Malware Glossary

ActiveX control
A sofware component of Microsof Windows that can be used to create and distribute small applications through Internet Explorer. ActiveX controls can be developed and used by sofware to perform functions that would otherwise not be available using normal Internet Explorer capabilities. Because ActiveX controls can be used to perform a wide variety of functions, including downloading and running programs, vulnerabilities discovered in them may be exploited by malware. In addition, cybercriminals may also develop their own ActiveX controls, which can do damage to a system if a user visits a Web page that contains the malicious ActiveX control.

A program that displays advertisements. While some adware can be benefcial by subsidizing a program or service, other adware programs may display advertisements without adequate consent.

backdoor trojan
A type of trojan that provides attackers with remote access to infected computers. Bots are a sub-category of backdoor trojans. Also see botnet.

An operator of a botnet.

A set of computers controlled by a "command-and-control" (C&C) computer to execute commands as directed. Te C&C computer can issue commands directly (ofen through Internet Relay Chat [IRC]) or by using a decentralized mechanism, like peer-to-peer (P2P) networking. Computers in the botnet are ofen called nodes or zombies.

browser modifier
A program that changes browser settings, such as the home page, without adequate consent. Tis also includes browser hijackers.

Short for computers cleaned per mil (thousand). Te number of computers cleaned for every 1,000 executions of the MSRT. For example, if the MSRT has 50,000 executions in a particular location in January and removes infections from 500 computers, the CCM for that location in January is 10.0. Te CCM for a multiple-month period is derived by averaging the CCM for each month in the period.

To remove malware or potentially unwanted sofware from an infected computer. A single cleaning can involve multiple disinfections

Revelation of the existence of a vulnerability to a third party. Also see responsible disclosure.

To remove a malware or potentially unwanted sofware component from a computer or to restore functionality to an infected program. Compare clean.

See trojan downloader/dropper.

Malicious code that takes advantage of sofware vulnerabilities to infect a computer.

A program or device that monitors and regulates trafc between two points, such as a single computer and the network server, or one server to another.

Short for inline frame. An IFrame is an HTML document that is embedded in another HTML document. Because the IFrame loads another Web page, it can be used by criminals to place malicious HTML content, such as a script that downloads and installs spyware, into non-malicious HTML pages hosted by trusted Web sites.

in the wild
Said of malware that is currently detected in active computers connected to the Internet, as compared to those confned to internal test networks, malware research laboratories, or malware sample lists.

See password stealer (PWS).

Malicious sofware or potentially unwanted sofware installed without adequate user consent.

malware impression
A single instance of a user attempting to visit a site known to host malware, and being blocked by the SmartScreen Filter in Internet Explorer 8. Also see phishing impression.

monitoring tool
Sofware that monitors activity, usually by capturing keystrokes or screen images. It may also include network snifng sofware. Also see password stealer (PWS).

parser vulnerability
A vulnerability in the way an application processes, or parses, a fle of a particular format, which can be exploited through the use of a specially crafed fle. Also see vulnerability.

password stealer (PWS)
Malware that is specifcally used to transmit personal information, such as user names and passwords. A PWS ofen works in conjunction with a keylogger, which sends keystrokes or screen shots to an attacker. Also see monitoring tool.

Te actions conducted by a piece of malware for which it was created. Tis can include, but is not limited to, downloading fles, changing system settings, displaying messages, and logging keystrokes.

A method of identity thef that tricks Internet users into revealing personal or fnancial information online. Phishers use phony Web sites or deceptive e-mail messages that mimic trusted businesses and brands to steal personally identifable information (PII), such as user names, passwords, credit card numbers, and identifcation numbers.

phishing impression
A single instance of a user attempting to visit a known phishing site, with Internet Explorer 7 or Internet Explorer 8, and being blocked by the Phishing Filter or SmartScreen Filter. Also see malware impression.

potentially unwanted software
A program with potentially unwanted behavior that is brought to the user’s attention for review. Tis behavior may impact the user’s privacy, security, or computing experience.

remote control software
A program that provides access to a computer from a remote location. Tese programs are ofen installed by the computer owner or administrator and are only a risk if unexpected.

responsible disclosure
Te practice of disclosing vulnerabilities privately to an afected vendor so it can develop a comprehensive security update to address the vulnerability before it becomes public knowledge.

rogue security software
Sofware that appears to be benefcial from a security perspective but provides limited or no security capabilities, generates a signifcant number of erroneous or misleading alerts, or attempts to socially engineer the user into participating in a fraudulent transaction.

