoring signature
A type of signature that is based on behaviors or activity that is commonly used for malicious purposes, such as renaming folders or creating certain types of shortcuts.

Blackhat SEO (search engine optimization)
A unfair way to make some pages appear higher in a list of search engine results. Unlike normal search engine optimization (SEO), blackhat SEO is considered deceitful and unethical.

Bitcoins
A form of digital currency. You can use bitcoins to buy things online or exchange them for real money. All transactions made in the Bitcoin system are tracked and stored for everyone else to see.

Bitcoin mining
New bitcoins are created by bitcoin mining. Anyone using the bitcoin system can mine by running special software on their computer. Bitcoin mining software needs a lot of computer processing power and may slow down the computer that's running it.

Bot
Small, hidden programs that are often controlled by a remote attacker. Bots can be installed on your computer without you knowing. Bots on a large number of computers can be connected to form a botnet.

Botnet
When multiple copies of a bot are installed on many computers and controlled by a remote attacker. The attacker can use a botnet for large attacks (such as DDoS attacks or "floods") that wouldn't be possible if they used just one computer.

Browser helper object (BHO)
Internet Explorer uses BHOs to give you added features as you browse the web. Malware authors can try and take advantage of BHOs to install malicious files on your computer. You can learn how to turn browser helper objects off from Microsoft support.

Browser modifier
A program than makes changes to your Internet browser without your permission.

Brute force
When an attacker tries to guess your user name and password. This is usually done automatically by malware that uses a large list of very common words and numbers. This is one of the reasons why it's important to have a strong password that can't be guessed. Read more tips about creating strong passwords.

Buffer overflow
A technique used by some malware to cause an error in a program and make it easier to run malicious code.

CAPTCHA
Stands for Completely Automated Public Turing test to tell Computers and Humans Apart. CAPTCHAs are puzzles that are easy to solve for a human, but hard for a computer. They are usually used by web pages to test if you are a person or a computer program. Most CAPTCHAs use a distorted image of letters and numbers that you must type into a text box.

Cavity infection
A type of infection where a virus finds a gap in a file and inserts itself into it. This means the file stays the same size and the virus is harder to find. This technique can modify the original file beyond repair.

Clean
To remove malware or potentially unwanted software from your computer. A single cleaning can involve several disinfections with your security software.

Clean file
A file that has been analyzed and determined as non-malicious.

Click fraud
When a hacker makes money by using your PC to click ads. The hacker uses malware to do this in the background, so you won't see it happening. The MMPC blog post "Another way Microsoft is disrupting the malware ecosystem" explains how click fraud works.

Constructor
A program that can be used to automatically create malware files.

Compromised website
A website that includes malicious pages or links to malicious content. A website can be compromised with or without the website owner knowing about it. Compromised websites can be used to spread malware to unsuspecting visitors.

Cookie
A piece of information that is sent from a website to your internet browser when you visit it for the first time. The cookie is stored in your web browser and tells the website about your last visit. Cookies are often used by online shopping websites to keep track of your habits and suggest other items for you to buy. Sometimes a cookie includes sensitive information that may be read and stolen by malware. Cookies are also known as HTTP cookies or tracking cookies.

Cross-site request forgery (CSRF or XSRF)
A loophole or vulnerability that lets an attacker pretend to be a trusted user of a website. The website will then let the attacker do things that they shouldn't have permission to do.

Cross-site scripting (XSS)
When an attacker inserts malicious code into a trusted website.

Cryptor
A tool that can protect software from being reverse-engineered or analyzed. Malware may use a cryptor to make it harder for your security software to detect or analyze it.

Cybersquatting
When someone registers, trades or uses a website name to profit from a trademark that belongs to someone else. See also: typosquatting.

