|
Network Chico security
terms glossary
| @ | A
| B | C | D
| E | F | G
| H | I | J
| K | L | M
| N | O | P
| Q | R | S
| T | U | V
| W | X | Y
| Z |
Welcome to the Network Chico
computer security terms glossary.
=M=
Macro Virus: Macro viruses
consist of instructions in Word Basic, Visual Basic for Applications
and other application macro languages. They often reside in documents
or other file types that are traditionally thought of as 'just
data', and although that is not critical to determining whether
something is a macro virus or not, it has been a crucial factor
in the relative success of certain kinds of macro viruses. Another
factor contributing to the success of macro viruses in the popular
Microsoft Office application suite and related products (such
as Microsoft Project) is that not only can the document files
of these applications carry macro code, those macros can automatically
run when certain basic events (such as opening and closing documents)
occur and/or when the user expects that standard functions within
the application should occur (such as selecting the Save item
from the File menu). While few users tend to think of 'documents'
as capable of being infected, any application which supports
document-bound macros that automatically execute or usurp standard
application functions is a potentially welcoming platform for
macro viruses. By the late 1990s, documents had become much more
widely shared than diskettes (assisted by the extensive adoption
of networking technologies and particularly Internet e-mail)
and document-based viruses dominated prevalence statistics. This
seems likely to continue for the early years of the 21st century.
Mail Bomber: Software
that will flood a victim's inbox with hundreds or thousands of
pieces of mail. Such mail generally does not correctly reveal
its source.
Malware: Malicious software.
A catch-all term for 'programs that do bad or unwanted things'.
Generally, viruses, worms and Trojans will all be classed as
malware, but several other types of programs may also be included
under the term. One example of a good use for the term is where
the best classification of a program as a worm or a virus may
be unclear, you could still refer to it as 'a piece of malware'.
Mass Mailer: A virus that
distributes itself via e-mail to multiple addressees at once
is known as a mass mailer. Probably the first mass mailer was
the CHRISTMA EXEC worm of December 1987 (and a couple of copycats
in succeeding years), but the technique then all but disappeared
until the Melissa outbreak of 1999. There have, however, been
many mass mailers since Melissa. An important distinction between
mass mailers and slow mailers, at least in terms of threat assessment,
is the scale or rate at which they send infective messages. In
sending a large number of messages (and hence copies of themselves)
at once, mass mailers aim to achieve rapid, widespread distribution.
Presumably their writers hope enough recipients of these messages
will be lulled into running the attachments (or simply opening
the messages in the case of HTML-embedded script viruses) to
ensure the virus' distribution outstrips spread of news about
the outbreak and/or updates to virus scanners and other countermeasures.
With the apparently ever-growing number of people on the Internet
through the late 1990s, there was a continuous supply of fresh,
very naive, inexperienced users to be fooled into double-clicking
what they should not. Through the use of 'obvious' social engineering
tricks, viruses such as VBS/VBSWG.J had a fair shot at their
fifteen minutes of fame. Mass mailers often have the '@mm'
suffix to their names, making the additional threat they may
pose readily identifiable to the informed. Mass mailers are often
referred to as 'worms', but this usage is not entirely accepted,
and as 'e-mail worms' (perhaps to distinguish them from 'real
worms').
Master Boot Record: The
boot sector at the beginning of a hard drive (sector location
0,0,1 in CHS notation) is known as the master boot sector or,
more commonly, the master boot record. Boot code in this disk
sector is loaded by the BIOS, should it attempt to boot from
the hard drive. Normally, the MBR's boot code checks the MBR's
partition table to determine which partition to load an OS from.
It then loads the contents of the boot partition's system boot
sector (the first sector in the partition) and transfers control
to that load location. This should be the beginning of the boot
code of that partition and it is up to that code to 'know' how
to boot the OS on that partition. The master boot record is usually
referred to as such or as the MBR, sometimes as the master boot
sector (or MBS) and occasionally, but incorrectly, as the partition
table (which is actually just a part of the contents of the MBR).
Normally the master boot record of a DOS or Windows machine is
created when partitioning the drive with FDISK, although all
manner of third-party partitioning and boot management tools
may also write to the partition table and/or the MBR's boot code.
Because the MBR contains a program (the boot code) it can be
infected by a suitably crafted virus. The details of this are
covered in more detail in the Boot Sector Infector item.
Master Boot Record Infector:
A virus that infects master boot records. In reality, a virus
that only infected MBRs would not be very successful because
its chances of replicating would be very limited as new hard
drives are seldom added to systems. Its chances of spreading
would be even more limited as it is even rarer for hard drives
to be moved from machine to machine. MBR infectors usually also
infect other boot sectors (particularly those on diskettes) or
are multipartite, infecting program files and MBRs (and possibly
other boot sectors as well). For a detailed consideration of
general boot sector infection issues, see the Boot Sector Infector
item.
Master Boot Sector: See
Master Boot Record.
MBR: Master Boot Record.
MBS: Master Boot Sector
is a synonym for Master Boot Record.
Middle Infector: This
is not a widely used term, but generally refers to an entry point
obscuring (EPO) virus. Due to design considerations in some scanners,
some non-EPO viruses are referred to as middle infectors and
may require special handling.
Misc: Anything (other
than a document) not in another category, perhaps because it
falls into multiple categories, such as a tool suite.
Multipartite Virus: A
virus that infects two or more different target types is generally
referred to as a multipartite virus. Early multipartite viruses
infected boot sectors and DOS executables, but more esoteric
combinations have been seen.
Multiple Cavity Infector:
An extension of the cavity infection technique, a multiple cavity
infector is able to break its code into two or more pieces, placing
each piece in a suitable-sized 'hole' in the infection target.
As with the standard cavity infection technique, this has the
advantage of not increasing the size of the target, but adds
the flexibility of infecting files that do not have a single
'hole' large enough for the virus' entire code. This is a very
rare infection technique and made famous by the first multiple
cavity virus - CIH (although Commander_Bomber can lay claim to
using much the same technique, it made its own cavities, moving
pieces of the original executable image around to accommodate
slivers of its code).
Mutex: MUTual EXclusion
object. Mutex is a program object that allows multiple threads
to share the same resource. Any thread that needs the resource
must lock the mutex from other threads while it is using the
resource. The mutex is unlocked when it is no longer needed or
the thread is terminated. The difference between mutex and semaphore
is that a mutex is owned by the thread which locked it (that
is, only the process which locked the mutex can unlock it). Whereas
a semaphore can be changed by another thread or process.
| @ | A
| B | C | D
| E | F | G
| H | I | J
| K | L | M
| N | O | P
| Q | R | S
| T | U | V
| W | X | Y
| Z |
|
