Re: Worm vs a Trojan Horse -- differences?
From: Karl Levinson, mvp (levinson_k_at_despammed.com)
Date: 05/28/05
- Next message: Karl Levinson, mvp: "Re: Port Range in Exceptions"
- Previous message: Robert L [MS-MVP]: "Re: VPN between 2 2k3 servers"
- In reply to: Robert Moir: "Re: Worm vs a Trojan Horse -- differences?"
- Next in thread: Robert Moir: "Re: Worm vs a Trojan Horse -- differences?"
- Reply: Robert Moir: "Re: Worm vs a Trojan Horse -- differences?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 28 May 2005 08:57:21 -0400
"Robert Moir" <robspamtrap+msnews@gmail.com> wrote in message
news:%23uhoJ2pYFHA.3516@TK2MSFTNGP10.phx.gbl...
> A worm is a subclass of virus (or arguably viruses are a subclass of
worms,
> but anyway) that spreads from machine to machine via the network.
Agreed. As I understand it, some anti-virus experts assert that to be a
worm, the malware must spread and infect other systems with zero user
interaction, like the Blaster worm or the Morris worm. Most people and
anti-virus companies do not seem to entirely follow this definition, because
email "worms" often require user interaction such as the user opening up the
attachment. So there is a little disagreement as to whether certain email
"worms" and NetBIOS worms are really worms. However, some email viruses can
spread without interaction, some cannot, and some can do so only sometimes,
e.g. if the system is missing a patch. I'm not sure I see the wisdom of
drawing an imaginary line between these different email viruses, given that
they have more similarities than differences.
Recent malware can have the properties of more than one category of virus,
making it tricky to categorize them. For example, some worms and viruses
can install a "Trojan" or have characteristics that are identical to
Trojans. So while it is true that Trojans as defined are not supposed to
have the ability to reproduce, things get blurred a little when a Trojan is
combined with a worm.
Then there are Trojans like the Download.ject Trojan. Technically speaking,
the user was installing a Trojan program as per the definition of Trojan.
But the user had no idea she was installing a program. All she had done was
view a web page, or a banner ad on a totally legitimate web page. Even
though web pages can call or install executable code, that to me seems to
bend the traditional definition of Trojan.
Worms often have the ability to spread quickly to a large number of systems
and exist for years, while Trojans will often remain fairly rare and
eventually die out. This is not always the case, however, because of the
above blurring and combining of functionality.
- Next message: Karl Levinson, mvp: "Re: Port Range in Exceptions"
- Previous message: Robert L [MS-MVP]: "Re: VPN between 2 2k3 servers"
- In reply to: Robert Moir: "Re: Worm vs a Trojan Horse -- differences?"
- Next in thread: Robert Moir: "Re: Worm vs a Trojan Horse -- differences?"
- Reply: Robert Moir: "Re: Worm vs a Trojan Horse -- differences?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
