Glossary of Computer Virus Terms

There are rumoured to be millions of viruses out there, with the ability to infect, disrupt and damage your computer. But, if you don’t their names and what they do, it can lead to problems dealing with them.

Our glossary of computer virus terms provides you with all the information you need to know about common viruses and what they can do, as well as terms used to describe processes and computing actions. With the easy-to-understand definitions, you can learn everything you need to know about malware topics and be able to discuss computer viruses with other people.


Access means the ability to enter a program or set of data and to implement operations, changes, and general manipulation.

access control
The process, or method used to monitor and control access to a system or computer.

active attack
An active attack by a malicious code or program that has accessed a system or computer.

Advanced Persistent Threat
A person, software or machine that maintains a constant threat to anyone by any means or resources used to perpetrate an attack or series of attacks.

A malware that specializes in offering pop-up adverts or redirection to a site. These codes can and usually do slow down the operating system, redefine browser configurations and in some instances, allow other malicious code or software access to the infected system or computer.

A notification that something is trying, or has tried to attack or install itself on the computer or system.

Alias Virus Name
Some viruses are part of a group, that share a common name, but have unique features that the anti-virus industry renames to point to the specific feature.

antispyware software
Software designed to detect, quarantine, and destroy spyware.

Antivirus Program
A program for managing, detecting, protecting, quarantining, and destroying virus software from infecting a system or computer.

antivirus software
The same as an antivirus program but can include other features that are bundled with the main antiviral feature.

A specific viral defense used to cloak their presence in a system.

An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity.

attack method
The methods used to initiate an attack.

attack path
A specific strategy or path in an attack method.

attack pattern
Many events occurring during an attack that may point to a multiple-point attack.

attack signature
Each malicious software has a distinctive pattern of attack, this is its signature and if recognized can be countered.

The way in which a system verifies that a user or access point activator is whom they claim to be.


A means for attacking a system, backdoors are created by trojan malware, it also refers to a method that a programmer has left in place to access a system when locked out.

Backing up
A means of storing a copy of your system, program, and data files.

Every communication system uses a bandwidth, this defines the "width" of the communication packets.

Banker Trojan
A trojan malware focusing on financial transactions and banks.

This is how malware acts when and after it has infected a system.

Black hat
A black hat hacker operates for personal gain or for malicious destruction.

A list of blocked users, visitors, or addresses.

Boot Virus
A virus that focuses on boot sectors.

A bot is a generic name for software that performs a series of pre-programmed actions (bot=Robot).

Bot Herder
Also known as a bot master or zombie master, a bot herder is a person or group of people that control a botnet.

Bot master
The controller of a botnet that, from a remote location, provides direction to the compromised computers in the botnet.

Botnets, or zombie armies, are networks of computers controlled by an attacker. Having control over an unlimited number of CPU's lets hackers perform certain types of cyber-attacks, such as a DDoS (see below). Buying many computers isn't economical, so hackers deploy malware to infect random internet connected computers. If your computer is infected, it means your CPU is stealthily performing a hacker's hashing in the background.

High-speed data transmission system where the communications circuit is shared between multiple users.

A browser is the user interface program with the WWW.

Brute force
A brute force attack is usually a bot application that employs a process of trial-and-error to guess the correct password. Most updated encryption applications employ different methods for slowing down brute force attacks, and recently captcha and the like have been added to make it hard or impossible for them to succeed.

A bug is an error or flaw in software code.


Stands for "Control & Command," this is the descriptor for hackers that command and control their malware from a remote site.

Category of Virus
Viruses like most objects are categorized by the nature of their attack.

A cavity is an area in a file that is empty of information, like a cave, the virus can hide in these areas, which makes it hard to find.

This is a method of measuring the size of data and is used to compare between two different versions.

cloud computing
A cloud is a server that offers internet access to use its services, be it storage or activation of software.

Common Name
This is a malware’s known name.

Common text
The International Organization for Standardization defines many cross-platform standards, this is one of them. Common text is text by this definition.

Companion Virus
Like a tumor that attaches to a lymph node, a companion virus attaches to a file or program to enter a system.

Cookies are bits of information that a site might request you save on your internet browser to check online client movements.

Country of Origin
The country where the first case of a virus was first recorded.

A hacker that tries to hack a restricted computer system.

Crackers are bad people by definition, hackers can be bad, but can also be white hat hackers that test the security of systems. Crackers are only black hat hackers and only try to break into restricted systems.

A type of malware used to perpetrate illegal online activity.

The methods used to decipher cryptographic protection of information.

cryptographic algorithm
A mathematically sound computational procedure that uses variable inputs, including a cryptographic key to produce an output.

