Hosting Provided By

RE: Internet worm / definitions

From: Harley David <david.harley(at)nhsia.nhs.uk>
Date: Fri May 16 2003 - 12:46:38 EDT

I'm not sure "logical" is quite the word to describe your distinction. Computer worms behave even less like real worms than computer viruses behave like biological viruses... The sad fact is, religious wars have been fought about the distinctions between worms, viruses and Trojans without achieving an authoritative definition. The most usual stances are:

Worms are a special case of virus. Fred Cohen, who is kind of responsible for the convention that replicative malware is called a virus, said that, more or less, and a good few researchers who are still in the field still hold to the view that if it replicates it's a virus.
Worms are not viruses because they're not parasitic. However, it's possible to argue that they are, except that they tend to parasitise networks or operating systems rather than applications or code-bearing documents. On the other hand, you can argue that they don't insert themselves into the chain of command of a legitimate program, as viruses do.
Worms are not viruses because they're self-launching. I think this is probably the least convincing, but frankly, I don't care very much.

The fact is, the distinctions aren't important, not only because most people don't care about the precise terminology for the malware that compromised their system, but also because most contemporary malware is arguably hybrid. Email viruses can be described as worms because they aren't necessarily directly parasitic, but they also meet some definitions of a Trojan.

Now can we get on to serious stuff like what the plural of virus should be? ;-)

-- 
David Harley
Threat Assessment Centre Manager
Malware/Email Abuse Response Technical Lead
National Health Service Information Authority
http://www.viruses-revealed.org.uk/



-----Original Message-----
From: Joao Schim [mailto:joao@bowtie.nl]
Sent: 15 May 2003 14:38
To: Focus-Virus
Subject: Internet worm / definitions


Hello virus people,

Various organisations, virus professionals, classify almost all modern
virusses as being an "Internet Worm".. 

What exactly is it that makes a virus a worm? Logic thinking might 
imply that only virusses that send them selves automatically 
without user intervention should be called worm.  
But seemingly even virusses that get _activated_ by users, by means
of opening atachements, are called Internet worms..

What is the difference between a Worm and a *regular* i.e. mass-mailing
virus? Or is any via internet-transported virus a worm per definition ?

Thanks for explaining in advance.

Joao.

---------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies 
that are enforced to protect WLANs from known vulnerabilities and threats. 
Learn to design, implement and enforce WLAN security policies to lockdown
enterprise WLANs.

To get your FREE white paper visit us at:    
http://www.securityfocus.com/AirDefense-focus-virus
----------------------------------------------------------------------------
This e-mail is confidential and privileged.  If you are not the intended
recipient please accept our apologies;  please do not disclose, copy or
distribute information in this e-mail or take any action in reliance on its
contents:  to do so is strictly prohibited and may be unlawful.  Please
inform us that this message has gone astray before deleting it.  Thank you
Do you need help? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
for your co-operation.

---------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies 
that are enforced to protect WLANs from known vulnerabilities and threats. 
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at:    
http://www.securityfocus.com/AirDefense-focus-virus
----------------------------------------------------------------------------

Received on Fri May 16 12:52:04 2003

This message: [ Message body ]
Next message: Brad: "RE: Internet worm / definitions"
Previous message: Kevin Patz: "Re: Internet worm / definitions"
Maybe in reply to: Joao Schim: "Internet worm / definitions"
Next in thread: Brad: "RE: Internet worm / definitions"
Reply: Brad: "RE: Internet worm / definitions"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:39 EDT