DDoS
Stands for distributed denial of service. When a number of computers are made to access a website, network or server repeatedly within a given time period. The aim of the attack is to overload the target so that it crashes and can't respond. This means it won't work for any legitimate users. DDoS attacks can involve multiple computers that have been infected with malware. See also: denial of service

Definition
A set of signatures that our security software uses to identify malware. Other security software vendors may call definitions something different, such as DAT files, pattern files, identity files, or antivirus databases.

Dialer
A program that makes unauthorized telephone calls. These calls may be charged at a premium rate and cost you a lot of money.

Disinfect
To remove malware or potentially unwanted software from a computer. See also: clean.

Domain authentication
When you are checked and verified as a legitimate user so you can see and access a website.

DoS
Stands for denial of service. When a target computer or server is deliberately overloaded so that it doesn't work for any visitors anymore. There are a number of different types of attack that may result in a denial of service. See also: DDoS.

Double-free condition
A loophole or vulnerability in the way a program writes to memory. It can be used by some malware to infect your computer.

Downloader
A type of trojan that downloads other malware onto your computer. The downloader needs to connect to the Internet to download the files. This is different to a dropper, which is installed along with other malware files.

Drive-by download
The automatic or accidental download of malware from the Internet. For example, when you agree to a license agreement without reading it properly. Some malware can also use vulnerabilities or loopholes in your web browser to automatically download files when you visit a compromised website.

Dropper
A type of trojan that installs other malware files onto your computer. The other malware is included within the trojan file. This is different to a downloader, which needs to connect to the Internet to download other files.

EICAR
Stands for the European Institute for Computer Antivirus Research. EICAR provides a file that can be used to see if your antivirus software is installed and working properly. There is more information on the EICAR website.

Encryption
A way of making readable information unreadable. Encrypted information can't be understood until it is decrypted using a secret key. Malware can use encryption to hide its code and make detection and removal more difficult.

Exploit
A piece of code that uses software vulnerabilities to infect your computer with malware. For more information, see our page on exploits.

Firewall
A program or device that monitors and controls the flow of information between two points. For example, between your computer and the internet.

Form grabbing
A malware technique that can steal your website sign in information or change the web content that you see.

Generic
A type of malware signature that can detect a large variety of malware that are in the same family or of a similar type.

Hacktool
A detection used for tools that are designed with malware authors or hackers in mind.

Heap overflow
A type of buffer overflow that can change the way a program behaves.

Heap spraying
A vulnerability used by some malware to insert malicious code into your computer's memory.

Heuristics
A tool or technique that can help identify common patterns. This can be useful for making generic detections for a malware family.

Hijacking
When a communication channel is taken over by an attacker. For example, when an attacker gets access to your web browsing session.

Hoax email
A fake email that warns you about malware. The email may include instructions that actually install malware onto your computer.

Hosts file
A legitimate file that tells your computer what webpage to go to when you type a URL into your Internet browser. Some malware can change the file to redirect you to a malicious website without you realizing.

IFrames
Short for inline frame. A section of a webpage, like an advertisement, that links to another webpage. Malware can use IFrames to put malicious content into trusted websites. This could look like an advertisement, but it downloads malware or potentially unwanted software when you click on it.

Improper authentication
When a program doesn't believe that you are who you say you are when you try to make changes to your computer.

Improper error handling
A loophole or vulnerability where an application doesn't handle errors properly and fails. This can be exploited by some malware.

Improper input validation
A potential vulnerability when a form isn't validated properly and may allow unintentional actions to happen.

In the wild
Malware that currently infects and affects users' computers. This is opposed to malware that we have seen only in internal test environments or malware collections.

Incorrect detection
A program that may have been mistakenly classified as malware or potentially unwanted software. You can report an incorrect detection using our Incorrect detection report form.

Infection
When a virus adds its code to another file to help it spread its code to other files and computers.

Information disclosure
A type of software loophole or vulnerability that allows information to be shared when it shouldn't be.

Insufficient bounds
A lack of memory that can lead to a buffer overflow.

Insufficient validation
A software loophole or vulnerability that can create errors in a program because information isn't written properly.

