Symantec Security Response
Glossary Of Terms
最后修改于:8/15/2002 11:08 PM
The Last Modification At: 8/15/2002 11:08 PM
.dr
一个被认为是dropper的文件。这是一个可以释放病毒或者蠕虫到受害者机器上的程序。
Refers to a file that is considered a dropper. This is a program that drops the virus or worm onto the victim's computer.
.enc
一个被加密或者被编码的文件。例如,一个蠕虫用MIME编码创建了一个自己的拷贝,它可能被加上.enc后缀。
Refers to a file that is encrypted or encoded. For example, a worm that creates a copy of itself with MIME encoding may be detected with the .enc suffix.
@m
这意味着该病毒或者蠕虫是一个“发送器”(mailer)。例如Happy99(Win32.Ska),只在你邮件时候的Email的时候通过Email发送自己。
Signifies the virus or worm is a "mailer". An example is Happy99 (W32.Ska), which only sends itself by email when you (the user) send mail.
@mm
这意味着该病毒或者蠕虫是一个“大量发送器”(mass-mailer)。例如Melissa,它会把自己发送到你地址簿里的每一个地址中。
Signifies the virus or worm is a "mass-mailer". An example is Melissa, which sends messages to every email address in your mailbox.
Also known as
别称
其他反病毒厂商对所说问题的别称。通常Symantec的bloodhound启发式扫描会在加入该病毒的确切定义之前识别出一个潜在的可以动作。这样,the bloodhound detection的名字也会被显示出来。
These are names that other antivirus vendors use to identify this threat. Often Symantec's bloodhound heuristics will identify a potential threat before a specific detection is added. In such cases, the name of the bloodhound detection will appear in this field.
Beta Virus Definitions
测试版病毒定义
测试版病毒定义没有让Symantec Security Response经过任何性质测试。当Symantec Security Response测试之后确保所有的病毒定义正确地活动的时,你就会明白测试质量版本的病毒定义添加了额外的风险。测试病毒定义在病毒爆发高峰的时,用户不愿意或者不能够等待病毒定义通过品质检查。测试版病毒定义在这里可用。
Beta virus definitions have not undergone any quality assurance testing by Symantec Security Response. While Symantec Security Response makes every effort to ensure that all virus definitions function correctly, you should understand that beta-quality virus definitions do pose additional risks. Beta virus definitions are most valuable during a high-level virus outbreak when users are unwilling or unable to wait for virus definitions that have undergone full quality assurance testing. Beta virus definitions are available here.
Blended Threat
被混和的害虫
这种被混和的害虫结合了病毒,蠕虫,特洛依木马,和针对服务器与Internet的漏洞所进行的发起、传播和蔓延一个攻击的恶意代码。通过可利用的多重方式和技术,这种被混和的害虫可以迅速地传播,并且导致大面积受害。被混和的害虫的特征包含有如下几个方面:
• 损害原因:对一个目标IP地址实施一个拒绝服务攻击,损伤Web服务器,或者放上一个木马程序用来稍候执行。
• 多重形式传播:扫描寻找一个危及系统安全的漏洞,例如在一台服务器上把代码藏入HTML文件,感染访问这类网站的用户,或者从被感染的服务器上发送一个未被授权的含有一个蠕虫附件的Email。
• 多点攻击:在一个系统上把恶意的代码注入到.EXE文件中,提升guest帐号级别,加入特权,创建创建World Read和可写的网络共享,使注册表中众多配置改变,并且把脚本代码添加到HTML文件中。
• 自动传播:不断地扫描Internet上的漏洞,一遍寻找可攻击的服务器。
• 使用漏洞:利用已知的漏洞,例如缓冲区溢出,Http Input Validation漏洞和已知默认密码去获得非法管理员权限的漏洞。
针对这种被混和害虫的有效保护方法是:获得一套全面的包含有多种抵御和反应机制的安全解决方案。
Blended threats combine the characteristics of viruses, worms, Trojan horses, and malicious code with server and Internet vulnerabilities to initiate, transmit, and spread an attack. By utilizing multiple methods and techniques, blended threats can spread rapidly and cause widespread damage. Characteristics of blended threats include the following:
• Causes harm: Launches a denial of service attack at a target IP address, defaces Web servers, or plants Trojan horse programs for later execution.