The application of mathematical models to provide encrypted security services.

The name was given to the process of securing computer-based systems from attack.

The sum of the network of disk space of all the servers connected to the networks to the end user’s computers.


Daemon is a Unix term, describing an application that runs autonomously behind the scenes continuously providing a specific service. Windows refers to daemons as System Agents and services.

Damage Level
The level of damage that malware can afflict when operational is termed the "damage level".

Dark web
The dark web is a network of hidden and usually illicit sites running on specific niche browsers and accessible only to those with internet programming knowledge.

data breach
The unauthorized transfer of priority data to a person or company that is not authorized to see or have the information.

data loss
The unfortunate loss of information when deleting files by mistake or misplacing or forgetting where they are in the system.

data mining
The method by which we try to extract sources of information from accessible networks.

Data server
A server used to house a database for public use by other computers or systems.

Day Zero
The day a threat is recognized but no patch or defense has been devised to counter the threat.

DDoS (Distributed Denial of Service)
This is a multiple server attack on a single target, usually, malware hijacked the multiple computers to perform the attack.

A tool that reads and edits software source codes.

Declaration of conformity
A supplier’s confirmation that their product meets pre-set standards and requirements.

The method in which encrypted data is opened for human or computer reading.

A malware attack that transfers the legitimate phone connection used to connect to the Internet and re-connects it via a premium rate number generating extremely high phone bills.

Dictionary Attack
A dictionary attack is a form of brute force but focused on many predefined words to crack a password or code.

Digital Certificate
A verification process that proves whether the visitor is whom they say they are and provides an encoded key for access.

Direct Action
One of the various virus categories.

The process by which an antivirus program detects and deletes a virus.

Distribution Level
This factor measures the rate and scope a virus will distribute itself when activated.

A demilitarized zone is a network segment that is used to isolate servers accessed by less trusted users.

As described in Merriam Webster: a subdivision of the Internet consisting of computers or sites usually with a common purpose (such as providing commercial information) and denoted in Internet addresses by a unique abbreviation (such as com for commercial sites or gov for government sites).

DoS (Denial of Service)
An attack, which prevents access by users to services in the operating system.

Drive-by Download
Spyware, adware, or PUPs that download another file after visiting an HTML site.

An .EXE file that has different viruses in it.


Emergency Disk/Rescue Disk
Is an external disk used to recover or start a computer system that has crashed.

This is a method to hide content from illegal snooping. Encrypted data needs a specific key to unlock it.

EPO (Entry Point Obscuring)
This is a delayed action virus that only starts after a while from activation, used to hide when it was activated, hence the title EPO.

Is a network protocol for transferring data in a local area network (LAN).

Is how a hacker will take advantage of a bug in your system. Not all bugs are exploitable. Imagine a padlock with only a one digit code that’s a bug that can be hacked easily.

Exploit Kit
A kit contains a number of exploit tools for deployment over multiple instances.


False Positives
These are behavior patterns recognized as possible threats, sometimes they can be a nuisance so you can set preferences to ignore these instances, allowing the anti-virus software to focus on real threats.

A firewall is a set of functions that check incoming data streams and block ones that are considered dangerous. You can set specific firewall rules for different websites and addresses.

First Appeared On
The time a virus first appeared.

First Detected On
The time a malware was first detected.

A malicious means of crashing or overloading a system by creating a massive output of messaging, flooding the system and network.

Free software that is legally distributed.


Hackers are professional software experts in detecting security issues, they can be good "white hat" and are employed to check and test system security or they can be bad "black hat" or malicious "cracker".

Hacking Tool
The software employed by a hacker to perform the necessary security infiltration tasks.

These are political hackers, using their abilities to affect public opinion and interfere with political campaigns.

Hard disk
The large data storage disk in a device, or as a stand-alone (external disk).

Hashing is another word for mathematical processing, hashing is performed to either solve a complex issue to create one.

Heuristic Scan
A practical quick or deep scan used to detect viruses by trial and error.

Hijack Attack
The taking of a communication line or system and controlling it for personal reasons.

A malware that changes your browser's settings to suit its own purposes, such as changing the default home page.

This is a malware popup suggesting the victim installs a fake antivirus program to fight a bogus attack.

Hypertext Transfer (or Transport) Protocol Secure, is the name before every address on the internet, that has a security protocol in action.

Hybrid Attack
A Hybrid Attack is both a dictionary attack but with added numerals.

This is a link attached to an object, it can be a text or an image, it can be highlighted by an underline an/or color.


The method for affirming the identity of a user.