Integer overflow
When a program creates a larger number than its code can represent. This can create errors within the program.

Joke program
A program that pretends to do something malicious but actually doesn't actually do anything harmful. For example, some joke programs pretend to delete files or format disks.

Keylogger
Also known as keystroke logging. Software that records which keys you press. See also: password stealer.

Kill bit
A feature in Internet Explorer that disables an ActiveX control.

Least-privilege user account (LUA)
An account on your computer that has very few permissions so it can't be used to change any settings. See also: user account control.

Macro virus
A type of virus that spreads through infected documents such as Microsoft Word or Excel documents. The virus is run when you open an infected document.

Malformed input
An application command that is different to what was expected or has invalid information in it.

Malware
Short for malicious software. The general name for programs that perform unwanted actions on our computer, such as stealing your personal information. Some malware can steal your banking details, lock your computer until you pay a ransom, or use your computer to send spam. Viruses, worms and trojans are all types of malware.

Malware creation tool
A program that can be used to automatically create malware files.

Man-in-the-browser (MITB) attack
A type of web-based threat where a malicious program makes changes to a website without the website owner knowing it is happening.

Man-in-the-middle (MITM) attack
A form of eavesdropping in which an attacker gets in the middle of network communications. The attacker can then manipulate messages or gather information without the people doing the communication knowing.

Memory reallocation
When information stored in a computer program is overwritten before it's used. This can cause errors in the program.

Memory resident
A threat that continues to run and take up space until your computer is restarted.

Microsoft Word global template
A Microsoft Word feature that stores macros, AutoText entries, and the custom toolbar, menu, and shortcut key settings so that you can use them with any document.

Misleading
The program that makes misleading or fraudulent claims about files, registry entries or other items on your PC.

Monitoring tool
A commercial program that monitors what you do on your computer. This can include monitoring what keys you press; your email or instant messages; your voice or video conversations; and your banking details and passwords. It can also take screenshots as you use your computer.

Mutex
Stands for mutual exclusion object. Some malware can create a mutex as a sign that it has infected your computer. This stops it from infecting your computer twice.

Network packet
A unit of data carried over a network.

Non-persistent XSS
A type of cross-site scripting. The link to the malware is stored on a server and followed when you visit the infected website.

NTFS file system
Stands for new technology file system, a system used by Windows NT.

NTLDR
An abbreviation of the term 'NT loader'. The set of instructions that run every time the Windows NT operating system is started.

Obfuscate
To hide or make unclear. Some malware hides its code in this way to make it harder for security software to detect or remove it. We call this type of malware an obfuscator.

Obfuscator
A type of malware that hides its code and purpose to make it more difficult for security software to detect or remove it.

Packer
A program that lets you bundle files together into the same download. This can be used by malware authors to hide malware files and make them harder to detect.

Password stealer
A type of malware that is used steal your personal information, such as user names and passwords. It often works along with a keylogger that collects and sends information about what keys you press and websites you visit to an attacker.

Payload
The actions taken by a piece of malware once it is installed on your computer. For example, this can include downloading files, changing your computer settings, displaying messages and watching what keys you press.

Persistent XSS
A type of cross-site scripting. The malware is stored on a server and downloaded when you visit the infected website.

Phishing
A way to trick you into giving out your personal or financial information. Phishers may use phony websites or email messages that look like they are from a trusted businesses. Their goal is to get you to reveal your personal information, such as your user names, passwords, or credit card numbers.

Polymorphic
Malware that can change parts of itself to avoid detection by security software.

Potentially unwanted software
A program that you may not want installed on your computer, or that may have already been installed without adequate consent from you. Potentially unwanted programs may impact your privacy, security, or computing experience.

Privilege elevation
A vulnerability that lets someone do things on your computer, network or server that they otherwise wouldn't be able to.

Proof-of-Concept (PoC) code
Code that's written to prove that a particular method of malware attack can work.

