Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On Tue, Aug 19, 2003 at 09:05:15PM -0400, Johannes B. Ullrich wrote: > > Terminology question. What's a 'worm' vs. 'virus' vs. 'trojan horse' > Worm: self propagating malware which does not require user interaction > Virus: Malware that uses e-mail to propagate and usually requires at > least that you as a user load it into your MUA. Does not always require > 'opening'. But for example, it will not propagate if you keep it sitting > on your mail server. > Trojan Horse: Program that escalates privilaeges by tricking a > privileged user into executing it. > Backdoor: non-standard remote admin method :-/ > Bot: IRC controlled backdoor > Auto Rooter: software that uses an exploit and installs backdoor without > user interaction. > > anyway. just a quick off the cuff list. not meant to be authoritative. Hi Johannes, I think your definitions may be too narrow and too tied to the recent ways they are used to attack MS systems. Virii don't need email, or user interaction unless they are email based. Trojans don't need privileged users user's to run them, they can be designed to exploit system resident security holes and only need to be run by ordinary user's. Bot's are not always IRC controlled. By the way - does the existence of an "Auto Rooter" imply a "Roto Rooter" tool that cleans up after it ? :-) We have to be careful not let the MS systems state of easy vulnerability prejudice our thinking about how malware functions or we will forget the many other ways these malware tools can be configured and operate. By the way - I just checked out SANS (http://isc.sans.org). Very Nice site. Great info. Anyone who wants more info about the current state of the internet vis-a-vis security and traffic issues should check it out. Wonderful information. You guys are really on top of things. -- Jeff Kinz, Open-PC, Emergent Research, Hudson, MA. jkinz at kinz.org copyright 2003. Use is restricted. Any use is an acceptance of the offer at http://www.kinz.org/policy.html. Don't forget to change your password often.
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |