Security Jargon Explained

As with many other subjects security comes with its own terminology which can completely baffle many people who are outside of the industry.


Would you recognise a Smurf attack?

So, for that reason, the growing list below will try to explain some of the words and phrases you may have heard but don’t fully understand:


An unwanted program that, once installed onto your computer, will harass you with unwanted advertising.


A computer program designed to protect your machine from malicious code that would do you harm.

Arbitrary code execution

The process by which a hacker can take control of a computer in order to execute any command. An exploit is used which takes advantage of any security flaws.

Backdoor attack

Software designers will often put what is known as a backdoor into their software in order to save themselves time – it could serve a number of purposes including giving them access without the need for going through security checks or entering a password. Sometimes these backdoors get left in for one reason or another and hackers look for them as a means to gain entry to your computer.


A name given to hackers who are on the wrong side. A blackhat hacker is the type of guy who gets all hackers a bad name through their criminal behaviour.


This is the name given to an individual machine that is part of a larger collection known as a botnet (see below). Comes from the word ‘robot’ due to the fact that the machine is under the control of someone else.


A collection of machines that have been ensnared via a virus, trojan, worm or other and placed under the control of a single person via a command and control centre.

Often hired out at a few cents each, collectively they can be used for DDoS attacks.

Botnet herder

One of the names given to someone who controls a botnet.

Bullet-proof hosting

A web host that guarantees its ¬†servers will not be closed even following requests from law enforcement. Typically such hosts will be found overseas where computer crime laws are either not enforced or don’t exist in the first place.

Buffer overflow

When you open a program on your computer it will be allocated an amount of memory which is known as a buffer. Poorly written programs may not be able to hold extra data which will cause an overflow which in turn will crash the machine.

Hackers can take advantage of this situation by flooding a program with data and deliberately causing an overflow. This in turn leads to security holes which allows them a way into the target machine.


Someone who either steals or trades stolen credit card information.


A virtual ‘room’ on the Internet Relay Chat (IRC) system. Each channel will generally be dedicated to a single specific topic.

Command and control centre

Used by criminals to send instructions, such as displaying ads or sending spam out, to botnets under their control.

Cross-site scripting

This is a sophisticated attack that tricks a user into thinking they are conducting their financial business on a legitimate website when in fact they are giving their details away to the bad guys who have in fact exploited the genuine site.


A malicious piece of code which will lock you out of your PC, or parts of it such as your photos and music collection, by encrypting your own data. Those behind this ransomeware will then demand payment in order to set your computer free from this hostage situation.


A hijacked computer or server which is used to store personal information which has been stolen via the use of viruses, spyware or keyloggers. They are a very risky proposition to hackers as they are incredibly incriminating and they are usually shut down very soon after their creation.

Defence in depth

The use of different layers of protection to protect a system. For example, the combined usage of antivirus software, a firewall, sandbox and virtual private network in order to get differing types of protection.

DoS attack

Denial of Service – An attack whereby one computer and one net connection is used to flood a server with packets, the aim of which is to overload the server’s bandwidth and other resources.

DDoS attack

Distributed Denial of Service – As a DoS attack above but this time using multiple computers and internet connections. Often far more effective it utilises computers unwittingly caught in a botnet.

Drive-by download

Malicious code that automatically installs itself onto the victim’s computer when they visit an infected website. Typically the code installed will be unwanted programs such as toolbars but keyloggers being installed via this method is becoming increasingly common.


A vulnerability, or bug, that is found in a piece of software that allows a hacker to gain access to a computer, web site or network.

Exploit kit

A ready assembled kit available to criminals, for a price, that can be used to hack computers. Often popular due to their ease of use.


A piece of software that sits between a computer and the internet. Either installed on your computer or embedded in your router a firewall will filter inbound and outbound traffic, neutralising any threats it detects.


The spawn of malware, frankenmalware describes the result of viruses accidentally infecting worms that are already on the victim’s computer – the offspring can often become fast-moving and unpredictable new forms of malware themselves.

Goat machine

An unprotected machine used by security researchers to attract malware writers in order to attract as much threat information as possible in a safe environment. Takes its name from the scene in Jurassic Park in which a goat was used as bait for the T-Rex.


A machine, or network of machines, set up to look like a helpless target. Often created by security firms and researchers in order to capture data about new threats. Online criminals are become increasingly aware of honeypots and are writing malware that will detect them and give them a wide berth rather than give up their secrets.

