What is the difference between a worm and a trojan ?

Discussion in 'Spyware' started by Peter Meister, May 19, 2004.

  1. Ok, I know the difference between a virus and a trojan. But what is the difference between a worm
    and a trojan? Is the one a subset of the other type or are they completele different ?

    Peter
     
    Peter Meister, May 19, 2004
    #1
    1. Advertisements

  2. A worm is a self-replicating piece of code that doesn't require the user
    to take action in order to activate it. It infects a machine, then goes
    looking for other machines to infect, all the while unattended and most
    likely unnoticed by the user. Worms are typically self-contained; i.e.
    they don't infect other files.
    A trojan is a program that appears to be something it's not; typically
    something interesting, amusing or beneficial. It can masquerade as a utility
    ("Click here to protect your computer against viruses!") or as something
    else ("Click here to see Britny naked!").
     
    Ben M. Schorr, MVP-OneNote, May 19, 2004
    #2
    1. Advertisements

  3. Peter Meister

    kurt wismer Guest

    that part is debatable... if you add that criteria we're left with a
    wide variety of self-replicating malware that has no classification...
     
    kurt wismer, May 19, 2004
    #3
  4. Many worms require human interaction in order to function, in fact
    most of the more common ones do. The most pure forms of worm
    do infact do as you say, however it is not a defining factor.
    Some definitions do indeed say this, but it is an inadequate definition
    because some worms don't do *this* either.
    Superfluous, but not incorrect.
    Usually referred to as "does not *need* to infect programs", as opposed
    to viruses which *do* need to infect programs.

    (files are not the only things that can be considered programs)
    ....or is something else in addition to what it appears to be.
     
    FromTheRafters, May 20, 2004
    #4
  5. Peter Meister

    data64 Guest

    (Peter Meister) wrote in online.com:
    What is the difference between a virus and a worm ?

    data64
     
    data64, May 20, 2004
    #5
  6. You can't catch fish with a virus?

    Okay, in case you were serious.

    My favorite definition so far...

    Virus:

    A computer virus is a self-replicating program containing code
    that explicitly copies itself and that can "infect" other
    programs by modifying them or their environment such that a
    call to an infected program implies a call to a possibly
    evolved copy of the virus.

    ....and by deduction...

    Worm:

    Another kind of self replicating program that need not conform
    to the above definition.

    Unfortunately, this leaves rabbits (computer bacteria) within the
    realm of worms if they don't "infect".
     
    FromTheRafters, May 20, 2004
    #6
  7. Peter Meister

    kurt wismer Guest

    both are self-replicating malware... a virus must be able to 'infect' a
    host 'program' and a worm must be able to reproduce without infecting
    a host program (where 'program' is understood to mean 'a sequence of
    executable or interpretable instructions' and 'infect' is understood to
    mean 'attach to a host in such a way that when an attempt is made to
    execute the host the infector executes as well as or instead of the
    host')...

    of course these are not mutually exclusive, a worm that can also infect
    or a virus that can also spread without infecting is allowed -
    worm/virus hybrids are sometimes lumped into the blanket term 'blended
    threat'...
     
    kurt wismer, May 20, 2004
    #7
  8. kurt wismer wrote:
    That's one reason why the taxonomy of malware has lost its meaning. Many
    of them try to do many things.

    Once upon a time there were distinctions. The difference between a virus
    and trojan was in motivation. Viruses try to spread as much as possible,
    and often send information about their hosts to the attacker. Trojans
    try to give control of the infected machine to the attacker.

    The subdivision virus vs. worm was historic. First viruses had to store
    themselves on floppies, because sneakernet was the only medium
    available. When networked computers became common, it was enough to
    infect a running application instance (worm). You could get rid of a
    worm by turning power off.

    But as mentioned, the differences don't count anymore.

