The Highflow02 Network
Helping You Void the warranty since 1997
About the Threat of Pests ...
Pest Categories
| Adware | Software that brings targeted ads to your computer, after you provide initial consent for this task. Some Adware may hijack the ads of other companies, replacing them with its own. Adware typically will track your browsing habits and report this info to a central ad server. See also Spyware. Examples |
| Anarchy | In the hacking culture, there is a strong belief in anarchy, that laws should not be created for cyberspace nor can they be enforced without grievous infringement on civil liberties. Such views are not widely shared by the general public or by governments. Anarchy documents often focus on the overthrow of systems, small or large. Examples |
| Annoyance | Any trojan that does not cause damage other than to annoy a user, such as by turning the text on the screen upside down, or making mouse motions eratic. Examples |
| ANSI Bomb | Character sequences that reprogram specific keys on the keyboard. If ANSI.SYS is loaded, some bombs will display colorful messages, or have interesting (but unwanted) graphical effects. Examples |
| AOL Pest | Any password stealer, exploit, DoS attack, or ICQ hack aimed at users of AOL. ICQ is an instant messenger service from mirabilis.com, now AOL. ICQ is a favorite service among hackers, and ICQ features are built into many trojans (such as stealing user's passwords, UINs, or notifying the hacker). Users of ICQ are warned "By using the ICQ service and software... you may be subject to various risks, including... Spoofing, eavesdropping, sniffing, spamming, breaking passwords, harassment, fraud, forgery, 'imposturing', electronic trespassing, tampering, hacking, nuking, system contamination including without limitation use of viruses, worms and Trojan horses causing unauthorized, damaging or harmful access and/or retrieval of information and data on your computer and other forms of activity that may even be considered unlawful." Examples |
| AV Killer | Any hacker tool intended to disable a user's anti-virus software to help elude detection. Some will also disable personal firewalls. Examples. See also Firewall Killer. |
| Backdoor | A secret or undocumented means of getting into a computer system, or software that uses such a means to penetrate a system. Some software has a backdoor placed by the programmer to allow them to gain access to troubleshoot or change the program. Software that is classified as a "backdoor" is designed to exploit a vulnerability in a system, and open it to future access by an attacker. Examples. |
| Binder | A tool that combines two or more files into a single file, usually for the purpose of hiding one of them. A binder compiles the list of files that you select into one host file, which you can rename. A host file is a simple custom compiled program that will decompress and launch the source programs. When you start the host, the embedded files in it are automatically decompressed and launched. When a trojan is bound with Notepad, for instance, the result will appear to be Notepad, and appear to run like Notepad, but the Trojan will also be run. Examples |
| Browser Helper Object | (BHO). A component that Internet Explorer will load whenever it starts, shares IE's memory context, can perform any action on the available windows and modules. A BHO can detect events, create windows to display additional information on a viewed page, monitor messages and actions. Microsoft calls it "a spy we send to infiltrate the browser's land." BHOs are not stopped by personal firewalls, because they are seen by the firewall as your browser itself. Some exploits of this technology search all pages you view in IE and replace banner advertisements with other ads. Some monitor and report on your actions. Some change your home page. Examples |
| Carding | Credit card fraud. Carding texts offer advice on how to make credit cards, how to use them, and otherwise exploit the credit card system. Examples |
| Commercial RAT | Any commercial product that is normally used as a remote administration tool, but which might be exploited to do this without user consent or awareness. Differs from RAT primarily in price charged and developer intent. Examples |
| Cracking Doc | Any document which provides guidance on how to crack or to use cracking tools. Examples |
| Cracking Misc | Any document and/or tool that provides guidance on how to remove copy protection. Examples |
| Cracking Tool | Any software designed to modify other software for the purpose of removing usage restrictions. An example is a 'patcher' or 'patch generator', that will replace bytes at specified locations in a file, rendering it a licensed version. Examples |
| DDoS | A Distributed Denial of Service (DDoS) attack is one that pits many machines against a single victim. An example is the attacks of February 2000 against some of the biggest websites. Even though these websites have a theoretical bandwidth of a gigabit/second, distributing many agents throughout the Internet flooding them with traffic can bring them down. The Internet is defenseless against these attacks. The best defense is for users everywhere to run PestPatrol, and remove DDoS clients when they are found, so that their machines are not used as attack tools. Another approach is for ISPs to do "egress filtering": prevent packets from going outbound that do not originate from IP addresses assigned to the ISP. This cuts down on the problem of spoofed IP addresses. Examples |
