| Backdoor.Family.Variant | Remote Access Tools (remote administration programs) |
| Back Door (Trap door) | Synonymous with trap door. A way into a software system that the programmer or administrator of that system (or a cracker who has gained access) has deliberately left for himself. A typical back door will allow its designer access to the system without checking the file of authorized users.
Back doors are often designed into systems to help debugging processes during the design phase - and can sometimes be left in accidentally. Sometimes this is intentional to allow field engineeers to maintain the system. Conspiracy theorists often claim that some major operating systems have secret back doors included at the behest of the nation's security services. There is evidence to suggest that this has happened in the past. |
| Bandwidth | A term that describes the amount of information that can be passed through a communications channel in a given amount of time; that is, the capacity of the channel. The bandwidth is usually expressed in 'bits per second'.
Thus, a T1 line has a bandwidth of 1.544 Mbps; a 56k baud modem has a nominal bandwidth of 0.056 Mbps. |
| Ban on Spam | Ban on Spam is the nickname given to the EU's anti-spam directive. It sets out specific conditions for installing so-called cookies on users' personal computers and for using location data generated by mobile phones. Notably, the Directive also introduces a 'ban on spam' throughout the EU.
Directive 2002/58/EC on Privacy and Electronic Communications.
C:Winwowssystem32driversetc |
| BAT.Family.Variant | DOS Batch Virus (virus which infects .BAT files) |
| Bayesian filtering | Bayesian filtering is an analysis technique that is used within information security to recognise spam automatically. Bayesian filters use 'Bayes Formula', which is an algorithmic methodology for combining the probability of multiple events into a single number. The technique is used to deliver a 'spam probability' based on the occurence of different words or phrases within a single email.
Unlike the more simplistic 'blacklist' spam filters (which generate a spam 'score' based on the occurrence of differently weighted keywords, all generally taken out of context), Bayesian filters can accommodate 'good' words or phrases as well as 'bad' ones. The system 'learns' to differentiate genuine email from spam by examining the words and punctuation in large samples of both types of messages. It selects a set of words and numbers ('tokens') from the text and compares their ratio between good mail and spam. Using the tokens, the Bayesian approach looks at new mail and calculates the probability that the message is spam. One advantage, of course, is that the spam filtering becomes attuned to the email of each individual user. |
| Behavior blocking | Also known as 'sandboxing', behavior blocking software monitors the executable actions of potentially malicious software and stops dangerous operations from taking place (such as deleting files, modifying system settings and so on).
Behavior blocking programs are often considered to be more effective than virus scanners in blocking malicious code because they monitor actual functions rather than look for a known signature. In order for a traditional virus scanner to detect a virus, it has to have the actual signature, or fingerprint, of the virus within its database. New viruses often succeed because they are not immediately recognised simply because their signatures are not yet held in the database. Behavior blocking doesn't care whether it's a new virus, an old virus or something completely different - it simply stops it harming the system. |
| BeOS.Family.Variant | BeOS Script Virus (script viruses for BeOS) |
| Blacklist | The feature in many spam and IP filtering systems that allows the user or administrator to compile a list of addresses that will be disallowed. For example, an anti-spam blacklist will be a list of IP addresses from which mail will be blocked; a web filtering blacklist will be a list of websites that the user cannot access. The term also applies to the list itself. |
| Bluejacking | Bluejacking is the term used to describe the process of sending a message from one Bluetooth enabled mobile phone to another local Bluetooth enabled phone. This makes location-based marketing a realistic possibility - users walking passed the front of a shop could receive a message detailing current special offers, or delivering money-off vouchers. But is this spam? Many users would consider it so; and it is unlikely that it would be legal in any of the countries with anti-spam legislation. Unless, of course, the user specifically opts-in to the 'service'. |
| Boot | First code sequence that is executed prior to loading the operating system. |
| Botnet | Botnet is a jargon term for a collection of software robots, or bots, that run autonomously and automatically. The term is often associated with malicious software but it can also refer to the network of computers using distributed computing software.
While the term "botnet" can be used to refer to any group of bots, such as IRC bots, the word is generally used to refer to a collection of compromised computers (called Zombie computers) running software, usually installed via worms, Trojan horses, or backdoors, under a common command-and-control infrastructure. The majority of these computers are running Microsoft Windows operating systems, but other operating systems can be affected. |
| Browser Hijacker | A browser hijacker is a program or code that changes your browser settings so that you are redirected to different Web sites. Most browser hijackers alter the default home pages and search pages to those of customers who pay for the traffic generated. Some add pornographic Web sites to the users' favorites; generate pornographic pop-up windows faster than the user can click them shut; and redirect users to pornographic sites.
Many of the hijackers are also poorly coded, and can cause their own problems - slowing down or crashing the PC.
Hijackers are usually the result of a virus or worm infection, or installed surreptitiously when visiting dubious sites. Some, however, are installed 'legitimately' as part of freeware - but only because the user didn't read the small print in the end user license. |
| Brute Force attack | A type of attack in which every possible key is attempted until the correct key is found. Ciphertext is deciphered under different keys until recognizable plaintext is discovered. On average, this will take half as many attempts as there are keys in the keyspace.
To crack a 64-bit key, it would take 10 EFF DES Crackers operating for an entire year. At 128 bits, it is totally infeasible to break a key by brute force, even if all the computers in the world are put to the task. To break one in a year would require, say, 1 trillion computers (more than 100 computers for every person on the globe), each running 10 billion times faster than the EFF DES Cracker. Put another way, it would require the equivalent of 10 billion trillion DES Crackers! Hiding Crimes in Cyberspace, Dorothy E. Denning and William E. Baugh, Jr. July 1999. |
| Buffer overflow | A buffer is an area of memory used to hold data for processing. It has a predetermined size.
If the data being placed into the buffer is too large, is not checked and is allowed to overflow the buffer, it can have unexpected effects. At best, the excess data is simply lost. At worst, the excess data might overwrite other legitimate data.
Understanding what happens to buffer overflows can allow a hacker to take control of a system - or simply crash the system.
A particular type of buffer overflow attack is an attack on the program stack (sometimes known as 'smashing the stack'). The program stack is used to control the flow of execution of the program. By carefully controlling the buffer overflow, a hacker can overwrite and change the return address of a function - and execute code of his own choice.
This type of buffer overflow is the most common and often the most effective type of remote attack. |
Powered by