賽門鐵克安全響應術語表

Symantec Security Response
Glossary Of Terms
最后修改于：8/15/2002 11:08 PM
The Last Modification At: 8/15/2002 11:08 PM
.dr
一個被認為是dropper的文件。這是一個可以釋放病毒或者蠕蟲到受害者機器上的程序。
Refers to a file that is considered a dropper. This is a program that drops the virus or worm onto the victim@#s computer.
.enc
一個被加密或者被編碼的文件。例如，一個蠕蟲用MIME編碼創建了一個自己的拷貝，它可能被加上.enc后綴。
Refers to a file that is encrypted or encoded. For example, a worm that creates a copy of itself with MIME encoding may be detected with the .enc suffix.
@m
這意味著該病毒或者蠕蟲是一個“發送器”（mailer）。例如Happy99（Win32.Ska），只在你郵件時候的Email的時候通過Email發送自己。
Signifies the virus or worm is a "mailer". An example is Happy99 (W32.Ska), which only sends itself by email when you (the user) send mail.
@mm
這意味著該病毒或者蠕蟲是一個“大量發送器”（mass-mailer）。例如Melissa，它會把自己發送到你地址簿里的每一個地址中。
Signifies the virus or worm is a "mass-mailer". An example is Melissa, which sends messages to every email address in your mailbox.
Also known as
別稱
其他反病毒廠商對所說問題的別稱。通常Symantec的bloodhound啟發式掃描會在加入該病毒的確切定義之前識別出一個潛在的可以動作。這樣，the bloodhound detection的名字也會被顯示出來。
These are names that other antivirus vendors use to identify this threat. Often Symantec@#s bloodhound heuristics will identify a potential threat before a specific detection is added. In such cases, the name of the bloodhound detection will appear in this field.
Beta Virus Definitions
測試版病毒定義
測試版病毒定義沒有讓Symantec Security Response經過任何性質測試。當Symantec Security Response測試之后確保所有的病毒定義正確地活動的時，你就會明白測試質量版本的病毒定義添加了額外的風險。測試病毒定義在病毒爆發高峰的時，用戶不愿意或者不能夠等待病毒定義通過品質檢查。測試版病毒定義在這里可用。
Beta virus definitions have not undergone any quality assurance testing by Symantec Security Response. While Symantec Security Response makes every effort to ensure that all virus definitions function correctly, you should understand that beta-quality virus definitions do pose additional risks. Beta virus definitions are most valuable during a high-level virus outbreak when users are unwilling or unable to wait for virus definitions that have undergone full quality assurance testing. Beta virus definitions are available here.
Blended Threat
被混和的害蟲
這種被混和的害蟲結合了病毒，蠕蟲，特洛依木馬，和針對服務器與Internet的漏洞所進行的發起、傳播和蔓延一個攻擊的惡意代碼。通過可利用的多重方式和技術，這種被混和的害蟲可以迅速地傳播，并且導致大面積受害。被混和的害蟲的特征包含有如下幾個方面：
• 損害原因：對一個目標IP地址實施一個拒絕服務攻擊，損傷Web服務器，或者放上一個木馬程序用來稍候執行。
• 多重形式傳播：掃描尋找一個危及系統安全的漏洞，例如在一臺服務器上把代碼藏入HTML文件，感染訪問這類網站的用戶，或者從被感染的服務器上發送一個未被授權的含有一個蠕蟲附件的Email。
• 多點攻擊：在一個系統上把惡意的代碼注入到.EXE文件中，提升guest帳號級別，加入特權，創建創建World Read和可寫的網絡共享，使注冊表中眾多配置改變，并且把腳本代碼添加到HTML文件中。
• 自動傳播：不斷地掃描Internet上的漏洞，一遍尋找可攻擊的服務器。
• 使用漏洞：利用已知的漏洞，例如緩沖區溢出，Http Input Validation漏洞和已知默認密碼去獲得非法管理員權限的漏洞。
針對這種被混和害蟲的有效保護方法是：獲得一套全面的包含有多種抵御和反應機制的安全解決方案。
Blended threats combine the characteristics of viruses, worms, Trojan horses, and malicious code with server and Internet vulnerabilities to initiate, transmit, and spread an attack. By utilizing multiple methods and techniques, blended threats can spread rapidly and cause widespread damage. Characteristics of blended threats include the following:
• Causes harm: Launches a denial of service attack at a target IP address, defaces Web servers, or plants Trojan horse programs for later execution.
