Dark web

The dark web is World Wide Web content that exists on darknets and can only be accessed using special software (e.g. Tor). The dark web forms part of the deep web, i.e. the part of the web that is not accessible to search engines. The term dark web should not be confused with dark net or deep web.


A darknet is an overlay network (i.e. a network built on top of another network – in this case, the Internet) that isn’t discoverable by normal methods and can only be accessed using special software like Tor. Darknets are designed to preserve the privacy of those using them. Traffic is routed through a network of widely-distributed servers, making it difficult to trace. Often, traffic is also encrypted. Darknets are used by different groups, including people sharing illegal content, cybercriminals and… Read Full Article

DDoS (Distributed Denial of Service) attack

A DDoS attack differs from a DoS attack only in the fact that the attack is conducted using multiple computers. The attacker typically uses one compromised computer as the master and co-ordinates the attack across other (botnet).


A computer program that takes as input an executable file, and attempts to create a high level, compilable source file that does the same thing. Decompilers usually do not perfectly reconstruct the original source code, and can vary widely in the intelligibility of their outputs. Used primarily as a tool in software reverse engineering.

Deep web

The deep web (or hidden web, or invisible web) is that part of the World Wide Web that is not accessible to search engines. This includes proprietary corporate data, confidential public data protected by government regulation, commercial information accessible only to selected groups of people (e.g. subscriber-only sites), private e-mail, private social media content, etc. The part of the web that is indexed is known as the surface web. It has been estimated that the surface web makes up only… Read Full Article

Default Deny (Application control)

An Application Control scenario meaning the prohibition of any application that was not specifically mentioned on administrator-prepared whitelists. It requires a whitelist of work-related apps to be compiled beforehand. While greatly reducing the potential attack surface (NOTHING that is not included on the admin’s whitelist, except system components, will run – including malware) and increasing productivity (no work-unrelated software will be able to run), it also reduces maintenance costs providing higher stability for endpoints due to reduction of “DLL hell,”… Read Full Article

Dictionary attack

This is a method for guessing a password (or the key used to encrypt a message) that involves systematically trying each word in a dictionary until the correct word is found. This only works if someone has used an everyday word as a password – rather than using a combination of letters, numbers and non-alpha-numeric characters. If someone has used a complex password, it is necessary to employ a brute-force attack. One way to reduce the susceptibility to a dictionary… Read Full Article

Digital certificate

A digital certificate, also known as a public key certificate is an electronic document used to prove ownership of a public key. The certificate includes information about the key, information about its owner’s identity, and the digital signature of an entity that has verified the certificate’s contents are correct. If the signature is valid, and the person examining the certificate trusts the signer, then they know they can use that key to communicate with its owner.

Digital currency

Digital currency (or digital money) uses an Internet-based medium of exchange instead of physical money, i.e. notes and coins. This could be used to buy and sell physical goods and services, or it could be a money substitute that is only accepted within a specific virtual community (e.g. an online game). A crypto-currency uses encryption to secure transactions and generate units of currency: Bitcoin is probably the best-known crypto-currency.

DNS Changer

DNS Changers are malicious programs that modify a computer’s DNS configuration settings, so that instead of the computer pointing to a legitimate DNS server, it points to a server under the control of the cybercriminals. The victim may be re-directed to advertisement web sites created by the cybercriminals, or to legitimate sites where advertisements have been replaced by the cybercriminals with their own.

DNS (Domain Name System) server

DNS servers located throughout the Internet are responsible for the translation of domain names into IP addresses. When a user types in a URL, a nearby DNS server will map the domain to an IP address or pass it to another DNS server. There is also a sort of ‘mini DNS server’ stored within Microsoft Windows operating systems, called the hosts file.

DNS poisoning

DNS poisoning is the manipulation of IP addresses for entries stored in the cache of a smaller DNS server: the aim is to make the DNS server respond, not with the correct IP address, but with one that contains malicious code. DNS poisoning is only possible where there is a vulnerability or other security weakness in the operating system running on the DNS server.

DNS spoofing

A computer hacking attack, whereby data is introduced into a Domain Name System (DNS) resolver’s cache, causing the name server to return an incorrect IP address, diverting traffic to the attacker’s computer (or any other computer).

Domain name

Domain names are used to locate an organization on the Internet. Each domain name maps to a specific IP address. The translation of domain names into IP addresses is carried out by DNS servers located throughout the Internet. When a user types in a URL, a nearby DNS server will map the domain to an IP address or pass it to another DNS server. There is also a sort of ‘mini DNS server’ stored within Microsoft Windows operating systems, called… Read Full Article

DoS (Denial of Service) attack

A DoS attack is designed to hinder or stop the normal functioning of a web site, server or other network resource. There are various ways for attackers to achieve this, but in general terms it involves manipulating the way incoming data is handled by the server to overload it with network traffic. This prevents it from carrying out its normal functions and in some circumstances crashes the server completely.


Not a virus. A downloader is designed to download other programs to a computer. It may act as a malware update program, installing the latest version of a virus, worm or Trojan, thus extending the functionality of the malware already installed on the computer.

Drive-by attack

Drive-by downloads are a common method of spreading malware. Cybercriminals look for insecure web sites and plant a malicious script into HTTP or PHP code on one of the pages. This script may install malware directly onto the computer of someone who visits the site, or it may take the form on an IFRAME that re-directs the victim to a site controlled by the cybercriminals. In many cases the script is obfuscated, to make it more difficult for security researchers… Read Full Article


Droppers are programs that secretly install malicious programs, built into their code, on a computer. Typically, the programs dropped onto the victim’s computer are saved and launched without any notification (or a fake notification may be displayed). Droppers are used to secretly install other malware or to help known malicious programs to evade detection (not all anti-malware programs are capable of scanning all components inside a dropper.