| Denial of Service | See DoS. |
| Dialer | Software that dials a phone number. Some dialers connect to local Internet Service Providers and are beneficial as configured. Others connect to toll numbers without user awareness or permission. Examples |
| Disassembler | A software tool that takes a executable apart, revealing the code within. Disassemblers are legitimate products and often sold commercially. But they are often used by hackers who wish to reverse engineer a product or find flaws that would permit an exploit. |
| DoS | Denial of Service. An exploit whose purpose is to deny somebody the use of the service: namely to crash or hang a program or the entire system. Examples of DoS attacks include flooding the victim with more traffic than can be handled; flooding a service (like IRC) with more events than it can handle bomb; crashing a TCP/IP stack by sending corrupt packets; crashing a service by interacting with it in an unexpected way; or hanging a system by causing it to go into an infinite loop. For example, the Ping of Death exploit crashed machines by sending illegally fragmented packets at a victim. A common word for DoS is "nuke", which was first popularized by the WinNuke program. Examples |
| Downloader | A program designed to retrieve and install additional files, when run. Most will be configured to retrieve from a designated web or FTP site. Examples. |
| Dropper | In viruses and trojans, the dropper is the part of the program that installs the hostile code onto the system. Examples |
| Encryption Tool | Any software that can be used to scramble documents, software, or systems so that only those possessing a valid key are able to unscramble it. Encryption tools are used to secure information; sometimes unauthorized use of encryption tools in an organization is a cause for concern. Examples |
| Exploit | A way of breaking into a system. An exploit takes advantage of a weakness in a system in order to hack it. Exploits are the root of the hacker culture. Hackers gain fame by discovering an exploit. Others gain fame by writing scripts for it. Legions of script-kiddies apply the exploit to millions of systems, whether it makes sense or not. Since people make the same mistakes over-and-over, exploits for very different systems start to look very much like each other. Most exploits can be classified under major categories: buffer overflow, directory climbing, defaults, Denial of Service. Examples Annual Growth |
| Explosives | Any document explaining how to build or use explosives. It is hard for us to imagine any good use for explosives in the modern office. Examples |
| Firewall Killer | Any hacker tool intended to disable a user's personal firewall. Some will also disable resident anti-virus software. See also AV Killer. Examples |
| Flooder | A program that overloads a connection by any mechanism, such as fast pinging, causing a DoS attack. Examples |
| FTP Server | When installed without user awareness, an FTP server allows an attacker to download any file in the user's machine, to upload new files to that machine, and to replace any existing file with an uploaded file. Examples. See also HTTP Server. |
| Hacker Tool | Aggregate of these categories: Binder, Carding, Cracking Tool, Flooder, Key Generator, Mail Bomber, Mailer, Misc Tool, Nuker, Packer, Password Cracker, Password Cracking Word List, Phreaking Tool, Port Scanner, Probe Tool, Sniffer, Spoofer, Trojan, Trojan Creation Tool, Virus Creation Tool, Virus Source, Virus Tutorial, and War Dialer. Annual Growth |
| Healthy Non-Pest File | Any file which is not a pest, such as a file that is part of the operating system. |
| Hijacker | Any software that resets your browser's settings to point to other sites. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower. Homepage Hijackers will change your home page to some other site. Error Hijackers will display a new error page when a requested URL is not found. Examples |
| Hoax | 1. Any mythical problem, such as the widespread fear, spread by email alerts, that the file sulfnbk.exe is a virus. 2. Any software that intentionally misleads the user. |
| Hostile ActiveX | An ActiveX control is essentially a Windows program that can be distributed from a web page. These controls can do literally anything a Windows program can do. A Hostile ActiveX program does something that its user did not intend for it to do, such as erasing a hard drive, dropping a virus or trojan into your machine, or scanning your drive for tax records or documents. As with other Trojans, a Hostile ActiveX control will normally appear to have some other function than what it actually has. Examples |
| Hostile Java | Browsers include a "virtual machine" that encapsulates the Java program and prevents it from accessing your local machine. The theory behind this is that a Java "applet" is really content -- like graphics -- rather than full application software. However, as of July, 2000, all known browsers have had bugs in their Java virtual machines that would allow hostile applets to "break out" of this "sandbox" and access other parts of the system. Most security experts browse with Java disabled on their computers, or encapsulate it with further sandboxes/virtual-machines. Examples |