Identity Theft
The illegal misrepresentation of identity information not belonging to the user.

In Circulation
A malware that has been released into a global network.

In The Wild
The monthly list of known malware.

The actual results of an active malware attack.

Inference Attack
A logical process for connecting between seemingly random attacks.

Infrastructure-as-a-service (IaaS)
Internet accessed infrastructure (server, disk) used as a service to replace local infrastructure.

Inspection certificate
Certification of conformity provided by a supplier.

Instant messaging
A platform for enabling instant chat between two or more users online.

Internet service provider (ISP)
The company or service that offers access to the internet via their infrastructure.

intrusion detection
The process and method for detecting possible unauthorized access.

Intrusion detection system (IDS)
The software that employs the process and method for detecting possible unauthorized access.

Intrusion prevention system (IPS)
The software that employs the process and method for preventing unauthorized access.

IP Address
The Internet Protocol (IP) address is the address of the physical location of the system accessing the internet.


The process by which hardware and software are compromised to enable running third party software on it. (Playstation etc.)

A high-level programming language used in many web applications.


Keyboard Logger
Software used to record every keystroke, can either be malicious or parental/propriety control software.

Same as Keyboard Logger.


Link Virus
A virus that changes the link fo the file you access to the virus when the link is pressed, the virus is activated.

Local area network (LAN)
A network of computers linked together in a single area, home, building, floor.

Logic Bomb
Malware that when activated creates a series of logic problems that the computer tries to solve, draining system resources.


machine learning
The academic sector for artificial intelligence specifically focused on computer self-learning algorithms.

Macro Virus
A virus that targets program macros. Macros are snippets of code that perform specific tasks in programmes, such as Word or Excel macros.

malicious code
Like Malware is a snippet of code designed to perform malicious activities.

Malware that is received through email.

Malware + Advertising - malware that spreads more malware through infected advertising.

The name was given to all MALicious softWARE including viruses, worms, and Trojans.

Management system
The policies set by a company that creates the umbrella for organizational management methods and principles.

Masquerade Attack
An attack where the attacker is disguised.

Means of Transmission
The mode of virus logistics, how a virus travels from one system to the other.

This is a virus made up of many other virus behavior patterns.

Mutex (Mutual Exclusion Object)
The virus stops the system from allocating service resources simultaneously, "muting" the system usage and makes it harder to detect.


A cluster of hardware and software linked together using communications protocols to transfer data between each other.

Network firewall
The system that controls traffic to and from a network.

Nuke (Attack)
This targets a network connection, causing it to fail thereby blocking all I/O operations.

The program or attacker who launches the nuke attack.


P2P (Peer-to-Peer)
Peer to Peer networks share information, viruses use these modes of sharing to proliferate.

passive attack
An attack induced to gather information without leaving damage or a trace of its existence.

A string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization.

Password Cracking
An attempt at discovering the password using possible trusted information sources.

Password managers
Software for managing multiple passwords, specifically aimed at people that use the same password for every account, rather than a unique password for each individual account.

Password Sniffing
A passive attempt to uncover passwords in a network.

Password Stealer
Software used to steal password information.

The process to update software.

The result of a virus attack.

Penetration Testing
Also known as "pen testing," penetration testing is the system employed by hackers to test a programmes security and fix any bugs found during the process.

Permanent Protection
The process by which an antivirus program constantly scans files and programmes.

Personal firewall
Network traffic protection software to and from a personal computer.

Personal information
A persons personal information.

The process in which criminals impersonate a legitimate site or company in emails with the explicit intention of getting the victim to follow the links and thereby divulge personal information.

Platform-as-a-service (PaaS)
The use of software platforms in clouds or servers that allow users access to their features and functions.

An application that when attached to another will add more functionality.

The process employed to change virus encryption every time it is used.

POP (Post Office Protocol)
An e-mail protocol (There is also SMTP, an email sending protocol).

Portable device
Small computers, either mobile based or handheld mini systems.

The virus attaches its code at the beginning of a file, so when the file is opened the virus is activated.

private key
A confidential cryptographic key.

Proactive Protection
A process by which continuous analysis and review maintain the protection of a system from malware threats.

Process Killer
A program that shuts down an infected computer to contain the threat of proliferation.

Proxy server
A proxy is a go-between server.

public key
Like a personal key but public, many may hold its cipher.

PUP (Potentially Unwanted Program)
Add on programmes that install themselves either unaware or through trickery and offer adverts and links that confuse and anger users.


Ransomware is a malware that locks access or encrypts data to be released only after a ransom has been paid.

Additional or alternative system or application that continue to function when a parent process fails.