• Propagates by multiple methods: Scans for vulnerabilities to compromise a system such as embedding code in html files on a server, infecting visitors to a compromised Web site, or sending unauthorized email from compromised servers with a worm attachment.
• Attacks from multiple points: Injects malicious code into .exe files on a system, raises the privilege level of the guest aclearcase/" target="_blank" >ccount, creates world read and writable network shares, makes numerous registry changes, and adds script code into html files.
• Spreads without human intervention: Continuously scans the Internet for vulnerable servers to attack.
• Exploits vulnerabilities: Takes advantage of known vulnerabilities such as buffer overflows, http input validation vulnerabilities, and known default passwords to gain unauthorized administrative access.
Effective protection from blended threats requires a comprehensive security solution that contains multiple layers of defense and response mechanisms.
Bug
錯誤
一個在軟件中的設計錯誤，可以導致多余的負面影響。例如：各種各樣的WEB瀏覽器的安全問題，軟件2000年（Y2K）問題。
A programming error in a software program which can have unwanted side effects. Examples: Various web browser security problems, Y2K software problems.
CVE References
CVE參考
一個針對漏洞和其他安全隱患信息的標準的列表的名稱——CVE打算使所有的公共已知的漏洞和安全隱患符合標準。（來源：CVE網站）
A list of standardized names for vulnerabilities and other information security exposures - CVE aims to standardize the names for all publicly known vulnerabilities and security exposures. (Source: CVE Web site)
Exploit
開發
利用某些可以被用來破壞安全或者通過其他方面越過網絡來攻擊主機的軟件漏洞的而實現的一個程序或者一種技術。
A program or technique that takes advantage of a vulnerability in software that can be used for breaking security or otherwise attacking a host over the network.
Firewall Rules
防火墻規則
通過規則來阻礙或允許你的電腦和Internet之間數據傳輸的一種安全系統。
A security system that uses rules to block or allow connections and data transmissions between your computer and the Internet.
Intrusion Detection
入侵察覺
闖入或者嘗試闖入的察覺被記錄在reviewing logs上或其他在網上可用的信息中。
The detection of break-ins or break-in attempts by reviewing logs or other information available on a network.
Macro virus
宏病毒
被寫在內建的應用程序的宏語言中的一段程序或片斷。有些宏復制，有些則感染文檔。
A program or code segment written in the internal macro language of an application. Some macros replicate, while others infect documents.
Systems Affected
系統受影響
容易受到攻擊的操作系統或應用程序。
Refers to operating systems or applications that are vulnerable to a threat.
Systems Not Affected
系統不受影響
不容易受到攻擊的操作系統或應用程序。當更多的關于一個特定的惡意程序的信息可用時，系統列表是可能變化的，
Refers to operating systems or applications that are not vulnerable to a threat. The list of systems may change as more information about a given threat becomes available.
Time stamp of attachment
附件的印時戳
這里指出了附件的日期和時間。
This field indicates the date and time of the file attachment.
Category: Hoax
種類：謠言
通常為一個被用連鎖信的方式來描述一些破壞性很高的不太可能的病毒的類型的電子郵件，你通?？梢园l現認出這種Email，因為沒有文件附件，沒有涉及可以證實這消息可靠的第三方和“發作狀況”概要。
Usually an email that gets mailed in chain letter fashion describing some devastating highly unlikely type of virus, you can usually spot a hoax because there@#s no file attachment, no reference to a third party who can validate the claim and the general @#tone@# of the message.
Category: Joke
種類：玩笑程序
一個會導致各種各樣的良性行為顯示在你的電腦上的無害程序（例如一個不期望出現的屏幕保護程序）。
A harmless program that causes various benign activities to display on your computer (e.g., an unexpected screen-saver).