| Hostile Script | A script is a text file with a .VBS, .WSH, .JS, .HTA, .JSE, .VBE extension that is executed by Microsoft WScript or Microsoft Scripting Host Application, interpreting the instructions in the script and acting on them. A hostile script performs unwanted actions. Examples |
| HTTP Server | When installed without user awareness, an HTTP server allows an attacker to use a web browser to view and thus retrieve information collected by other software placed in the user's machine. Examples. See also FTP Server. |
| IRC War | Any tool that uses Internet Relay Chat for spoofing, eavesdropping, sniffing, spamming, breaking passwords, harassment, fraud, forgery, 'imposturing', electronic trespassing, tampering, hacking, nuking, system contamination including without limitation use of viruses, worms and Trojan horses causing unauthorized, damaging or harmful access and/or retrieval of information and data on your computer and other forms of activity that may even be considered unlawful. Examples |
| Key Generator | Any tool designed to break software copy protection by extracting internally-stored keys, which can then be entered into the program to convince it that the user is an authorized purchaser. Examples |
| Key Logger | (Keystroke Logger). A program that runs in the background, recording all the keystrokes. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker. The attacker then peruses them carefully in the hopes of either finding passwords, or possibly other useful information that could be used to compromise the system or be used in a social engineering attack. For example, a key logger will reveal the contents of all e-mail composed by the user. Keylog programs are commonly included in rootkits and RATs (remote administration trojans). Examples Most Common Annual Growth More Info See also Surveillance. |
| Loader | Any program designed to load another program. Examples |
| Lockpicking | Any document describing how to pick locks. While such a document might be handy if you forget your keys, in most cases we think the lock is there for good reason. Examples |
| Mailbomber | Software that will flood a victim's inbox with hundreds or thousands of pieces of mail. Such mail generally does not correctly reveal its source. Examples |
| Mailer | A program that creates and sends email with forged headers, so that the source of the mail it sends cannot be traced. Examples |
| Misc | Anything (other than a document) not in another category, perhaps because it falls into mulitple categories, such as a tool suite. Examples |
| Misc Doc | Any document that we feel doesn't belong in today's office, but does not fall neatly into some other category, such as "Cats in Microwaves" or "How to Annoy Your Teacher" Examples |
| Misc Tool | Any other tool that might be used in planning an attack on a system, developing tools for such an attack, or performing it. Examples |
| NA | Not a pest. This is a healthy program. |
| NT Cracking | Document or tool for breaking into a Windows NT system |
| NT Security Scanner | A tool that probes an NT server, looking for vulnerabilities. While these can be used by security managers, wishing to shore up their security, the tools are as likely used by attackers to evaluate where to start an attack. One kind of Probe Tool. |
| Netware Cracking | Document or tool for breaking into a Netware system. |
| Network Cracking Text | Any document describing how to break into a network |
| Nuker | A program that disables a machine through damage to the registry, key files, the file system, etc. Examples |
| P2P | Any peer-to-peer file swapping program, such as Audiogalaxy, Bearshare, Blubster, E-Mule, Gnucleus, Grokster, Imesh, KaZaa, KaZaa Lite, Limewire, Morpheus, Shareaza, WinMX and Xolox. In an organization, can degrade network performance and consume vast amounts of storage. May create security issues as outsiders are granted access to internal files. Often bundled with Adware or Spyware. Examples |
| Packer | A utility which compresses a file, encrypting it in the process. It adds a header that automatically expands the file in memory, when it is executed, and then transfers control to that file. Some packers can unpack without starting the packed file. Packers are "useful" for trojan authors as they make their work undetectable by anti-virus products. Examples |
| Password Capture | A variant of the Key Logger that captures passwords as they are entered or transmitted. Some password capture trojans impersonate the login prompt, asking the user to provide their password. Examples |
| Password Cracker | A tool to decrypt a password or password file. PestPatrol uses the term both for programs that take an algorithmic approach to cracking, as well as those that use brute force with a password cracking word list. Password crackers have legitimate uses by security administrators, who want to find weak passwords in order to change them and improve system security. Examples |
| Password Cracking Word List | A list of words that a brute force password cracker can use to muscle its way into a system. Examples |