• Propagates by multiple methods: Scans for vulnerabilities to compromise a system such as embedding code in html files on a server, infecting visitors to a compromised Web site, or sending unauthorized email from compromised servers with a worm attachment.
• Attacks from multiple points: Injects malicious code into .exe files on a system, raises the privilege level of the guest account, creates world read and writable network shares, makes numerous registry changes, and adds script code into html files.
• Spreads without human intervention: Continuously scans the Internet for vulnerable servers to attack.
• Exploits vulnerabilities: Takes advantage of known vulnerabilities such as buffer overflows, http input validation vulnerabilities, and known default passwords to gain unauthorized administrative access.
Effective protection from blended threats requires a comprehensive security solution that contains multiple layers of defense and response mechanisms.
Bug
错误
一个在软件中的设计错误,可以导致多余的负面影响。例如:各种各样的WEB浏览器的安全问题,软件2000年(Y2K)问题。
A programming error in a software program which can have unwanted side effects. Examples: Various web browser security problems, Y2K software problems.
CVE References
CVE参考
一个针对漏洞和其他安全隐患信息的标准的列表的名称——CVE打算使所有的公共已知的漏洞和安全隐患符合标准。(来源:CVE网站)
A list of standardized names for vulnerabilities and other information security exposures - CVE aims to standardize the names for all publicly known vulnerabilities and security exposures. (Source: CVE Web site)
Exploit
开发
利用某些可以被用来破坏安全或者通过其他方面越过网络来攻击主机的软件漏洞的而实现的一个程序或者一种技术。
A program or technique that takes advantage of a vulnerability in software that can be used for breaking security or otherwise attacking a host over the network.
Firewall Rules
防火墙规则
通过规则来阻碍或允许你的电脑和Internet之间数据传输的一种安全系统。
A security system that uses rules to block or allow connections and data transmissions between your computer and the Internet.
Intrusion Detection
入侵察觉
闯入或者尝试闯入的察觉被记录在reviewing logs上或其他在网上可用的信息中。
The detection of break-ins or break-in attempts by reviewing logs or other information available on a network.
Macro virus
宏病毒
被写在内建的应用程序的宏语言中的一段程序或片断。有些宏复制,有些则感染文档。
A program or code segment written in the internal macro language of an application. Some macros replicate, while others infect documents.
Systems Affected
系统受影响
容易受到攻击的操作系统或应用程序。
Refers to operating systems or applications that are vulnerable to a threat.
Systems Not Affected
系统不受影响
不容易受到攻击的操作系统或应用程序。当更多的关于一个特定的恶意程序的信息可用时,系统列表是可能变化的,
Refers to operating systems or applications that are not vulnerable to a threat. The list of systems may change as more information about a given threat becomes available.
Time stamp of attachment
附件的印时戳
这里指出了附件的日期和时间。
This field indicates the date and time of the file attachment.
Category: Hoax
种类:谣言
通常为一个被用连锁信的方式来描述一些破坏性很高的不太可能的病毒的类型的电子邮件,你通常可以发现认出这种Email,因为没有文件附件,没有涉及可以证实这消息可靠的第三方和“发作状况”概要。
Usually an email that gets mailed in chain letter fashion describing some devastating highly unlikely type of virus, you can usually spot a hoax because there's no file attachment, no reference to a third party who can validate the claim and the general 'tone' of the message.
Category: Joke
种类:玩笑程序
一个会导致各种各样的良性行为显示在你的电脑上的无害程序(例如一个不期望出现的屏幕保护程序)。
A harmless program that causes various benign activities to display on your computer (e.g., an unexpected screen-saver).