Category:Trojan horse
種類：特洛依木馬
一個既不復制也不拷貝自己，但卻可以損害或者危及電腦安全的一種程序。典型的樣子：它可能會依賴于電子郵件把它發送給你，它自己不會發送郵件，它可能會通過一個玩笑程序或一些種類的軟件的形式到達你的電腦。
A program that neither replicates or copies itself, but does damage or compromises the security of the computer. Typically it relies on someone emailing it to you, it does not email itself, it may arrive in the form of a joke program or software of some sort.
Category: Virus
種類：病毒
一段可復制，可感染另一個程序、引導區、分區表、或可把自己放入有宏支持的文檔中的一段程序和代碼。大多數的病毒只是復制，但也有不少進行破壞。
A program or code that replicates, that is infects another program, boot sector, partition sector or document that supports macros by inserting itself or attaching itself to that medium. Most viruses just replicate, a lot also do damage.
Category: Worm
種類：蠕蟲
一段進行復制它自己的程序。例如從一張磁盤驅動器到另一個，或者通過使用電子郵件或者一些其他的傳輸裝置復制自己。它會進行破壞并且危及電腦安全。它可能會通過一個玩笑程序或一些種類的軟件的形式到達你的電腦。
A program that makes copies of itself, for example from one disk drive to another, or by copying itself using email or some other transport mechanism. It may do damage and compromise the security of the computer. It may arrive in the form of a joke program or software of some sort.
Variants
變種
直接從已知的病毒中“借”代碼的病毒新模樣，用來改變地位。變種經常在病毒家族名稱后被加一個或者多個字母，例如：VBS.LoveLetter.B，VBS.LoveLetter.C等等。.
New strains of viruses that "borrow" code directly from other known viruses, to varying degrees. Variants are usually identifed by a letter, or letters, following the virus family name, eg. VBS.LoveLetter.B., VBS.LoveLetter.C, etc.

Causes system instability
導致系統不穩定
這一有效載荷會導致電腦死機或者進入一種不期望的行為表現。
This payload might cause the computer to crash or to behave in an unexpected fashion.
Compromises security settings
危及安全設置
這一有效載荷會嘗試獲得使用密碼或者其他系統級別的安全設置。它也可能會搜索電腦的INTERNET處理成分來安裝一個可以使一些人通過INTERNET來進行遠程控制的程序在系統上的這種機會。
This payload might attempt to gain access to passwords or other system-level security settings. It might also search for openings in the Internet processing components of the computer to install a program on that system that could be controlled remotely by someone over the Internet.
Damage
破壞
破壞成分衡量了病毒可能產生的威脅所造成的損害。該方法包括觸發事件、阻塞Email系統、刪除或修改文件、釋放機密信息、性能降低、病毒代碼中的錯誤、危及安全的設置、和使修改變得簡單。
The damage component measures the amount of harm that a given threat might inflict. This measurement includes triggered events, clogging email servers, deleting or modifying files, releasing confidential information, performance degradation, errors in the virus code, compromising security settings, and ease by which the damage might be fixed.
Degrades performance
降低性能
這個有效載荷會使電腦操作慢下來。這可能包括分配可用內存，創建文件而消耗磁盤空間，或者導致程序裝載或執行緩慢。
This payload slows computer operations. This might involve allocating available memory, creating files that consume disk space, or causing programs to load or execute more slowly.
Deletes files
刪除文件
這個有效載荷刪除在硬盤上的各種文件?？赡軙粍h除文件的數目和類型在病毒之中改變。
This payload deletes various files on the hard disk. The number and type of files that might be deleted vary among viruses.
Distribution
分布狀態
這用來衡量一個惡意程序傳播它自己的速度有多快。
This component measures how quickly a threat is able to spread itself.
Encrypted Virus
加密病毒
一個用加密技術來隱藏自己而不被掃描器發現的病毒。這意味著它把攪亂了它的程序代碼，從而使它難以被發現。
A virus that uses encryption to hide itself from virus scanners. That is, it jumbles up it@#s program code to make it difficult to detect.
