Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Worm bait?



On Wed, Aug 20, 2003 at 11:20:23AM -0400, Derek Martin wrote:
> On Wed, Aug 20, 2003 at 10:17:41AM -0400, Jeff Kinz wrote:
> > > > Trojan - any program described to be benign or beneficial but actually
> > > > a worm or virus in disguise.  See "Trojan Wars".
> > None of the specifics you give here conflict with the general definition
> > I gave above.
> 
> From a purely semantic perspective, it does.  You state that a trojan

> is a worm or virus in disguise.  This is false.  In order to be a
Yes - your right, I was too narrowly focused on the topic of discussion.
quoting myself:  (Mine behind hast been bit by mine own verbiage! oucheth... :-) )

> From a practical perspective, it's close enough.
> 
> One issue here is, who gets to define these terms?  The technical
> definitions of these various forms of attack comes to us by way of
> those who created them, but the meanings become interpreted over time
> throught the use and misuse of them by the general public.  Words mean
> what you use them to mean.  Whose definition is authoritative?
> 
> FWIW, here are the definitions as I have come to know them:
> 
> Virus: 	any program capable of replicating itself in some manner.
> 
> Worm: 	any program which automatically seeks to gain entrance to remote
> 	systems, and which when it succeeds, starts a new instance of
> 	itself on the new host
> 
> Trojan: any program which secretly does something other than what it
>         purports to do
> 
> Backdoor: any program used to provide a non-conventional means of
> 	remotely accessing a system
> 
> Bot:	any program which automatically intercepts events and acts on
> 	them on behalf of its user

I like these definitions.  There are both general enough to not miss 
possible modius operandi and yet they truly reflect the nature of
entity.

One quibble - (well sure, there had to be one didn't there? :) )
Doesn't a virus have to reproduce by inserting its executable code
within or by replacing an existing executable on the victimized host
system?  Isn't that what distinguishes it from a worm?

> 
> So then, a worm is a specific kind of virus, because it
> self-replicates.  

Hmm - I'm trying to seperate worms and virii into different beasts.
You are making a worm a sub-species of virus.  hmmm.
Could go either way I guess. But I think the insertion of virii's
executable code into an existing executable is an important distinction.

-- 
Jeff Kinz, Open-PC, Emergent Research,  Hudson, MA.  jkinz at kinz.org
copyright 2003.  Use is restricted. Any use is an 
acceptance of the offer at http://www.kinz.org/policy.html.
Don't forget to change your password often.




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org