《防毒入門》病毒常識 - 專有名詞索引

ActiveX 惡意程式碼
ActiveX 控制項可供 Web 開發人員建立含有功能更豐富的互動式動態 Web 網頁,例如 HouseCall,趨勢科技的免費線上掃瞄程式。ActiveX 控制項是一種內嵌在 Web 網頁的元件物件,當使用者檢視網頁時便會被啟動。在許多情況中,可將 Web 瀏覽器的瀏覽器安全設定設成 "高",來停止執行這些 ActiveX 控制項。不過,駭客或病毒作者以及其他惡意人士可能會使用 ActiveX 惡意程式碼當作武器來攻擊電腦。您必須刪除它們,才能夠移除惡意 ActiveX 控制項。

Adware is a software application that displays advertising banners while the program is running. Adware often contains spyware in order for the program to know which advertisements to display based on the current user』s preference.

Denial of Service
Denial of Service, or DoS, is a Trojan routine that interrupts or inhibits the normal flow of data into and out of a system. Most DoS attacks consume system resources, such that, in a short period of time, the target is rendered useless. Another form of DoS attack happens when a Web service is accessed massively and repeatedly from different locations, preventing other systems from accessing the service and from retrieving data from it.

Dialers are Trojans that, upon execution, connect the system to a pay-per-call location in which the unsuspecting user is billed for the call without his/her knowledge. Dialers often arrive in porn-related or other enticing service-related applications.

A dropper is malware that drops other malware into a system. Some droppers just drop viruses or Trojans, while others are viruses or Trojans that - after performing their payload - also drop copies of other malware into the system.

An exploit is a Trojan that abuses certain vulnerabilities on existing systems or services. Exploits typically utilize a known flaw, which allows it to execute an otherwise difficult routine, such as running an arbitrary program on the target machine.

ELF就是Executable and Link Format,有就是指可在Linux/UNIX系統上執行的檔案,趨勢科技的防毒產品具有偵測這些Linux/UNIX上的惡性程式"ELF_病毒名稱."的功能。  

Java applet可供 Web 開發人員建立含有功能更豐富的互動式動態 Web 網頁。Java applet 是一種內嵌在 HTML 網頁的可攜式 Java 小程式。它們會在使用者檢視網頁時被執行。不過、駭客、病毒作者或其他惡意人士可能會使用 Java 惡意程式碼當作武器攻擊使用者的系統。在許多情況中,可將瀏覽器安全設定設成 "高",來停止執行這些 applet。

Keyloggers are Trojans that, upon execution, log every keystroke or activity in a system. Although similar to third-party parenting/monitoring software, some malware actually employ the same technique to gather valuable data from unsuspecting users.

Kits are malware-producing applications that give the user the option to create customized malware. A kit can often produce multiple variations of a virus or a worm depending on the number of options offerred in the kit. An antivirus scanner should be capable of detecting the source (kit application) and its spawn.


Multi-partite Viruses
Multi-partite viruses have characteristics of both boot sector viruses and file infecting viruses.

指New Executable,也就是一般Windows 16位元 可執行檔案格式。這種病毒可以被趨勢科技產品偵測為"NE_Virusname"。  

指Portable Executable,也就是一般標準Windows 32位元 可執行檔案格式。這種病毒可以被趨勢科技產品偵測為"PE_病毒名稱"。

Polymorphic Viruses
Polymorphic viruses indicate that the virus code contains a special routine that changes the other parts of the virus code on each replication to evade detection by antivirus software. Trend Micro』s antivirus products have the ability to decrypt the virus and detect such viruses.

Proof of Concept
A proof of concept virus or Trojan indicates that something is new or that it has never seen before. For example, VBS_Bubbleboy was a proof of concept worm, as it was the first email worm to automatically execute without requiring a user to double-click on an attachment. Most proof of concept viruses are never seen in-the-wild. However, virus writers will often take the idea (and code) from a proof of concept virus and implement it in future viruses.  

Script 病毒(VBScript、JavaScript、HTML)
Script 病毒是以 script 程式語言如 VBScript 以及 JavaScript 撰寫而成。VBScript(Visual Basic Script)以及 Java Script 病毒必須透過 Microsoft 的 Windows Scripting Host(WSH) 才能夠啟動執行以及感染其他檔案。WSH 只可用於 Windows 98 以及 Windows 2000,您只要在 Windows 檔案總管按兩下 *.vbs 或 *.js 檔便可以啟動病毒。 HTML 病毒使用內嵌在 HTML 檔中的 script 來進行破壞。當使用者從具備 script 功能的瀏覽器檢視 HTML 網頁時,內嵌 script 便會自動執行。

Spyware is a software applications that monitors a user』s computing habits and personal information and sends this information to third parties without the user』s authorization or knowledge.  