Sender ID Framework
An Internet Engineering Task Force (IETF) protocol developed to authenticate e-mail to detect spoofng and forged e-mail with the typical tactic to drive users to phishing Web sites and to download malicious sofware.

social engineering
A technique that defeats security precautions in place by exploiting human vulnerabilities. Social engineering scams can be both online (such as receiving e-mails that ask you to click the attachment, which is actually malware) and ofine (such as receiving a phone call from someone posing as a representative from your credit card company). Regardless of the method selected, the purpose of a social engineering attack remains the same-to get the targeted user to perform an action of the attacker’s choice.

Bulk unsolicited e-mail. Malware authors may use spam to distribute malware, either by attaching the malware to the message or by sending a message containing a link to the malware. Malware may also harvest e-mail addresses for spamming from compromised machines or may use compromised machines to send spam.

spear phishing
Phishing that targets a specifc person, organization, or group, containing additional information associated with that person, organization, or group to lure the target further into a false sense of security to divulge more sensitive information.

A program that collects information, such as the Web sites a user visits, without adequate consent. Installation may be without prominent notice or without the user’s knowledge.

SQL injection
A technique in which an attacker enters a specially crafed Structured Query Language (SQL) statement into an ordinary Web form. If form input is not fltered and validated before being submitted to a database, the malicious SQL statement may be executed, which could cause signifcant damage or data loss.

Sofware that may have legitimate purposes but may also be used by malware authors or attackers.

A generally self-contained program that does not self-replicate but takes malicious action on the computer.

trojan downloader/dropper
A form of trojan that installs other malicious fles to the infected system either by downloading them from a remote computer or by dropping them directly from a copy contained in its own code.

Malware that replicates, commonly by infecting other fles in the system, thus allowing the execution of the malware code and its propagation when those fles are activated.

A weakness, error, or poor coding technique in a program that may allow an attacker to exploit it for a malicious purpose. Also see parser vulnerability.

vulnerability broker
A company or other entity that provides sofware vendors with vulnerability information provided to it by external security researchers. In exchange for such compensation as the broker may provide, the security researchers agree not to disclose any information about the vulnerability to anyone other than the broker and the afected vendor.

Phishing that targets senior executives and other high-ranking people within a company or group.

See in the wild.

Malware that spreads by spontaneously sending copies of itself through e-mail or by using other communication mechanisms, such as instant messaging (IM) or peer-to-peer (P2P) applications.

Microsoft Security Intelligence Report volume 6 (July - December 2008)

Download SUN VirtualBox 2.2.2

VirtualBox 2.2.2 is now available for download
VirtualBox is a family of powerful x86 virtualization products for enterprise as well as home use. Not only is VirtualBox an extremely feature rich, high performance product for enterprise customers, it is also the only professional solution that is freely available as Open Source Software under the terms of the GNU General Public License (GPL). See "About VirtualBox" for an introduction.

Presently, VirtualBox runs on Windows, Linux, Macintosh and OpenSolaris hosts and supports a large number of guest operating systems including but not limited to Windows (NT 4.0, 2000, XP, Server 2003, Vista), DOS/Windows 3.x, Linux (2.4 and 2.6), Solaris and OpenSolaris, and OpenBSD.

VirtualBox is being actively developed with frequent releases and has an ever growing list of features, supported guest operating systems and platforms it runs on. VirtualBox is a community effort backed by a dedicated company: everyone is encouraged to contribute while Sun ensures the product always meets professional quality criteria.

On this site, you can find sources, binaries, documentation and other resources for VirtualBox. If you are interested in VirtualBox (both as a user, or possibly as a contributor), this website is for you.

Support Host Operating Systems
A supported host operating system. Presently, we support Windows (primarily XP) and many Linux distributions on 32-bit hosts and on 64-bit hosts. Support for Mac OS X and Solaris and OpenSolaris appeared in 1.6.

Support Guest Operating Systems
A supported guest operating system. Besides the user manual (see below), up-to-date information is available at Status: Guest OSes.

VirtualBox 2.2.2 Features
1. Modularity.
VirtualBox has an extremely modular design with well-defined internal programming interfaces and a client/server design. This makes it easy to control it from several interfaces at once: for example, you can start a virtual machine in a typical virtual machine GUI and then control that machine from the command line, or possibly remotely. VirtualBox also comes with a full Software Development Kit: even though it is Open Source Software, you don't have to hack the source to write a new interface for VirtualBox.