Category:Trojan horse
种类:特洛依木马
一个既不复制也不拷贝自己,但却可以损害或者危及电脑安全的一种程序。典型的样子:它可能会依赖于电子邮件把它发送给你,它自己不会发送邮件,它可能会通过一个玩笑程序或一些种类的软件的形式到达你的电脑。
A program that neither replicates or copies itself, but does damage or compromises the security of the computer. Typically it relies on someone emailing it to you, it does not email itself, it may arrive in the form of a joke program or software of some sort.
Category: Virus
种类:病毒
一段可复制,可感染另一个程序、引导区、分区表、或可把自己放入有宏支持的文档中的一段程序和代码。大多数的病毒只是复制,但也有不少进行破坏。
A program or code that replicates, that is infects another program, boot sector, partition sector or document that supports macros by inserting itself or attaching itself to that medium. Most viruses just replicate, a lot also do damage.
Category: Worm
种类:蠕虫
一段进行复制它自己的程序。例如从一张磁盘驱动器到另一个,或者通过使用电子邮件或者一些其他的传输装置复制自己。它会进行破坏并且危及电脑安全。它可能会通过一个玩笑程序或一些种类的软件的形式到达你的电脑。
A program that makes copies of itself, for example from one disk drive to another, or by copying itself using email or some other transport mechanism. It may do damage and compromise the security of the computer. It may arrive in the form of a joke program or software of some sort.
Variants
变种
直接从已知的病毒中“借”代码的病毒新模样,用来改变地位。变种经常在病毒家族名称后被加一个或者多个字母,例如:VBS.LoveLetter.B,VBS.LoveLetter.C等等。.
New strains of viruses that "borrow" code directly from other known viruses, to varying degrees. Variants are usually identifed by a letter, or letters, following the virus family name, eg. VBS.LoveLetter.B., VBS.LoveLetter.C, etc.
Causes system instability
导致系统不稳定
这一有效载荷会导致电脑死机或者进入一种不期望的行为表现。
This payload might cause the computer to crash or to behave in an unexpected fashion.
Compromises security settings
危及安全设置
这一有效载荷会尝试获得使用密码或者其他系统级别的安全设置。它也可能会搜索电脑的INTERNET处理成分来安装一个可以使一些人通过INTERNET来进行远程控制的程序在系统上的这种机会。
This payload might attempt to gain access to passwords or other system-level security settings. It might also search for openings in the Internet processing components of the computer to install a program on that system that could be controlled remotely by someone over the Internet.
Damage
破坏
破坏成分衡量了病毒可能产生的威胁所造成的损害。该方法包括触发事件、阻塞Email系统、删除或修改文件、释放机密信息、性能降低、病毒代码中的错误、危及安全的设置、和使修改变得简单。
The damage component measures the amount of harm that a given threat might inflict. This measurement includes triggered events, clogging email servers, deleting or modifying files, releasing confidential information, performance degradation, errors in the virus code, compromising security settings, and ease by which the damage might be fixed.
Degrades performance
降低性能
这个有效载荷会使电脑操作慢下来。这可能包括分配可用内存,创建文件而消耗磁盘空间,或者导致程序装载或执行缓慢。
This payload slows computer operations. This might involve allocating available memory, creating files that consume disk space, or causing programs to load or execute more slowly.
Deletes files
删除文件
这个有效载荷删除在硬盘上的各种文件。可能会被删除文件的数目和类型在病毒之中改变。
This payload deletes various files on the hard disk. The number and type of files that might be deleted vary among viruses.
Distribution
分布状态
这用来衡量一个恶意程序传播它自己的速度有多快。
This component measures how quickly a threat is able to spread itself.
Encrypted Virus
加密病毒
一个用加密技术来隐藏自己而不被扫描器发现的病毒。这意味着它把搅乱了它的程序代码,从而使它难以被发现。
A virus that uses encryption to hide itself from virus scanners. That is, it jumbles up it's program code to make it difficult to detect.