| Pest | Any unwanted software. For a given user, the term will encompass most of the more specific kinds of software defined here. |
| Phreaking Text | A document describing how to hack the phone system. Most of these documents apply to older phone systems, and describe techniques that rarely work on modern phone systems. Examples |
| Phreaking Tool | Any executable that assists in hacking the phone system, such as by using a sound card to imitate various audible tones. Examples |
| Port Scanner | In hacker reconnaissance, a port scan attempts to connect to all 65536 ports on a machine in order to see if anybody is listening on those ports. Ports scans are not illegal in many places, in part because they don't actually compromise the system, in part because they can easily be spoofed, so it is hard to prove guilt, and in part because virtually any machine on the Internet can be induced to scan another machine. Many people think that port scanning is an overt hostile act and should be made illegal. An attacker will often sweep thousands (or millions) of machines rather than a single machine looking for any system that might be vulnerable. Port scans are always automated through tools called Port Scanners. Examples |
| Probe Tool | A tool that explores another system, looking for vulnerabilities. While these can be used by security managers, wishing to shore up their security, the tools are as likely used by attackers to evaluate where to start an attack. An example is an NT Security Scanner. Examples |
| Proxy | Any firewall that blocks and re-creates a connection between two points. As a defensive tool, a proxy in an organization hides a user from the outside world. As a pest, a proxy hides an attacker from a user. As a pest, a proxy is a tool that can be used to anonymize a connection between an attacker and your machine, making the connection more difficult to trace. The attacker interacts with the proxy; the proxy translates the interaction and interacts with your machine. As attack tools, SMTP and FTP proxies are often used in conjunction with Firewall Killers, Downloaders, RATs, and Trojans. |
| RAT | A Remote Administration Tool, or RAT, is a Trojan that when run, provides an attacker with the capability of remotely controlling a machine via a "client" in the attacker's machine, and a "server" in the victim's machine. Examples include Back Orifice, NetBus, SubSeven, and Hack'a'tack. What happens when a server is installed in a victim's machine depends on the capabilities of the trojan, the interests of the attacker, and whether or not control of the server is ever gained by another attacker -- who might have entirely different interests. Infections by remote administration Trojans on Windows machines are becoming more frequent. One common vector is through File and Print Sharing, when home users inadvertently open up their system to the rest of the world. If an attacker has access to the hard-drive, he/she can place the trojan in the startup folder. This will run the trojan the next time the user logs in. Another common vector is when the attacker simply e-mails the trojan to the user along with a social engineering hack that convinces the user to run it against their better judgment. Examples Most Common Annual Growth More Info |
| Remote Control | See RAT. |
| Ripper | In the underground culture, the word rip means to make a copy of. Often, this has the connotation of making an illegal copy of a copyrighted work. The most common examples are programs that rip music CDs, or site rippers that download a complete copy of an entire web-site. Examples |
| Risk | Likelihood of unwanted events, multiplied by their severity. The combination of events harmful to an entitys desired state of affairs, the chance that the events will take place, and the consequences of their occurrence, as a function of time. -- NSA Corporate Plan for INFOSEC Action, April 1996 More Info |
| Security Scanner | See Probe Tool. |
| Sniffer | A wiretap that eavesdrops on computer networks. The attacker must be between the sender and the receiver in order to sniff traffic. This is easy in corporations using shared media. Sniffers are frequently used as part of automated programs to sift information off the wire, such as clear-text passwords, and sometimes password hashes (to be cracked). Examples |
| SPAM Tool | SPAM is any unsolicited advertising, promotional material, or other e-mail message sent indiscriminately to multiple mailing lists, individuals, or newsgroups. A SPAM Tool is any software designed to extract email addresses from web sites and other sources, remove "dangerous" or "illegal" addresses, and/or efficiently send unsolicited (and perhaps untraceable) mail to these addresses. Examples |
| Spoofer | To "spoof" is to forge your identity. Attackers use spoofers to forge their IP address (IP spoofing). The most common use of spoofing today is smurf and fraggle attacks. These attacks use spoofed packets against amplifiers in order to overload the victim's connection. This is done by sending a single packet to a broadcast address with the victim as the source address. All the machines within the broadcast domain then respond back to the victim, overloading the victim's Internet connection. Since smurfing accounts for more than half the traffic on some backbones, ISPs are starting to take spoofing seriously and have started implementing measures within their routers that verify valid source addresses before passing the packets. Examples |