2. Virtual machine descriptions in XML.
The configuration settings of virtual machines are stored entirely in XML and are independent of the local machines. Virtual machine definitions can therefore easily be ported to other computers.

3. Guest Additions for Windows and Linux.
VirtualBox has special software that can be installed inside Windows and Linux virtual machines to improve performance and make integration much more seamless. Among the features provided by these Guest Additions are mouse pointer integration and arbitrary screen solutions (e.g. by resizing the guest window).

4. Shared folders.
Like many other virtualization solutions, for easy data exchange between hosts and guests, VirtualBox allows for declaring certain host directories as "shared folders", which can then be accessed from within virtual machines.

Download VirtualBox 2.2.2 version for Windows at Download VirtualBox website and download user manual at User manual website.

Version: 2.2.2
Filename: VirtualBox-2.2.2-46594-Win.exe
Size of file: 64.471 MB


Download Pictomio 1.2.29

Pictomio is an application to manage, organize, and archive your photo collection and to create elaborate animated slideshows. Utilizing the processing power of the latest 3D graphics cards, Pictomio offers techniques and effects only used in 3D games before. Pictomio's use of 3D-accelerated user interfaces incorporating dynamically calculated animations and effects provides you with a completely new user experience.

Download Skype for Windows

Skype is software that enables you to make free calls anywhere in the world. Skype uses P2P (peer-to-peer) technology to connect you with other users. It offers several features, including SkypeOut calling from Skype to regular and mobile phones worldwide, conference calling, and secure file transferring. You can also now share your screen with other users. Skype calls focus on video and audio quality, and secure the calls with end-to-end encryption.

Download MySQL 5.1.34

MySQL is a very fast, multi-user, multi-threaded and robust SQL (Structured Query Language) database server. The world's most popular open source database.


HWiNFO™ and HWiNFO32™ are professional hardware information and diagnostic tools supporting latest components, industry technologies and standards. Both tools are designed to collect and present the maximum amount of information possible about computer's hardware which makes them suitable for users searching for driver updates, computer manufacturers, system integrators and technical experts as well. Retrieved information is presented in a logical and easily understandable form and can be exported into various types of reports.

HWiNFO32 v2.39 (7 April 2009)
HWiNFO32™ - A powerful system information tool for Windows
• Comprehensive hardware information
• System health monitoring
• Basic benchmarks
• Text, CSV, XML, HTML, MHTML report formats
• Periodical updates
• OS: Windows 9x/2000/XP/Server 2003/Vista/Server 2008
• Platform: 32-bit (IA-32), 64-bit (x64, IA-64)
• Available as HWiNFO32 SDK (Custom Client) !

Click here to download HWiNFO32 v2.39 (.exe)
Click here for more download locations

HWiNFO v5.2.5 (4 November 2008)
HWiNFO™ - A powerful system information tool for DOS
• Comprehensive hardware information
• System health monitoring
• Full and short report format
• Regular updates
• Runs under MS-DOS (i386+)
• Shareware (14-day free trial)

Click here for download locations

ClamWin Free Antivirus 0.95.1

ClamWin Free Antivirus 0.95.1
ClamWin is a Free Antivirus program for Microsoft Windows 98/Me/2000/XP/2003 and Vista.

Homepage ClamWin Free Antivirus

ClamWin Free Antivirus comes with an easy installer and open source code. You may download and use it absolutely free of charge.

ClamWin features:
  • High detection rates for viruses and spyware;
  • Scanning Scheduler;
  • Automatic downloads of regularly updated Virus Database.
  • Standalone virus scanner and right-click menu integration to Microsoft Windows Explorer;
  • Addin to Microsoft Outlook to remove virus-infected attachments automatically.
ClamWin Free Antivirus 0.95.1 new features:
This release includes a significant update to ClamAV engine:
  • Better ZIP archive handling
  • fixed possible false positive detection
  • A lot of other bug fixes fixes and improvements
Click here to download ClamWin Free Antivirus 0.95.1

ClamWin Free Antivirus does not include an on-access real-time scanner. You need to manually scan a file in order to detect a virus or spyware.

ClamWin Free Antivirus is based on ClamAV engine and uses GNU General Public License ( by the Free Software Foundation (, and is free (as in freedom) software.

Exchange Server 2010 Beta‏ Available

There is a better way to accomplish more. Now you can get your job done with less effort and more confidence.

Microsoft Exchange Server 2010 is the new messaging and collaboration solution that helps IT Professionals achieve new levels of reliability with greater flexibility, improved user access, and increased protection of company communications.