Geographic distribution
地理分布狀態
這測量了已被報道的病毒地理感染范圍。程度分為高（全球范圍），中（出現在一定的地區），低（停留在一個地方或者根本就沒有傳播）。
This measures the range of separate geographic locations where infections have been reported. The measures are high (global threat), medium (threat present in a few geographic regions), and low (localized or non-wild threat).
Infection length
感染長度
這是被病毒插入到程序中的病毒代碼的大小，用比特來表示。如果這是一個蠕蟲或特洛依木馬則長度表示為該文件的長度。
This is the size, in bytes, of the viral code that is inserted into a program by the virus. If this is a worm or Trojan horse the length represents the size of the file.
Large scale e-mailing
大比例發送E-MAIL
這個有效載荷的類型包括了發送郵件給很多人。這經常是通過訪問一個本地的地址簿和發送在地址簿中有地址的確定數目的電子郵件來實現。
This type of payload involves sending emails out to large numbers of people. This is usually done by accessing a local address book and sending emails to a certain number of people within that address book.
Mobile Code
可移動代碼
代碼（軟件）從一臺主機傳送到客戶機上（或者傳送到另一臺主機上）被執行（運行）。譬如蠕蟲。
Code (software) that is transferred from a host to a client (or another host computer) to be executed (run). When we talk about malicious mobile code we may use a Worm as an example.
Modifies files
修改文件
這個有效載荷改變電腦上的文件內容并且會使文件損壞。
This payload changes the contents of files on the computer and might corrupt files.
Name of attachment
附件名稱
大多數的蠕蟲做為電子郵件附件被傳播。這條指出了通常該附件會被使用的名字。
Most worms are spread as attachments to emails. This field indicates the usual name or names that the attachment might be called.
Number of countries
國家數量
這測量了已知的發現感染的國家數量。
This is a measure of the number of countries where infections are known to have occurred.
Number of infections
感染數量
這測量了已知的被感染的電腦數量。
This measures the number of computers that are known to be infected.
Number of sites
場所數量
這測量了被感染的電腦的場所。這通常引用機構名稱，如公司，政府辦公室，以及類似的。
This measures the number of locations with infected computers. This normally refers to organizations such as companies, government offices, and the like.
Payload
有效載荷
這是病毒發作時的惡意行為。不是所有的病毒都有有效載荷，但有一些執行破壞行為。
This is the malicious activity that the virus performs. Not all viruses have payloads, but there are some that perform destructive actions.
Payload trigger
觸發條件
這是導致病毒激活或激活部分它的有效載荷的條件。一些病毒會在某一個特定的日子引發它們的有效載荷。其它的一些病毒則有可能基于某個特定的程序被執行時或者當Internet連接可用時來引發它們的有效載荷基。
This is the condition that causes the virus to activate or drop its destructive payload. Some viruses trigger their payloads on a certain date. Others might trigger their payload based on the execution of certain programs or the availability of an Internet connection.
Polymorphic Virus
多態病毒
一種當它復制的時候有更改自己字節能力從而避免被簡單的字符串掃描技術發現的病毒。
A virus that has the ability to change its byte pattern when it replicates thereby avoiding detection by simple string scanning techniques.
Ports
端口
這指出惡意程序有可能使用的TCP/IP端口。
This field indicates the TCP/IP ports that the threat might attempt to use.
Releases confidential information
釋放機密信息
這個有效載荷會試圖獲得訪問儲存在電腦上的重要數據的權限，例如就像信用卡帳號。
This payload might attempt to gain access to important data stored on the computer such as credit card numbers.
Removal
移動
這說明了需要從一臺電腦中移走惡意程序的技術級別。移動有時包含刪除文件和修改注冊表入口。有三個級別：困難（需要一個有經驗的技術人員），中等（需要一些專門技術），和簡單（需要一點或者不需要技術）。
This measures the skill level needed to remove the threat from a given computer. Removal sometimes involves deleting files and modifying registry entries. The three levels are difficult (requires an experienced technician), moderate (requires some expertise), and easy (requires little or no expertise).
