| Boot | First code sequence that is executed prior to loading the operating system. |
| Backdoor.Family.Variant | Remote Access Tools (remote administration programs) |
| Constructor.Family.Variant | Virus Constructors (virus generating kits) |
| Crack.Program.Version | Program crack/patch (programs that register illegally commercial kits) |
| Damaged.Family.Variant | Damaged virus (deteriorated or non-usable virus) |
| DenialOfService.Family.Variant | Denial of Service Tools, simple or distributed (remote attack programs) |
| Entry point | Location in an executable file where the execution begins. |
| Entry point obscuring | Proceeding used by viruses to hide their presence in an infected program, by inserting their code in the normal flow of a program's execution leaving the entry point unchanged. |
| Family.Variant | DOS/MBR/BOOT virus (DOS or BOOT/MBR virus) |
| Dropper.Family.Variant | Virus dropper (a program that launches/drops a virus). |
| File infector | Virus |
| Flooder.Family.Variant | Network flooder (a program that over challenges the network, similar to DenialOfServices) |
| HLP.Family.Variant | Windows Help virus (virus infecting Windows Help files) |
| Hoax.Family.Variant | pseudo-virus, usually a e-mail alerting about a virus that doesn't exist |
| Joke.Family.Variant | Simulation of a virus, joke (programs which simulate viruses, jokes) |
| I-Worm.Family.Variant | Internet Worm (a program that spreads using the Internet) |
| IRC-Worm.Family.Variant | mIRC/PIRCH/IRC scripting virus (a script virus for mIRC/PIRCH or IRC) |
| Java.Family.Variant | Java Virus (Java Virus in binary form) |
| Lib_TPU.Family.Variant | Turbo Pascal Library Virus (virus infecting TurboPascal libraries) |
| Linux.Family.Variant | Linux Virus (viruses which infect Linux ELF executables) |
| A97M.Family.Variant | Access 97 Macro Virus (virus which infects Access 97 databases) |
| PP97M.Family.Variant | PowePoint 97 Macro Virus (virus which infects PowerPoint 97 documents) |
| Visio.Family.Varian | Visio Macro Virus (viruses which infect Visio projects) |
| W2M.Family.Variant | Word 2 Macro Virus (viruses which infect Word 2 documents) |
| W97M.Family.Variant | Word 97 Macro Virus (virus which infects Word 97 documents) |
| WM.Family.Variant | Word 6 Macro Virus (virus which infects Word 6 documents) |
| X97M.Family.Variant | Excel 97 Macro Virus (virus which infects Excel 97 documents) |
| XF.Family.Variant | Excel Formula Virus (viruses for Excel Formula) |
| XM.Family.Variant | Excel 6 Macro Virus (virus which infects Excel 6 documents) |
| PalmOS.Family.Variant | PalmOS Virus (viruses designed for PalmOS) |
| AmiPro.Family.Variant | AmiPro Script Virus (virus designed for AmiPro) |
| BAT.Family.Variant | DOS Batch Virus (virus which infects .BAT files) |
| BeOS.Family.Variant | BeOS Script Virus (script viruses for BeOS) |
| IS.Family.Variant | InstallShield Script Virus (viruses for .INF files) |
| JS.Family.Variant | JavaScript Virus (virus for JavaScript) |
| Perl.Family.Variant | Perl Script Virus (viruses which infect Pearl scripts) |
| Unix.Family.Variant | Unix Shell Script Virus (viruses which infect Unix shell scripts) |
| VBS.Family.Variant | Visual Basic Script Virus (VBScript viruses) |
| WBS.Family.Variant | WinBatch Script Virus (virus for WinBatch script) |
| Spammer.Family.Variant | Mail Spam Program (programs which send unsolicited mail) |
| Trojan.Family.Variant | Trojan Program (Trojan type programs) |
| VirTools.Family.Variant | Virus Tools (code examples or examples used for viruses) |
| Win2K.Family.Variant | Windows 2000 Virus (virus for PE executables, works on Win2K) |
| Win31.Family.Variant | Windows 3.1 Virus (virus for NE executables, works on Windows 3.1) |
| Win32.Family.Variant | Windows 32 Virus (virus for PE executables, works on Win32 platforms) |
| Win95.Family.Variant | Windows 95 Virus (virus for PE executables, works on Win95) |
| Win98.Family.Variant | Windows 98 Virus (virus for PE executables, works on Win98) |
| WinNT.Family.Variant | Windows NT Virus (virus for PE executables, works on Winnt4) |
| Payload | A malicios action performed by the virus, triggered by a specific event (date, time, etc) |
| Polymorphic virus | encrypted virus that changes the decryptor code from one infection to another. |
| Metamorphic virus | virus that changes its own code but keeps the same functionality from one infection to another. |
| ITW (In The Wild) | Denotes malware which has spread in different portions of the globe |
| Resident | Proceeding through which malware remains active in the computer's memory after execution in order to carry specific actions. |
| P2P (Peer-2-Peer) | Protocol which allows sharing of files over internet by direct contact between
two or more computers (a server is not required). |
| Registry key | A cell of information used internally by the operating system; it may contain different type of data. |
| SMTP (Simple Mail Transfer Protocol) | A protocol used to send mail through a server. |
| Thread (as in program thread) | A portion of a program which runs in parallel with the program; usually to perform specific actions. |
| Virus | Program that is capable to replicate itself, by copying its code or a variant of it into other programs. |
| Worm | Program that is able to replicate into a system, by copying itself under different names; it may also spread through local network. |
| Mass mailer | It is an I-worm that sends many e-mails with its code as attachment per execution. |
| Mailer | It is an I-worm that sends one or a few e-mails with its code as attachment per execution. |
| Malware or Emalware | A program can be regarded as emalware if it does at least one of the following:
- replicates through a network or a file system without user's consent
- allows an unauthorised person control over a remote system
- sends information or files to a remote system without user's consent
- sends data to a system in order to disrupt normal functioning. |
| Buffer overflow | data corruption resulting from copying a data block larger than the available target buffer (without checking the block's size); one of the most usual cases: when the buffer is a local array (on the stack), overflowing will result in corrupting data on the stack including the return address of the procedure; the result is usually a crash or running code of attacker's choice |
