Re: Worm vs a Trojan Horse -- differences?
From: Robert Moir (robspamtrap+msnews_at_gmail.com)
Date: 05/30/05
- Next message: JCB_MCSE_wannabe: "Kerberos machine authentication - apparent authentication failures"
- Previous message: Steven L Umbach: "Re: Please help. Cannot access hotmail or run CMD after playing with roaming profiles"
- In reply to: Karl Levinson, mvp: "Re: Worm vs a Trojan Horse -- differences?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 30 May 2005 09:18:43 +0100
Karl Levinson, mvp wrote:
> "Robert Moir" <robspamtrap+msnews@gmail.com> wrote in message
> news:%23uhoJ2pYFHA.3516@TK2MSFTNGP10.phx.gbl...
>
>> A worm is a subclass of virus (or arguably viruses are a subclass of
> worms,
>> but anyway) that spreads from machine to machine via the network.
>
> Agreed. As I understand it, some anti-virus experts assert that to
> be a worm, the malware must spread and infect other systems with zero
> user interaction, like the Blaster worm or the Morris worm. Most
> people and anti-virus companies do not seem to entirely follow this
> definition, because email "worms" often require user interaction such
> as the user opening up the attachment. So there is a little
> disagreement as to whether certain email "worms" and NetBIOS worms
> are really worms.
I think theres a traditional definition of "Worm" (no user interaction) and
a modern definition of "Worm" (hey we've got email now!).
> However, some email viruses can spread without
> interaction, some cannot, and some can do so only sometimes, e.g. if
> the system is missing a patch. I'm not sure I see the wisdom of
> drawing an imaginary line between these different email viruses,
> given that they have more similarities than differences.
I don't see the point either, unless it makes a difference to how we treat
the problem.
> Recent malware can have the properties of more than one category of
> virus, making it tricky to categorize them. For example, some worms
> and viruses can install a "Trojan" or have characteristics that are
> identical to Trojans. So while it is true that Trojans as defined
> are not supposed to have the ability to reproduce, things get blurred
> a little when a Trojan is combined with a worm.
>
> Then there are Trojans like the Download.ject Trojan. Technically
> speaking, the user was installing a Trojan program as per the
> definition of Trojan. But the user had no idea she was installing a
> program. All she had done was view a web page, or a banner ad on a
> totally legitimate web page. Even though web pages can call or
> install executable code, that to me seems to bend the traditional
> definition of Trojan.
Not so much bend it as enlarge it imho, as we're not changing the current
rules but simply adding a few more to the list. But yes I see what you're
saying.
We have to consider too how definitions help end users. Most people are not
terribly interested in what we call their problem exactly, as long as we
tell them how to fix it!
> Worms often have the ability to spread quickly to a large number of
> systems and exist for years, while Trojans will often remain fairly
> rare and eventually die out. This is not always the case, however,
> because of the above blurring and combining of functionality.
I might re-write my Malware FAQ document to address this sort of thing, if i
ever get time!
- Next message: JCB_MCSE_wannabe: "Kerberos machine authentication - apparent authentication failures"
- Previous message: Steven L Umbach: "Re: Please help. Cannot access hotmail or run CMD after playing with roaming profiles"
- In reply to: Karl Levinson, mvp: "Re: Worm vs a Trojan Horse -- differences?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