Geographic distribution
地理分布状态
这测量了已被报道的病毒地理感染范围。程度分为高(全球范围),中(出现在一定的地区),低(停留在一个地方或者根本就没有传播)。
This measures the range of separate geographic locations where infections have been reported. The measures are high (global threat), medium (threat present in a few geographic regions), and low (localized or non-wild threat).
Infection length
感染长度
这是被病毒插入到程序中的病毒代码的大小,用比特来表示。如果这是一个蠕虫或特洛依木马则长度表示为该文件的长度。
This is the size, in bytes, of the viral code that is inserted into a program by the virus. If this is a worm or Trojan horse the length represents the size of the file.
Large scale e-mailing
大比例发送E-MAIL
这个有效载荷的类型包括了发送邮件给很多人。这经常是通过访问一个本地的地址簿和发送在地址簿中有地址的确定数目的电子邮件来实现。
This type of payload involves sending emails out to large numbers of people. This is usually done by accessing a local address book and sending emails to a certain number of people within that address book.
Mobile Code
可移动代码
代码(软件)从一台主机传送到客户机上(或者传送到另一台主机上)被执行(运行)。譬如蠕虫。
Code (software) that is transferred from a host to a client (or another host computer) to be executed (run). When we talk about malicious mobile code we may use a Worm as an example.
Modifies files
修改文件
这个有效载荷改变电脑上的文件内容并且会使文件损坏。
This payload changes the contents of files on the computer and might corrupt files.
Name of attachment
附件名称
大多数的蠕虫做为电子邮件附件被传播。这条指出了通常该附件会被使用的名字。
Most worms are spread as attachments to emails. This field indicates the usual name or names that the attachment might be called.
Number of countries
国家数量
这测量了已知的发现感染的国家数量。
This is a measure of the number of countries where infections are known to have occurred.
Number of infections
感染数量
这测量了已知的被感染的电脑数量。
This measures the number of computers that are known to be infected.
Number of sites
场所数量
这测量了被感染的电脑的场所。这通常引用机构名称,如公司,政府办公室,以及类似的。
This measures the number of locations with infected computers. This normally refers to organizations such as companies, government offices, and the like.
Payload
有效载荷
这是病毒发作时的恶意行为。不是所有的病毒都有有效载荷,但有一些执行破坏行为。
This is the malicious activity that the virus performs. Not all viruses have payloads, but there are some that perform destructive actions.
Payload trigger
触发条件
这是导致病毒激活或激活部分它的有效载荷的条件。一些病毒会在某一个特定的日子引发它们的有效载荷。其它的一些病毒则有可能基于某个特定的程序被执行时或者当Internet连接可用时来引发它们的有效载荷基。
This is the condition that causes the virus to activate or drop its destructive payload. Some viruses trigger their payloads on a certain date. Others might trigger their payload based on the execution of certain programs or the availability of an Internet connection.
Polymorphic Virus
多态病毒
一种当它复制的时候有更改自己字节能力从而避免被简单的字符串扫描技术发现的病毒。
A virus that has the ability to change its byte pattern when it replicates thereby avoiding detection by simple string scanning techniques.
Ports
端口
这指出恶意程序有可能使用的TCP/IP端口。
This field indicates the TCP/IP ports that the threat might attempt to use.
Releases confidential information
释放机密信息
这个有效载荷会试图获得访问储存在电脑上的重要数据的权限,例如就像信用卡帐号。
This payload might attempt to gain access to important data stored on the computer such as credit card numbers.
Removal
移动
这说明了需要从一台电脑中移走恶意程序的技术级别。移动有时包含删除文件和修改注册表入口。有三个级别:困难(需要一个有经验的技术人员),中等(需要一些专门技术),和简单(需要一点或者不需要技术)。
This measures the skill level needed to remove the threat from a given computer. Removal sometimes involves deleting files and modifying registry entries. The three levels are difficult (requires an experienced technician), moderate (requires some expertise), and easy (requires little or no expertise).