Remote Access Tool
This is a tool for accessing a computer or system from a remote site.

When a virus multiplies it replicates.

Resident Virus
Software stored a computers disk memory and constantly monitors operations taking place in the system.

Software used to recover lost or damaged data.

Software used to infiltrate a system undetected. Used by hackers to hide their activities in previously compromised systems. Some malware use rootkits camouflage themselves.

The device that directs the flow of communication in a network.

RunPE Technique
A malware behavior that replaces the original executable mapped memory with the payload and the executable is run again.


A scam is a fraudulent plot to trick you into giving money under false premises.

Screen scraper
A way to scan and copy a screen to gain access to personal private data.

secret key
A cryptographic key with both encryption and decryption.

Security control
the system for managing security risks.

Security information and event management (SIEM)
Process in which network information is aggregated, sorted and correlated to detect suspicious activities.

Security Patch
A software upgrade that focuses on security issues.

Security perimeter
Security control boundaries.

Security Risk
The possibility for a negative action to impact a system.

A physical drive that offers either shared or dedicated computational power and disk space over a network.

A virtual connection between two hosts in a network.

A mobile operating system platform added to a functional mobile phone device to access applications and browsers.

An attack that generates multiple and continuous pings that use up your network bandwidth.

Software-as-a-service (SaaS)
Remote access to software running on a server or cloud.

Multiple messaging or unwanted messages, some may contain malware.

The person who sends multiple messages or unwanted email, which can also contain malware.

Spear Phishing
A phishing attack focused on a specific target.

Faking the sending address of a message to gain illegal access a system.

As the name suggests, this is a covert malware that specifically targets the victim's information and transmits it to the malwares controller.


Basically a big smartphone with laptop operational capabilities, usually with fewer hardware options.

Something that may inflict harm<./p>

Tor is short for The Onion Router. Usually used by crackers, hackers and illicit online traders and e-commerce. The Tor network is a collection of volunteer-run computers run by Tor Project, a nonprofit that maintains it. The Tor browser is free and lets you access hidden services.

A ring of data on a disk, similar to a DVD or CD track.

Applications designed to monitor specific Internet usage, such as banners clicks, page visits, data downloads, which are used to profile users statistics for advertisers.

A kind of malware that usually downloads spyware onto a computer.

named after the Trojan Horse (read up on your Greek History) it is disguised as a trusted program but in fact, is used to open backdoors or to perform certain functions that are aimed to harm your computer or gather personal information.

Viruses that attach themselves to the intercept handlers of an operating system, anti-virus software must use tunneling techniques to combat these types of attack.

Two-factor authentication
The demand for two identification authentications such as a password and a CAPTCHA.

Buying a domain that is similar to a popular domain in order to attract visitors, for instance, Google : Gooqle.


Unauthorized Tracking Cookies
Using cookies as spyware, but as a cookie, it is not a malicious code, only a way to track your internet usage.

User account
A record of users account information.

Similar to a nickname, a user will choose a short moniker rather than their full or real name.


Anti-virus software create file profiles to review changes in their structure, which is a sign of a viral attack.

Different types (mutations) of the same virus.

Virtual private network (VPN)
Virtual Private Network uses encryption to create a private and secure channel to connect to the internet, it also allows you to hide your true IP address, enabling you to access IP specific blocked sites.

An application used to infect and harm computer systems.

Virus Constructor
A programme that automates virus creation, the user can define the features and properties and the program will create the new virus.

Virus Signature File
An anti-virus feature used to detect viruses.

Virtual Private Network uses encryption to create a private and secure channel to connect to the internet, it also allows you to hide your true IP address, enabling you to access IP specific blocked sites.

The level of defense of any system.


White hat
Hackers that are employed to test the vulnerability of a system or network.

A list of trusted entities.

Wireless Fidelity, shortened to mean a not a physically linked network.

Wide area network (WAN)
A system for linking LAN's and single computers over a wide area.

A worm is similar to a virus but is not attached to another program to spread, the main purpose of a worm is to replicate itself to destroy the system.


A bot controlled computer.

Zoo Virus
A laboratory virus used for experimentation purposes only.

Popular Articles

Internet Kids - Road Trip
Download Free Book »
How to Protect Against Identity Theft
Read More »
Ransomware Facts, Stats & History
View Infographic »
How Computer Viruses Work
Read More »
Advertiser Disclaimer: We are a professional review site that receives compensation from the companies whose products we review. We test each product thoroughly and give high marks to only the very best. We are independently owned and the opinions expressed here are our own. We are not responsible for direct, indirect, incidental or consequential damages resulting from use of any antivirus software and/or this website.