Hosting Provided By

Re: Internet worm / definitions

From: <a.j.lee(at)dorsetcc.gov.uk>
Date: Thu May 15 2003 - 10:46:22 EDT

This is a slightly controversial area (i.e. the experts don't necessarily agree), however, loosely speaking the
difference between a worm and a virus is that the latter infects files, and the former infects systems.
A chap called Simon Widlake (sadly now deceased), defined it thus - "Viruses infect - Worms infest"
A true virus requires a host file (of whatever type - PE, executable etc) to attach to/insert itself into whereas worms are self contained, dropping copies of themselves onto the system. Most of the modern crop of worms that
we see fall into this category because they do not actually infect any other files. Some fall into both, - such as Klez, which is a worm, but which drops a virus called Elkern. True worms such as Slammer, CodeRed, Slapper, do not require intervention to run, and in the case of the first two, never drop any files of themselves at all, they exist only "on the wire" or in the memory of the machines they infect. However, it is usual to refer to both these true worms and the other type all as worms. As with many such things, there are few people who care enough to use the terms in their technically correct fashion, hence the ultimate confusion.

regards

- Andrew J. Lee Senior ICT Officer Dorset County Council AVIEN Founding Member | http://avien.org Wildlist Reporter | http://wildlist.org

                      Joao Schim                                                                                                 
                               To:       Focus-Virus                              
                                               cc:                                                                               
                      15/05/2003 14:38         Subject:  Internet worm / definitions

Hello virus people,

Various organisations, virus professionals, classify almost all modern virusses as being an "Internet Worm"..

What exactly is it that makes a virus a worm? Logic thinking might imply that only virusses that send them selves automatically without user intervention should be called worm. But seemingly even virusses that get _activated_ by users, by means of opening atachements, are called Internet worms..

What is the difference between a Worm and a *regular* i.e. mass-mailing virus? Or is any via internet-transported virus a worm per definition ?

Thanks for explaining in advance.

Do you need help?

Joao.

Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-focus-virus

Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-focus-virus

Received on Thu May 15 12:29:20 2003

This message: [ Message body ]
Next message: Dave: "Re: NT Partitions"
Previous message: Duncan Gray: "Re: NT Partitions"
Maybe in reply to: Joao Schim: "Internet worm / definitions"
Reply: Kevin Patz: "Re: Internet worm / definitions"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:39 EDT