IP address

A collection of numbers that identifies every machine that connects to the internet. Each of your devices will have its own unique IP (Internet Protocol) address.

IP hacking

IP hacking occurs when a criminal discovers the Internet Protocol address of a computer or web server and then uses it to attack the machine, this will often be for the purposes of defacement or theft of data (servers) or installation of malware or theft of data (individual PCs).


A small piece of code that is installed on a machine with the express purpose of capturing data above every key press that is made on that device. Can be used for a variety of purposes ranging from spying on loved ones to stealing login data for banks and other sensitive sites.


Malnets are a malicious network of websites, servers and domains that are responsible for a series of recurrent attacks. They can typically be hired for a few thousand dollars at a time and will be highly effective before being quickly shut down again.


The practice of hiding malware in fake web advertisements. Such infected ads will often be found on well-known sites. More advanced versions do not require user action and will infect your machine automatically, whether you click on an ad or not.


Malware takes its name from the phrase malicious software and is used to describe any unwanted program that makes its way onto a computer.

Man-in-the-middle attack

A highly sophisticated attack which sees a hacker intercept data between two points, typically a user’s computer and a financial website. Can be useful in dealing with security measures that rely on more than mere passwords for access.

Packet sniffing

The process of examining individual data packets sent between computers. All too often such data packets will contain sensitive information such as login details and passwords that have been stored in plain text.


The practice of sending out emails that appear to have come from genuine organisations, such as banks or credit card companies, with the intention of tricking the recipient into giving out their sensitive information such as login details.

Often phishing emails will contain links that take the victim to what looks like a genuine site into which they will type their login information.


A virtual doorway that allows net based programs to communicate with your computer. Different programs use different ports, i.e. email typically uses port 25 and web traffic uses port 80.

Potentially unwanted application

A description for apps that aren’t necessarily malicious in nature but which could certainly prove to be wanted, i.e. apps that contain adware.

Proof of concept

This is a demonstration, in theory at least, of how a system can either be protected or attacked.


A piece of malware that will hold your computer hostage until you pay a ransom. Those behind ransomeware will encrypt your own data and will not unlock it until you send them payment.

Remote code execution

This is where a hacker is able to run malicious code from one PC to another by utilising the web. Once done, the hacker is likely to have complete control over the target machine.

Script kiddie

A wannabe hacker who lacks the skill to create their own malware. They simply re-use or modify code or techniques that have been posted on the internet.

Smurf attack

A type of DDoS attack where requests from the victim’s IP address to a network are spoofed. This leads to all the hosts on the network responding, thereby creating a large volume of traffic and knocking the target IP address out of action.


A piece of code that, once installed, will steal personal information. Often arrives via web downloads and disguised as other types of software, such as spyware cleaners for example.

SQL injection

A method used by hackers to attack a website’s database via security flaw. Databases are often an appealing target due to the nature of the information that they store – passwords, credit card details, etc.


A piece of malware that disguises itself as something else, much like the horse of legend. Often found hiding as an attachment to an email.

Two-factor authentication

This is a means of strengthening security by requiring more than one piece of information in order to gain access to a system. For instance, in addition to a password for your online banking you may also be required to enter a code generated by a card reader.

URL reputation engine

A tool found within security software that attempts to assess the relative safety of a website by considering factors such as its IP address, age, location and type of content hosted.


A malicious program that is capable of replicating itself and often designed to cause harm. The earliest viruses weren’t overly effective but nowadays they can bring entire systems down in no time at all.


Similar to phishing but conducted via the telephone rather than online. Vishing attacks involve a criminal calling and then trying to extract personal information, i.e. the bad guy will represent themselves as a bank employee that needs you to confirm your login details.


The opposite of blackhat, a whitehat hacker can be thought of as one of the good guys, using their skills for positive purposes rather than negative ones.


A malicious program that is like a virus in many ways save for the fact that it doesn’t need help from the user to install itself. All a worm needs in order to get onto your machine is a security hole.

Zero day exploit

This is where a way to exploit a vulnerability is discovered on the very day that said vulnerability is discovered. Can be extremely damaging until countermeasures are deployed and so software firms will look to close the hole just as quickly as they can.


Another description for a machine that has been hijacked (see botnet).

photo: nicoderick