A stealer is a Trojan that gathers information from a system. The most common form of stealers are those that gather logon information, like usernames and passwords, and then send the information to another system either via email or over a network. Other stealers, called key loggers, log user keystrokes which may reveal sensitive information.  

This table displays the relative rate of infection in each region. While the "number of computers infected" table reflects the larger numbers of Internet users in North America, Asia and Europe, the "rate of infection" is useful as an estimate of how quickly a virus is spreading in each region. An infection rate of 5%, for example, means that approximately 5 out of 100 computers are infected. Please note that these rates are based only on HouseCall users who have scanned their PC in the last 24 hours. See Trend Micro's Virus Map for additional information.  

The Virus Map is a tool for measuring virus infections around the world. All virus infection data comes from HouseCall, Trend Micro's free, online virus scanner for PCs. Trend Micro has been collecting real-time virus infection statistics since November 1999, therefore statistics for viruses discovered before this date are limited to the timeframe from November 1999 to the present. Visit the Virus Map at wtc.trendmicro.com.  


This table displays the number of infected computers in each of the top 10 countries where this virus has been detected, since detection first became available. See World Virus Tracking Center for additional information.

指病毒含有特殊的程式可將病毒碼本身加密來避開防毒軟體的偵測。Trend Micro 的防毒產品具有病毒碼本身解密以及偵測這種病毒的能力。  

啟動磁區型病毒會感染磁碟的啟動磁區或分割區表格。電腦系統最容易受到啟動磁區型病毒攻擊,如果您使用中毒的磁片開機的話 --
即使開機不成功也會使病毒感染硬碟。另外,有少數病毒可以從執行檔感染啟動磁區 -- 這些病毒稱為複合式病毒,但不多見。系統一旦感染後,啟動磁區型病毒會企圖感染該電腦上使用的每一個磁碟。通常,磁區型病毒大部份都可以完全清除。  

在外散播病毒清單含有目前已經發現之廣泛感染使用者電腦的病毒的清單。這個清單是由防毒研究者 Joe Wells 維護並更新。Wells 除了定期更新這個清單外,並和世界各地的防毒研究團體密切合作,其中包括 Trend Micro。當 ICSA (國際電腦安全協會)指導防毒產品的病毒測試時,會使用「在外散播」清單當作比較分析的基本。詳細資訊:http://www.wildlist.org   

執行檔型病毒會感染執行檔(通常是指副檔名為 .com 或 .exe 的檔案)。這種病毒大部份都只是企圖以感染其他主機程式的方式進行複製散播 -- 不過有些會因為覆蓋原始程式碼而導致原始程式被破壞。這種病毒有一小部份非常具有破壞性,會在預設的時間企圖將硬碟格式化或執行一些其他惡意動作。在許多情況下,執行檔病毒可完全從中毒檔案清除。如果病毒已經覆蓋一部份程式碼,則原始檔案將無法復原。  



巨集病毒是一種透過其他應用程式之巨集語言來散播本身的病毒。它們會感染 MS Word 或 MS Excel 的文件。和其它病毒不一樣,巨集病毒不會感染程式或啟動磁區 -- 不過,它們有一些可能會在使用者的硬碟留下程式。留下的程式可能感染執行檔或啟動磁區。可使用Trend Micro的防毒產品將巨集病毒成功地從感染文件中清除。 注意事項: 有時候,您清除完 Word 巨集病毒而重新啟動 Microsoft Word 時,可能會看到 "illegal operation"(操作不合法) 的錯誤訊息。如果出現這種現象,請找出 "normal.dot" 檔並將它更名為 "normaldot.bak"。MS Word 會在下一次啟動時產生一個新的乾淨的 "normal.dot"。這是因為有些病毒會留下 MS Word 無法正確讀取的無害程式碼而造成的錯誤動作。趨勢科技防毒軟體只會移除惡意病毒碼但不會刪除使用者建立的巨集。  




Distribution potential is derived from the characteristics of the malicious program. Fast-spreading network worms can spread across continents within just minutes. Some malicious programs also use numerous infection and spreading techniques – often referred to as blended threats or mixed threats. The Nimda virus, for example, was able to spread via email, network shares, infected Web sites, as well as Web traffic (http/port 80).

