BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Worm bait?

Subject: Worm bait?
From: jkinz at kinz.org (Jeff Kinz)
Date: Wed, 20 Aug 2003 11:53:53 -0400
In-reply-to: <20030820152023.GQ22784@sophic.org>; from invalid@pizzashack.org on Wed, Aug 20, 2003 at 11:20:23AM -0400
References: <20030819213035.H2712@redline.ne2.client2.attbi.com> <200308200408.AAA13244603@shell.TheWorld.com> <20030820101741.A18826@redline.ne2.client2.attbi.com> <20030820152023.GQ22784@sophic.org>

On Wed, Aug 20, 2003 at 11:20:23AM -0400, Derek Martin wrote:
> On Wed, Aug 20, 2003 at 10:17:41AM -0400, Jeff Kinz wrote:
> > > > Trojan - any program described to be benign or beneficial but actually
> > > > a worm or virus in disguise.  See "Trojan Wars".
> > None of the specifics you give here conflict with the general definition
> > I gave above.
> 
> From a purely semantic perspective, it does.  You state that a trojan

> is a worm or virus in disguise.  This is false.  In order to be a
Yes - your right, I was too narrowly focused on the topic of discussion.
quoting myself:  (Mine behind hast been bit by mine own verbiage! oucheth... :-) )

> From a practical perspective, it's close enough.
> 
> One issue here is, who gets to define these terms?  The technical
> definitions of these various forms of attack comes to us by way of
> those who created them, but the meanings become interpreted over time
> throught the use and misuse of them by the general public.  Words mean
> what you use them to mean.  Whose definition is authoritative?
> 
> FWIW, here are the definitions as I have come to know them:
> 
> Virus: 	any program capable of replicating itself in some manner.
> 
> Worm: 	any program which automatically seeks to gain entrance to remote
> 	systems, and which when it succeeds, starts a new instance of
> 	itself on the new host
> 
> Trojan: any program which secretly does something other than what it
>         purports to do
> 
> Backdoor: any program used to provide a non-conventional means of
> 	remotely accessing a system
> 
> Bot:	any program which automatically intercepts events and acts on
> 	them on behalf of its user

I like these definitions.  There are both general enough to not miss 
possible modius operandi and yet they truly reflect the nature of
entity.

One quibble - (well sure, there had to be one didn't there? :) )
Doesn't a virus have to reproduce by inserting its executable code
within or by replacing an existing executable on the victimized host
system?  Isn't that what distinguishes it from a worm?

> 
> So then, a worm is a specific kind of virus, because it
> self-replicates.  

Hmm - I'm trying to seperate worms and virii into different beasts.
You are making a worm a sub-species of virus.  hmmm.
Could go either way I guess. But I think the insertion of virii's
executable code into an existing executable is an important distinction.

-- 
Jeff Kinz, Open-PC, Emergent Research,  Hudson, MA.  jkinz at kinz.org
copyright 2003.  Use is restricted. Any use is an 
acceptance of the offer at http://www.kinz.org/policy.html.
Don't forget to change your password often.

References:
- Worm bait?
  - From: jkinz at kinz.org (Jeff Kinz)
- Worm bait?
  - From: dracus at TheWorld.com (J. Hunter Heinlen)
- Worm bait?
  - From: jkinz at kinz.org (Jeff Kinz)
- Worm bait?
  - From: invalid at pizzashack.org (Derek Martin)

Prev by Date: Worm bait?
Next by Date: Worm bait?
Previous by thread: Worm bait?
Next by thread: Worm bait?
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org