赛门铁克安全响应术语表[1]

Symantec Security Response
Glossary Of Terms
最后修改于：8/15/2002 11:08 PM
The Last Modification At: 8/15/2002 11:08 PM
.dr
一个被认为是dropper的文件。这是一个可以释放病毒或者蠕虫到受害者机器上的程序。
Refers to a file that is considered a dropper. This is a program that drops the virus or worm onto the victim's computer.
.enc
一个被加密或者被编码的文件。例如，一个蠕虫用MIME编码创建了一个自己的拷贝，它可能被加上.enc后缀。
Refers to a file that is encrypted or encoded. For example, a worm that creates a copy of itself with MIME encoding may be detected with the .enc suffix.
@m
这意味着该病毒或者蠕虫是一个“发送器”（mailer）。例如Happy99（Win32.Ska），只在你邮件时候的Email的时候通过Email发送自己。
Signifies the virus or worm is a "mailer". An example is Happy99 (W32.Ska), which only sends itself by email when you (the user) send mail.
@mm
这意味着该病毒或者蠕虫是一个“大量发送器”（mass-mailer）。例如Melissa，它会把自己发送到你地址簿里的每一个地址中。
Signifies the virus or worm is a "mass-mailer". An example is Melissa, which sends messages to every email address in your mailbox.
Also known as
别称
其他反病毒厂商对所说问题的别称。通常Symantec的bloodhound启发式扫描会在加入该病毒的确切定义之前识别出一个潜在的可以动作。这样，the bloodhound detection的名字也会被显示出来。
These are names that other antivirus vendors use to identify this threat. Often Symantec's bloodhound heuristics will identify a potential threat before a specific detection is added. In such cases, the name of the bloodhound detection will appear in this field.
Beta Virus Definitions
测试版病毒定义
测试版病毒定义没有让Symantec Security Response经过任何性质测试。当Symantec Security Response测试之后确保所有的病毒定义正确地活动的时，你就会明白测试质量版本的病毒定义添加了额外的风险。测试病毒定义在病毒爆发高峰的时，用户不愿意或者不能够等待病毒定义通过品质检查。测试版病毒定义在这里可用。
Beta virus definitions have not undergone any quality assurance testing by Symantec Security Response. While Symantec Security Response makes every effort to ensure that all virus definitions function correctly, you should understand that beta-quality virus definitions do pose additional risks. Beta virus definitions are most valuable during a high-level virus outbreak when users are unwilling or unable to wait for virus definitions that have undergone full quality assurance testing. Beta virus definitions are available here.
Blended Threat
被混和的害虫
这种被混和的害虫结合了病毒，蠕虫，特洛依木马，和针对服务器与Internet的漏洞所进行的发起、传播和蔓延一个攻击的恶意代码。通过可利用的多重方式和技术，这种被混和的害虫可以迅速地传播，并且导致大面积受害。被混和的害虫的特征包含有如下几个方面：
• 损害原因：对一个目标IP地址实施一个拒绝服务攻击，损伤Web服务器，或者放上一个木马程序用来稍候执行。
• 多重形式传播：扫描寻找一个危及系统安全的漏洞，例如在一台服务器上把代码藏入HTML文件，感染访问这类网站的用户，或者从被感染的服务器上发送一个未被授权的含有一个蠕虫附件的Email。
• 多点攻击：在一个系统上把恶意的代码注入到.EXE文件中，提升guest帐号级别，加入特权，创建创建World Read和可写的网络共享，使注册表中众多配置改变，并且把脚本代码添加到HTML文件中。
• 自动传播：不断地扫描Internet上的漏洞，一遍寻找可攻击的服务器。
• 使用漏洞：利用已知的漏洞，例如缓冲区溢出，Http Input Validation漏洞和已知默认密码去获得非法管理员权限的漏洞。
针对这种被混和害虫的有效保护方法是：获得一套全面的包含有多种抵御和反应机制的安全解决方案。
Blended threats combine the characteristics of viruses, worms, Trojan horses, and malicious code with server and Internet vulnerabilities to initiate, transmit, and spread an attack. By utilizing multiple methods and techniques, blended threats can spread rapidly and cause widespread damage. Characteristics of blended threats include the following:
• Causes harm: Launches a denial of service attack at a target IP address, defaces Web servers, or plants Trojan horse programs for later execution.