Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: [Dshield] Economic statistics
.

  • To: General DShield Discussion List <[EMAIL PROTECTED]>
  • Subject: Re: [Dshield] Economic statistics
  • From: Keith Bergen <[EMAIL PROTECTED]>
  • Date: Wed, 1 Oct 2003 14:10:21 -0400
  • Old-x-envelope-to: [EMAIL PROTECTED]
  • Reply-to: General DShield Discussion List <[EMAIL PROTECTED]>
  • Sender: [EMAIL PROTECTED]
.
 
---- Original message ----
>Date: Wed, 01 Oct 2003 09:54:46 -0700
>From: John Hardin <[EMAIL PROTECTED]>  
>Subject: Re: [Dshield] Economic statistics  
>To: General DShield Discussion List <[EMAIL PROTECTED]>
>
>On Tue, 2003-09-30 at 12:23, 
[EMAIL PROTECTED] wrote:
>> >the difference between a virus and a worm lies
>> >with the mode of replication, does it not? I once
>> >had this down pat, but lack of discussion has
>> >made my memory foggy.
>> 
>> Actually, I believe that, technically, worms are a subset 
of viruses (i.e.
>> all worms are also viruses, but not all viruses are worms).
>
>Huh? Since when do worms spread by infecting other programs?
>
>> The defining characteristic of a worm, as opposed to other 
types of
>> viruses, is that a worm does not require any human action 
to
>> spread....
>
>Really? Lots of viruses spread without human interaction.
>
>How about this:
>
>A virus is program code that spreads by attaching itself to 
other,
>legitimate program or document files. It must have write 
access to files
>in order to spread. If those programs or documents are 
transmitted to
>other computers, or are on shared storage, it will be able 
to spread to
>other computers when the infected file is accessed. This may 
or may not
>require user action depending on the nature of the infected 
file
>(consider, for example, an infected file that is called from 
your
>network-wide user login script).
>
>A worm is program code that spreads by directly attacking 
remote
>systems, either through a flaw in a network service that 
allows the worm
>to inject its code into the new system, or through a flaw in 
some user
>tool that a user uses to process the file when it's 
received. This
>divides worms into two categories: autonomous, which 
directly attack
>publicly visible system services without human intervention, 
and ... uh
>... (somebody suggest a better name than non-autonomous) 
that require
>the user to interact (if only to the extent of starting 
Outlook to
>retrieve messages). 
>
>Perhaps: viruses attack files, worms attack services?

I agree with these. I offer up another definition to simplify.

A worm is a virus that will propagate by itself, or without 
user interaction.

MBlaster worm attached automatically to a vulnerable 
computer, and then used that computer to start attacking 
others. The user of the computer never saw anything.

A virus is spread by somebody reading an infected email, or 
going to an infected web page, or running a program of some 
sort.

Keith.

_______________________________________________
list mailing list
[EMAIL PROTECTED]
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.