As new systems are made and improved with added functionality, proof-of-concept malware often follows. This uniqueness, as well as the widespread implementation of a particular operating system or software, also influences the potential distribution of each malware. Many viruses written in the past do not run or spread on newer operating systems or operating systems that have all the latest security patches installed.

- Blended threats (i.e. spreads via email, P2P, IM, network shares)
- Mass mailers
- Spreads via network shares

- Mailers
- has spread via third-party or media
- spreads in IRC, IM, or P2P
- requires user intervention to spread
- URL/Web site download

- no network spreading
- requires manual distribution to spread

Reported Infections, or real-time spread, is measured by reports coming in from the World Virus Tracking Center, as well as from Trend Micro business units around the world that are receiving threat reports and support inquiries in their areas. Reports from other antivirus industry vendors, and media attention, also contribute to this factor.

High - reports indicate that the virus has been seen all over the world and with numerous infections per site.

Medium - few reported incidents all over the world or numerous reports in certain regions.

Low - no, or very few, infections reported.

病毒百科全書檔 "技術說明" 段落部份提供病毒在宿主系統上執行之動作的特定資訊。這項資訊可協助系統管理者移除及識別病毒。家庭用戶應該使用自動化工具如 Trend PC-cillin 或 Trenda免費線上掃瞄程式HouseCall 來偵測以及清除電腦上的病毒。  

This chart displays the number of computers infected within the last 24 hours (1d), last 7 days (7d), last year (1y), or since detection first became available (All). See World Virus Tracking Center for additional information.  


Joke programs are ordinary executable programs. They are added to the detection list because they are found to be very annoying and/or they contain pornographic images. Joke programs cannot spread unless someone deliberately distributes them. To get rid of a Joke program, delete the file from your system.  

指病毒會執行並產生破壞現象的條件或日期。請注意,日期啟動型病毒一年 365 天都可能感染您的電腦。您的電腦可能在指示的日期之前已經被病毒感染。  

電腦病毒是根據其檔案種類以及感染方式來分類。Trend Micro 使用下列字首來區別這些病毒:
巨集病毒 - W2KM、W97M、X97M、P97M、A97M、WM、XM、V5M

COM 及 EXE 檔病毒 - PE 、 NE 或沒有字首

後門程式 - BKDR

開機型病毒 - 沒有字首

特洛依木馬型病毒 - TROJ

Executable and Link format - ELF

惡作劇程式 - JOKE

Java 惡意程式碼 - JAVA

ActiveX 惡意程式碼 - ATVX

VBScript、JavaScript 或 HTML 病毒 - VBS、JS、HTML  



Damage potential and danger to systems is derived from the characteristics of the malicious program. Some malicious programs have been known to attack important operating system files, leaving the system unstable or unable to re-boot.

- system becomes unuseable (i.e. flash bios, format HDD)
- system data or files are unrecoverable (i.e. encryption of data)
- system cannot be automatically recovered using tools
- recovery requires restoring from backup
- Causes large amounts of network traffic (packet flooders, mass mailers)
- Data/files are sent to a third party

- can be recovered using Trend Micro products or cleaning tools
- Minor data/file modification (i.e. File infectors)
- malware that write minimal amount of data to the disk
- malware that kill applications in memory
- causes medium amount of network traffic (i.e. slow mailers)
- Automatically executes unknown programs
- deletes security reletad applications (i.e. antivirus, firewall)

- no system changes
- deletion of less significant files in the system
- damage can be recovered by users without using any tools
- damage can be reversed just by rebooting the system




大部份的病毒都可以經由Trend 防毒軟體從寄宿檔案中被清除。會修改系統登錄或留下檔案的病毒或特洛依木馬型病毒需要特定的清除指示。通常,刪除特洛依木馬型病毒或惡作劇程式的方法是直接刪除感染的程式,不需要任何清除動作。

指病毒執行平台的語言環境,例如英文版或中文版 MS Word。

這是列出在Trend 病毒百科全書中之病毒的簡明摘要。按一下 "Tech Details"(技術說明)標籤可取得某種病毒的技術性說明。

This table displays the number of infected computers, by region, since detection first became available for this virus. See World Virus Tracking Center for additional information.