Flexible and Reliable
Exchange Server 2010 gives you the flexibility to tailor your deployment based on your company’s unique needs and a simplified way to help keep e-mail continuously available for your users.

Anywhere Access
Exchange Server 2010 helps your users get more done by giving them the freedom to securely access all of their communications - e-mail, voice mail, instant messaging, and more—from virtually any platform, Web browser, or device.

Protection and Compliance
Exchange Server 2010 delivers integrated information, loss prevention, and compliance tools aimed at helping you simplify.

Try the new Exchange Server 2010 Beta
Bring simplicity and power to your company’s messaging and communications. Get the Exchange Server 2010 Beta today at

Citrix XenServer available for download

Citrix XenServer: The Enterprise-class. Cloud-proven. Free.
Citrix XenServer™ is the only enterprise-class, cloud-proven virtualization platform that delivers the critical features of live migration and centralized multi-server management at no cost. XenServer is an open and powerful server virtualization solution that radically reduces datacenter costs by transforming static and complex datacenter environments into more dynamic, easy to manage IT service delivery centers.

By providing features like live migration, shared storage support, centralized multi-server management plus P2V and V2V conversion tools in the free version, XenServer enables any organization, no matter the size or budget, to immediately benefit from the power of server virtualization.

Key benefits
XenServer has fast become a leading virtualization technology with over 5,000 customers and enterprise-class features that rival leading virtualization platforms. XenServer, as recently reviewed by Allan Stevens of ZDnet, "is very much a production-class virtualization solution with features that match, and in some cases exceed, what’s available on rival platforms."

  • Best virtualization value – Starting with the virtualization power of the industry-leading Xen® hypervisor at no cost, users can extend their savings into capital equipment, space, power and cooling costs.
  • Enterprise-class features – Centralized multi-server management and live migration using XenMotion enables users to manage the virtualized environment easily and intelligently while optimizing resource with zero-downtime to users.
  • Easy setup and administration – Being easy to use is just one reason XenServer was named the Most Innovative Product of the Year for virtualization in 2008 by VARBusiness. XenServer can be installed and running in about 10 minutes (10 to Xen) and also has a unique management architecture that eliminates single points of failure. Easily manage hundreds of virtual machines with the included XenCenter management console that installs with only 4 megabytes of storage.

Available at no cost, Citrix XenServer gives organizations a way to widely adopt an enterprise-class, cloud-proven virtualization platform to dramatically affect the economics of delivering IT.

Download Citrix XenServer
You can download Citrix XenServer* from website below:

Note: *Registration required


Download Parted Magic 4.0

Parted Magic 4.0 is now available for download.

Parted Magic 4.0
Fize Size: 72550KB
Language: English
Operating System: DOS
License: Free
Download: Download free

Parted Magic is a Linux LiveCD/USB/PXE with its elemental purpose being to partition hard drives. Optimized at approximately 30MB, the Parted Magic OS employs core programs of GParted and Parted to handle partitioning tasks with ease, while featuring other useful programs (e.g. Partition Image, TestDisk, fdisk, sfdisk, dd, ddrescue, etc.) and an excellent set of documentation to benefit the user.

An extensive collection of fileystem tools are also included, as Parted Magic supports the following: aufs, ext2, ext3, ext4, fat16, fat32, hfs, hfs+, jfs, linux-swap, ntfs, ocfs2, reiserfs, reiser4, xfs, and zfs. Version 1.7 the proper FHS /mnt and /media directories were added. /mnt and /media are writable. Replaced GParted documents with the official Parted MagicDocuments. Many others bugs have been fixed.

Download CentOS 5.3

CentOS 5.3
Fize Size: 696854KB
Language: English
License: Free
Download: Download CentOS 5.3 (x86_64)

CentOS is an Enterprise-class Linux Distribution derived from sources freely provided to the public by a prominent North American Enterprise Linux vendor.

CentOS conforms fully with the upstream vendors redistribution policy and aims to be 100% binary compatible. (CentOS mainly changes packages to remove upstream vendor branding and artwork.) CentOS is free, however, we ask for a small contribution. CentOS is a project of the cAos Foundation.

CentOS is developed by a small but growing team of core developers. In turn the core developers are supported by an active user community including system administrators, network administrators, enterprise users, managers, core Linux contributors and Linux enthusiasts from around the world.

CentOS has numerous advantages over some of the other clone projects including: an active and growing user community, quickly rebuilt, tested, and QA'ed errata packages, an extensive mirror network, developers who are contactable and responsive, multiple free support avenues including IRC Chat, Mailing Lists, Forums, a dynamic FAQ. Commercial support is offered via a number of vendors.