Program
Software that you may or may not want installed on your computer.

Proxy server
A server that sits between you and the server you are trying to reach. A proxy server tries to answer your request before passing it on to the actual server you are trying to reach. They can be used to filter and store online content, handle frequent requests more quickly, or hide someone's identity.

Ransomware
A type of malware that stops you using your computer until you pay a certain amount of money, known as the “ransom”. Once installed on your computer, ransomware usually shows you a screen with information about how to pay. Often, you can't access anything on the computer beyond this screen. There is more information on our ransomware page.

Reinfection
When your computer is infected with malware again after it has been cleaned. Reinfection usually happens when your security software isn't up to date, or if the malware isn't being removed fully. There is more information on our reinfection help page.

Remote code execution (RCE)
When an attacker runs code on your computer without having actual physical access to it.

Remote control software
A program that gives someone access to your computer from a remote location. This type of program is often installed by the computer owner. They are only a risk if they are unexpected.

Remote procedure call (RPC)
A communication tool that helps processes on your computer to share information.

Resident
Malware that continuously runs on your computer. This happens when a copy of the malware makes changes to your computer so that it runs every time the computer starts up.

Rogue security software
Software that pretends to be an antivirus program but doesn't actually provide any security. This type of software usually gives you a lot of alerts about threats on your computer that don't exist. It also tries to convince you to pay for its services. Our rogue security software page has more information.

Rootkit
A program that is designed to hide itself and other malware from detection while it makes changes to your computer. These changes are hard to detect and fix. There is more information on our rootkits page.

Script (malware)
A type of malware written using a scripting language. Common forms of scripting language include JavaScript, HTML, Visual Basic Script, PowerShell, Perl, Python and Shell Scripting.

Search engine optimization (SEO)
The process of increasing the ranking and popularity of a webpage in search engine results. Usually, the higher a web page is in the list of results, the more likely that someone will visit it.

Security bypass
A software vulnerability that lets an attacker get past a program's security.

Sender ID framework
Technology that helps fight spam, spoofing, and phishing emails. It checks that an email comes from where it says it does. This helps stop deceptive messages.

Settings modifier
A program that changes your computer settings.

Shell
The program that gives your commands to your computer's operating system.

Shellcode
The payload that is run after malware has exploited a software vulnerability.

Signature
A signature is a set of characteristics that we use to identify a piece of malware. Signatures are used by security software to automatically decide if a file is malicious or not.

Social engineering
A method of attack that targets people rather than software. Social engineering is designed to trick you into doing something that benefits the attacker, such as opening or downloading a malware file or giving away your personal information. It can be online, such as an email that tricks you into opening an attachment, or offline, such as a phone call from with someone pretending to be from your bank. However social engineering happens, its purpose is the same – to get you to do something that an attacker wants you to do.

Software bundler
A program that installs potentially unwanted software on your computer at the same time as the software you are trying to install, without adequate consent.

Spam
Bulk unwanted email. Spam can be used to spread malware, either as an email attachment or with a hyperlink that redirects you to an infected webpage. Some malware can collect email addresses for spamming from infected computers, or use infected computers to send spam.

Spam run
A bulk round of spam. A spam run can describe a single round of spam emails sent from the same server, or groups of spam emails on the same theme, for example Valentine's Day spam.

Spammer
A trojan that sends large numbers of spam emails. It may also describe the person or business responsible for sending spam.

Spoof
A type of attack where a message is made to look like it comes from a trusted source. For example, an email that looks like it comes from a legitimate business, but is actually trying to spread malware.

Spoofer
A type of trojan that makes fake emails that look like they are from a legitimate source.

Spoofing
When an attacker mimics someone else. For example, when they create a website that looks the same as a legitimate website to try and trick people into using it.

Spyware
A program that collects your personal information, such as your browsing history, and uses it without adequate consent.