Retrovirus
反轉錄病毒
一種可以活躍地攻擊一個反病毒程序或者其他程序而達到防止被軟件所發現的病毒。
A computer virus that actively attacks an anti-virus program or programs in an effort to prevent detection.
Sequence number
次序號
次序號只被用于Norton AntiVirus集團的產品，并且表現最新病毒定義或者必需的病毒定義的日期的預備方法。序號總是以積累的形式添加到病毒特征代碼設置上。更高次序號的病毒特征代碼設往往要替代低的。
Sequence numbers are used only by the Norton AntiVirus Corporate products, and are an alternate method of representing the date of the latest definitions or required definitions. Sequence numbers are assigned to signature sets sequentially, and they are always cumulative. A signature set with a higher sequence number supersedes a signature set with a lower sequence number.
Shared drives
共享驅動器
這指出是否該惡意程序會嘗試通過映射驅動器或其他的可能能鑒別用戶的服務器卷標來復制它自己。
This field indicates whether or not the threat will attempt to replicate itself through mapped drives or other server volumes to which the user might be authenticated.
Size of attachment
附件大小
這指附加在被感染郵件的文件大小。
This field indicates the size of the file that is attached to the infected email.
Subject of email
E-mail標題
一些蠕蟲的擴散是通過發送電子郵件發傳送其他用戶的。這指出被蠕蟲發送的電子郵件標題。
Some worms spread by sending themselves to other people through email. This field indicates the subject of the email that is sent by the worm.
Target of infection
感染對象
這指出可能會被病毒感染的文件類型。
This field indicates the types of files that might be infected by the virus.
Technical description
技術描述
這部分描述明確的感染的詳細資料，像注冊表入口修改和被病毒修改的文件
This section describes the specific details of the infection such as registry entry modifications and files that are manipulated by the virus.
Threat assessment
預計損失
這是一個嚴格的病毒、蠕蟲或木馬的等級，它包括這惡意程序導致的損失，擴散到其他電腦上時它會有多快（分布狀態），和已知的感染有多廣泛（野外）。
This is a severity rating of the virus, worm or Trojan horse. It includes the damage that this threat causes, how quickly it can spread to other computers (distribution), and how widespread the infections are known to be (wild).
Threat containment
惡意程序的控制
這測量了當前的反病毒技術能多好的阻止這惡意程序的傳播。作為一個常規的標準，更久的病毒技術通常被很好地被包含；新的惡意程序類型或者非常復雜的病毒能被更難來包含，并且相對的更多的惡意程序出現在社會上。該測量有高（該惡意程序被很好的包含），中（該惡意程序部分被包含），和低（該惡意程序沒有被包含）。
This is a measure of how well current antivirus technology can keep this threat from spreading. As a general rule, older virus techniques are generally well-contained; new threat types or highly complex viruses can be more difficult to contain, and are correspondingly more a threat to the user community. The measures are high (the threat is well-contained), medium (the threat is partially contained), and low (the threat is not currently containable).
Time stamp of attachment
附件的時間標志
這指出文件附件的日期和時間。
This field indicates the date and time of the file attachment.
Virus definitions
病毒定義
這指出當病毒特征定義庫包括了一個病毒的保護，你可以通過LiveUpdate， Intelligent Updaters或者Special Definitions進行升級。
This field indicates when virus definitions that include protection for this virus were publicly available via LiveUpdate, the Intelligent Updaters or Special Definitions. Click here to download certified Virus Definitions from the Symantec Web site.
Virus Definitions (Intelligent UpdaterTM)
病毒定義（Intelligent UpdaterTM ）
Intelligent UpdaterTM所升級的病毒定義已經經過了Symantec Security Response的全面的測試。它們會在美國的工作日（星期一到星期五）中被公布。這些升級是要從Symantec Security Response的網站上下載并且手工安裝的。受益于每天下載和安裝Intelligent UpdaterTM的用戶是企業網絡管理員，和承受網絡潛在危險行為的終端用戶（例如，點擊來自未知發送者的email附件或者包含有一個從新聞組或可疑網站下載文件的未知郵件。等等,

原文轉自：http://www.kjueaiud.com