CentOS exists to provide a free enterprise class computing platform to anyone who wishes to use it. CentOS 2 and 3 are fully compatible rebuilds of RHEL 2 and 3 respectively. CentOS 2 and 3 are reproduced from RHEL sources that are freely distributed by RedHat.

Redistributed packages and sources comply fully with RedHat's redistribution requirements. CentOS 2 and 3 are designed for people who need an enterprise class OS without the cost, support, certification, or brand name of RedHat.

Download SoftPerfect NetWorx 4.8

SoftPerfect NetWorx v4.8
Fize Size: 750KB
Language: English
Operating System: Windows 2000/XP/2003/Vista
License: Free
Download: Click here

NetWorx is a simple and free, yet powerful tool that helps you objectively evaluate your bandwidth situation. You can use it to collect bandwidth usage data and measure the speed of your Internet or any other network connection. NetWorx can help you identify possible sources of network problems, ensure that you do not exceed the bandwidth limits specified by your ISP, or track down suspicious network activity characteristic of Trojan horses and hacker attacks.

The program allows you to monitor all your network connections or a specific network connection (such as Ethernet or PPP) only. The software also features a system of highly customizable visual and sound alerts. You can set it up to alert you when the network connection is down or when some suspicious activity, such as unusually heavy data flow, occurs. It can also automatically disconnect all dialup connections and shut down the system.

The incoming and outgoing traffic is represented on a line chart and logged to a file, so that you can always view statistics about your daily, weekly and monthly bandwidth usage and dialup duration. The reports can be exported to a variety of formats, such as HTML, MS Word and Excel, for further analysis.

Key Features
  • Clear graphic and/or numeric display.
  • Usage reports with export to a variety of file formats, including Excel, MS Word and HTML.
  • Permits close supervision of uploads and downloads.
  • Works with dial-up, ISDN, cable modems, ADSL, Ethernet cards, and more.
  • Includes network information & testing tools with advanced netstat that displays applications using your Internet connection.
  • Scalable to your own modem download capabilities.
  • Option to notify user or disconnect from the Internet automatically when network activity exceeds a certain level.
  • Speed meter to accurately time downloads and report the average transfer rates. Absolutely free and does not contain any adware/spyware/malware.

©2009 WFB. All Rights Reserved.

Paessler Router Traffic Grapher

Download PRTG - Paessler Router Traffic Grapher
Fize Size: 28,828KB
Language: English
Operating System: Windows 2000/XP/2003
License: Free
Download Website:

PRTG Traffic Grapher is an easy to use Windows application for monitoring and classifying bandwidth usage. It provides system administrators with live readings and long-term usage trends for their network devices. PRTG is mainly used for bandwidth usage monitoring, but may also be used to monitor many other aspects of a network such as memory and CPU utilization. The user receives detailed and comprehensive bandwidth and network usage data.


UltraVNC 1.0.56
Fize Size: 2264KB
Language: English
Operating System: Windows 2000/XP/2003
License: Free
Download: UltraVNC stable

UltraVNC is an easy to use computer program that can display a screen of another computer (via internet or network) on your screen. UltraVNC will allow users you to use their mouse and keyboard to control the other PC remotely. It means that you can work on a remote computer, as if you were sitting in front of it, right from your current location.If you provide computer support, you can easy access your customer's computers from anywhere in the world and resolve helpdesk issues remotely! Your customers don't have to pre-install software or execute complex procedures to get remote helpdesk support. UltraVNC software allows you to remotely control a computer over any TCP/IP connection. UltraVNC emulates the destination computer to make it look as if you were in front of it.

The 10 common Windows security vulnerabilities

The 10 most common Windows security vulnerabilities
Here's my top 10 list:

1. File and share permissions that give up everything to everyone.
2. Lack of malware protection
3. Lack of personal firewall protection.
4. Weak or nonexistent drive encryption.
5. No minimum security standard.
6. Missing patches in Windows as well as third-party software,such as VNC, RealPlayer and others
7. Weak Windows security policy settings.
8. Unaccounted for systems running unknown, and unmanaged, services such as IIS and SQL Server Express.
9. Weak or nonexistent passwords.
10. Windows Mobile and other mobile device weaknesses.

Tools to find these vulnerabilities
There are many good tools, including port scanners and system enumeration such as.
1. SuperScan
2. QualysGuard
3. OmniPeek
4. CommView
5. Hex editor