Retrovirus
反转录病毒
一种可以活跃地攻击一个反病毒程序或者其他程序而达到防止被软件所发现的病毒。
A computer virus that actively attacks an anti-virus program or programs in an effort to prevent detection.
Sequence number
次序号
次序号只被用于Norton AntiVirus集团的产品,并且表现最新病毒定义或者必需的病毒定义的日期的预备方法。序号总是以积累的形式添加到病毒特征代码设置上。更高次序号的病毒特征代码设往往要替代低的。
Sequence numbers are used only by the Norton AntiVirus Corporate products, and are an alternate method of representing the date of the latest definitions or required definitions. Sequence numbers are assigned to signature sets sequentially, and they are always cumulative. A signature set with a higher sequence number supersedes a signature set with a lower sequence number.
Shared drives
共享驱动器
这指出是否该恶意程序会尝试通过映射驱动器或其他的可能能鉴别用户的服务器卷标来复制它自己。
This field indicates whether or not the threat will attempt to replicate itself through mapped drives or other server volumes to which the user might be authenticated.
Size of attachment
附件大小
这指附加在被感染邮件的文件大小。
This field indicates the size of the file that is attached to the infected email.
Subject of email
E-mail标题
一些蠕虫的扩散是通过发送电子邮件发传送其他用户的。这指出被蠕虫发送的电子邮件标题。
Some worms spread by sending themselves to other people through email. This field indicates the subject of the email that is sent by the worm.
Target of infection
感染对象
这指出可能会被病毒感染的文件类型。
This field indicates the types of files that might be infected by the virus.
Technical description
技术描述
这部分描述明确的感染的详细资料,像注册表入口修改和被病毒修改的文件
This section describes the specific details of the infection such as registry entry modifications and files that are manipulated by the virus.
Threat assessment
预计损失
这是一个严格的病毒、蠕虫或木马的等级,它包括这恶意程序导致的损失,扩散到其他电脑上时它会有多快(分布状态),和已知的感染有多广泛(野外)。
This is a severity rating of the virus, worm or Trojan horse. It includes the damage that this threat causes, how quickly it can spread to other computers (distribution), and how widespread the infections are known to be (wild).
Threat containment
恶意程序的控制
这测量了当前的反病毒技术能多好的阻止这恶意程序的传播。作为一个常规的标准,更久的病毒技术通常被很好地被包含;新的恶意程序类型或者非常复杂的病毒能被更难来包含,并且相对的更多的恶意程序出现在社会上。该测量有高(该恶意程序被很好的包含),中(该恶意程序部分被包含),和低(该恶意程序没有被包含)。
This is a measure of how well current antivirus technology can keep this threat from spreading. As a general rule, older virus techniques are generally well-contained; new threat types or highly complex viruses can be more difficult to contain, and are correspondingly more a threat to the user community. The measures are high (the threat is well-contained), medium (the threat is partially contained), and low (the threat is not currently containable).
Time stamp of attachment
附件的时间标志
这指出文件附件的日期和时间。
This field indicates the date and time of the file attachment.
Virus definitions
病毒定义
这指出当病毒特征定义库包括了一个病毒的保护,你可以通过LiveUpdate, Intelligent Updaters或者Special Definitions进行升级。
This field indicates when virus definitions that include protection for this virus were publicly available via LiveUpdate, the Intelligent Updaters or Special Definitions. Click here to download certified Virus Definitions from the Symantec Web site.
Virus Definitions (Intelligent UpdaterTM)
病毒定义(Intelligent UpdaterTM )
Intelligent UpdaterTM所升级的病毒定义已经经过了Symantec Security Response的全面的测试。它们会在美国的工作日(星期一到星期五)中被公布。这些升级是要从Symantec Security Response的网站上下载并且手工安装的。受益于每天下载和安装Intelligent UpdaterTM的用户是企业网络管理员,和承受网络潜在危险行为的终端用户(例如,点击来自未知发送者的email附件或者包含有一个从新闻组或可疑网站下载文件的未知邮件。等等,