SQL injection
A type of malware attack where SQL code is put into an ordinary web form. If the code is run it can cause significant information loss.

Stack-based buffer overflow
A common type of buffer overflow that allows malware code to run on your computer.

Stealth
A way of hiding a threat, file or process. One form of stealth can be a redirect that makes it hard to look at a malicious file or piece of code because you are sent to a clean location instead.

Tool
A type of software that may have a legitimate purpose, but which may also be abused by malware authors.

Trojan
A type of malware. A trojan is a program that tries to look innocent, but is actually a malicious application. Unlike a virus or a worm, a trojan doesn't spread by itself. Instead they try to look innocent to convince you to download and install them. Once installed, a trojan can steal your personal information, download more malware, or give an attacker access to your computer.

Trojan clicker
A type of trojan that can use your computer to "click" on websites or applications. They are usually used to make money for an attacker by clicking on online advertisements and making it look like the website gets more traffic than it does. They can also be used to skew online polls, install programs on your computer, or make potentially unwanted software appear more popular than it is.

Trojan downloader/dropper
A type of trojan that installs other malicious files, including malware, onto your computer. It can download the files from a remote computer or install them directly from a copy that is included in its file.

Trojan proxy
A type of trojan that installs a proxy server on your computer. The server can be configured so that when you use the Internet, any requests you make are sent through a server controlled by an attacker.

TrojanSpy
A program that collects your personal information, such as your browsing history, and uses it without adequate consent.

Typosquatting
A form of cybersquatting where someone registers a domain name of a popular website, with small misspellings. For example, microsooft.com. See also: cybersquatting.

Unchecked buffer
A software vulnerability where data is stored to a program's memory incorrectly. This can cause errors in the program.

Uninitialized memory
A software vulnerability where memory on your computer can't be written over. This can create errors that can be exploited by malware.

Uninitialized pointer
A software vulnerability when a program is pointed to write to an invalid memory location. This can create errors in a program.

Uninitialized variable
A common source of software bugs that results in an error.

Unrestricted upload of a file with a dangerous type
A type of vulnerability where software allows an attacker to upload malicious files onto your computer. These files can be automatically installed and run on your computer.

Use after free
When a program's code points to memory that has since been cleared. This can cause the program to fail or behave unexpectedly.

User account control (UAC)
Also known as least-privilege user account. Gives you control of what changes someone can make to your computer. You can use UACs to make it harder for malware to install and run. For example, you can make it so that someone can't install any software or drivers when they use your computer. You can also block them from changing system wide settings, viewing or changing other user accounts, or running administrative tools.

User elevation
When someone is using your computer with higher privileges than they should have.

Virtool
A detection that is used mostly for malware components, or tools used for malware-related actions, such as rootkits.

Virtual machine
A copy of a complete computer in a self-contained and isolated environment. Virtual machines let you run otherwise incompatible operating systems, as each system can run in its own isolated section. For example, running Mac OS X on a Windows computer.

Virus
A type of malware. Viruses spread on their own by attaching their code to other programs, or copying themselves across systems and networks.

Vulnerability
A flaw or error in a program that may allow an attacker to exploit it for a malicious purpose. Once known, software vulnerabilities are usually quickly patched by their vendor. You must then update your software to be protected. For more information, see our page on exploits.

WildList
A collection of malware that is used to test the performance of antimalware software.

Windows system folder
A changeable location on your computer where new programs are installed. The default location for the Windows system folder in Windows 2000 and NT is C:\Winnt\System32. In Windows XP, Vista, 7 and 8 it is C:\Windows\System32. Malware will often make changes to this folder when it is installed on your computer.

Worm
A type of malware that spreads to other computers. Worms may spread using one or more of the following methods:

XLStart
A folder where you can put the worksheets that you would like to automatically open when you start Excel. The folder is usually stored in %AppData%\Local\Microsoft \Excel\XLStart.

XML injection
A type of vulnerability that allows an attacker to change an XML file.