Worm bait?

Jeff Kinz jkinz at kinz.org
Wed Aug 20 10:49:47 EDT 2003


On Tue, Aug 19, 2003 at 09:05:15PM -0400, Johannes B. Ullrich wrote:
> > Terminology question.  What's a 'worm' vs. 'virus' vs. 'trojan horse'
> Worm: self propagating malware which does not require user interaction
> Virus: Malware that uses e-mail to propagate and usually requires at
> least that you as a user load it into your MUA. Does not always require
> 'opening'. But for example, it will not propagate if you keep it sitting
> on your mail server.
> Trojan Horse: Program that escalates privilaeges by tricking a
> privileged user into executing it.
> Backdoor: non-standard remote admin method :-/
> Bot: IRC controlled backdoor
> Auto Rooter: software that uses an exploit and installs backdoor without
> user interaction.
> 
> anyway. just a quick off the cuff list. not meant to be authoritative.

Hi Johannes,
I think your definitions may be too narrow and too tied to the recent
ways they are used to attack MS systems. Virii don't need email, or user
interaction unless they are email based.  Trojans don't need privileged
users user's to run them, they can be designed to exploit system
resident security holes and only need to be run by ordinary user's.
Bot's are not always IRC controlled.

By the way - does the existence of an "Auto Rooter" imply a 
"Roto Rooter" tool that cleans up after it ? :-)

We have to be careful not let the MS systems state of easy vulnerability
prejudice our thinking about how malware functions or we will forget
the many other ways these malware tools can be configured and operate.

By the way - I just checked out SANS (http://isc.sans.org).  Very Nice
site.  Great info.  Anyone who wants more info about the current state
of the internet vis-a-vis security and traffic issues should check it
out.  Wonderful information.  You guys are really on top of things.



-- 
Jeff Kinz, Open-PC, Emergent Research,  Hudson, MA.  jkinz at kinz.org
copyright 2003.  Use is restricted. Any use is an 
acceptance of the offer at http://www.kinz.org/policy.html.
Don't forget to change your password often.



More information about the Discuss mailing list