| Spyware | Any product that employs a user's Internet connection in the background without their knowledge, and gathers/transmits info on the user or their behavior. Many spyware products will collect referrer info (information from your web browser which reveals what URL you linked from), your IP address (a number that is used by computers on the network to identify your computer), system information (such as time of visit, type of browser used, the operating system and platform, and CPU speed.) Spyware products sometimes wrap other commercial products, and are introduced to machines when those commercial products are installed. See also Adware. Examples Most Common |
| Spyware Cookie | See Tracking Cookie. |
| Surveillance | Any software designed to use a webcam, microphone, screen capture, or other approaches to monitor and capture information. Some such software will transmit this captured information to a remote source. Examples. See also Key Logger. |
| Telnet Server | Software that allows a remote user of a Telnet client to connect as a remote terminal from anywhere on the Internet and control a computer in which the server software is running. Examples. |
| Theft | Any documents that present methods to steal things -- cars, books, cheeseburgers. Examples |
| Tracking Cookie | Any cookie that is shared among two or more unrelated sites for the purpose of tracking a user's browsing and/or gathering and/or sharing information which many users regard as "private.". Definitions of "private" may differ. Some consider any code "private" if it uniquely identifies a user, even if it is not their name or email address. A typical tracking cookie might look like this: "1 www.somedomainname.com/ 0 2719785088 29508922 2980377808 29496852 * " The encoded info in this cookie includes a unique UserID assigned by a web server; the cookie can be used to track a user as they visit other sites that accept this cookie. More Info Examples |
| Trojan | Unwanted software which runs in a user's machine, as an agent of the attacker, without user awareness. Unlike viruses and worms, trojans do not replicate (make copies of themselves.) We classify some pests simply as "Trojan". Others are more precisely classified as ANSI Bomb, AOL Pest, Annoyance, DDoS, Dialer, DoS, Dropper, Hostile ActiveX, Hostile Java, Hostile Script, Key Logger, Loader, Password Capture, RAT, Spyware, Trojan, War Dialer, and Worms. Examples Most Common Annual Growth |
| Trojan Creation Tool | A program designed to create Trojans. Some of these tools merely wrap existing Trojans, to make them harder to detect. Others add a trojan to an existing product (such as RegEdit.exe), making it a Dropper. Examples |
| Virus | Software which attaches to other software. A boot virus inserts its code into the boot record or master boot record of a disk, so that when the machine boots from that disk, the virus code is executed. A file virus inserts its code into an executable file, so that when that file is executed, the virus is executed as well. Annual Growth |
| Virus Creation Tool | A program designed to generate viruses. Even early virus creation tools were able to generate hundreds or thousands of different, functioning viruses, which were initially undetectable by current scanners. Examples |
| Virus Source | Source code is written by a programmer in a high-level language and readable by people but not computers. Source code must be converted to object code or machine language before a computer can read or execute the program. Virus Source can be compiled to create working viruses, or modified and compiled by programmers to make new working viruses. Examples |
| Virus Tutorial | We don't think there is much need for viruses in today's offices, so we don't think there is much need to learn how to create them. Virus Tutorials explain 'how to'. Examples |
| War Dialer | (demon-dialing, carrier-scanning) War-dialing was popularized in the 1983 movie War Games. It is the process of dialing all the numbers in a range in order to find any machine that answers. Many corporations have desktop computers with attached modems; attackers can dial in order to break into the desktop, and thereafter the corporation. Similarly, many companies have servers with attached modems that aren't considered as part of the general security scheme. Since most security emphasis these days is on Internet-related attacks, war-dialing represents the "soft underbelly" of the security infrastructure that can be exploited. Examples |
| Worm | A program that propagates by attacking other machines and copying itself to them. Both worms and viruses are self-replicating code that travels from machine to machine by various means. Both worms and viruses have, as their first objective, merely propagation. Both can be destructive, depending on what payload, if any, they have been given. But there are some differences: worms may replace files, but do not insert themselves into files. In contrast, viruses insert themselves in files, but (with the exception of "overwriting viruses") do not replace them. Some worms do not create files as a stage in their life cycle. Examples Most Common Annual Growth |
