Blind Drop – A drop that is well hidden and is designed to run while unattended, until an attacker comes to collect the data. In the case of remote access Trojans, can also refer to file hidden locally.

Bot – A computer infected with software that allows it to be controlled by a remote attacker. Also used to refer to the malware itself which allows that control.

Carder – Someone who trades in stolen credit card and cardholder data.

Downloader – A small piece of code, usually a single instruction, used in the payload of an exploit to silently fetch a malicious EXE file from the attacker's server.

Drop – A clandestine computer or service [such as e-mail account] that collects data stolen by a Trojan.

Dump – As a noun, used interchangeably with “drop.” As a verb it means to transfer data onto a machine for analysis, or to discard an exe after reverse engineering.

exe – A Windows executable program. In a malware attack, the "exe" refers to the malicious progam which infects the victim's PC.

Exploit – Code used to take advantage vulnerabilities in software code and configuration, usually to install malware.

Form-grabber – A program that steals information submitted by a user to a web site. (Originally forms were the only way to submit user input to a web server, but now the meaning has changed to encompass any HTTP communication using a POST request.)

Gozi – One of a family of Trojans written by Russian RATs known as the HangUp Team, used in a string of attacks orchestrated by a group known as 76service.

iFrame – A special tag used to load one web page into a part of another webpage. Used by iFramers to load malicious code, often JavaScript, onto an otherwise trusted page.

iFramer – A person who places a malicious IFRAME (in-line frame) tag into web pages, usually on compromised web sites, and then charges malware developers for access to those iFrames as a distribution method for Trojans.

Keylogger – A program that logs user input from the keyboard, usually without the user's knowledge or permission.