    -- Lassi
     
    Lassi =?iso-8859-1?Q?Hippel=E4inen?=, May 20, 2004
    #8
  9. Peter Meister

    kurt wismer Guest

    i'm afraid you are mistaken...
    a) you're apparently mistaking backdoor trojans for all trojans - not
    all are intended to give remote access, that's a relatively new
    capability...
    b) virus infection creates a trojan out of the host program - it always
    has done...
    viruses didn't have to do any such thing... viruses infected programs,
    they always did... those programs may be on the floppy disk or the user
    may later move them on to a floppy disk... regardless, programs were
    shared often enough that no special effort needed to be made to ensure
    distribution between machines...
    that's an issue of how it's implemented, not how it's defined...
    respectfully, i think it may be that you were misunderstanding the
    differences in the first place... it's not hard, there are no end of
    computer jargon files out there that people think are authoritative but
    are in fact woefully inadequate when they attempt to cover this field
    with a few short lines... i've been following this field for the past
    15 years and i can't think of a single instance of a major redefinition
    of any of the principle concepts (virus, worm, or trojan) during that
    time...
     
    kurt wismer, May 20, 2004
    #9
  10. No, I was simplifying (maybe too far). I tried to show the architectural
    differences in malware types. But as mentioned, they doesn't matter
    anymore, because today the buggers can mix all of the features.

    -- Lassi (who started with Teletypes and punched tape in 1972)
     
    Lassi =?iso-8859-1?Q?Hippel=E4inen?=, May 20, 2004
    #10
  11. =?iso-8859-1?Q?Hippel=E4inen?=
    In particular, a Trojan is generally targeted at the one person or machine
    that gets the malware. Viruses and worms are meant to distribute
    themselves. In its operation, a virus creates a trojan.

    Alun.
    ~~~~

    [Please don't email posters, if a Usenet response is appropriate.]
     
    Alun Jones [MS MVP - Security], May 20, 2004
    #11
  12. Peter Meister

    Bill Unruh Guest

    (Alun Jones [MS MVP - Security]) writes:

    ]In article <>, Lassi
    ]=?iso-8859-1?Q?Hippel=E4inen?=
    ]>Once upon a time there were distinctions. The difference between a virus
    ]>and trojan was in motivation. Viruses try to spread as much as possible,
    ]>and often send information about their hosts to the attacker. Trojans
    ]>try to give control of the infected machine to the attacker.

    ]In particular, a Trojan is generally targeted at the one person or machine
    ]that gets the malware. Viruses and worms are meant to distribute
    ]themselves. In its operation, a virus creates a trojan.

    ?? Trojan-- From Trojan horse-- When the greek city troops could not
    breach teh walls of Troy, they left with a gift to the Trojans to
    propitiate them of a giant wooden horse. The Trojans pulled the horse
    into the city. That night the greeks hidden in the horse came out,
    opened the gates ofthe city and Troy was destroyed.

    By analogy, an attractive programme which contains hidden within it a
    piece of malware, so when the attractive program is run, the malware is
    also run, breaching the security of the machine. It is something which
    requires the action of accepting and running the attractive offering to
    bring up the malware. Many email "viruses" propagate via trojans.

    A worm is something which finds a soft entry and tunnels into a machine.
    Ie, it propagates via hidden defects in the software of the system.
    The old Morris sendmail would I think be a worm.

    Ie, worms and trojans refer to the method of propagation. A virus could
    propagate by means of a trojan. A virus could replicate by means of
    trojans.

    (It is a shame that the people who got destroyed by the hidden men
    should in addition have their name sullied by being attached to the means of destruction.
    The horse should really have been called Ulysses's Horse, since it was
    his idea, he being a wiley artifacer, and the means of propagation should be
    called a Ulysses. )
     
    Bill Unruh, May 20, 2004
    #12
  13. Peter Meister

    kurt wismer Guest

    they always good mix all the features - why they didn't start doing so
    much earlier, i have no idea...
     
    kurt wismer, May 21, 2004
    #13
  14. Peter Meister

    kurt wismer Guest

    kurt wismer wrote:
    [snip]
    oh, that's embarrassing... should be "they always could mix all the
    features"... i have no idea how "good" got in there...
     
    kurt wismer, May 21, 2004
    #14
  15. Peter Meister

    Tim Smith Guest

    The definitions of these terms is kind of in flux. If you Google around,
    you'll find conflicting definitions of these and other pest-related terms.
    Virus seems to be becoming a generic term that includes worms, trojans, and
    other pests.

    Looking at usage in the non-technical media, I think "worm" might be going
    in that direction, too.

    Even "trojan", which should be easy to get right, since its origin is the
    Trojan Horse story, seems to be getting misused enough that it will probably
    have its meaning change to match that misusage. I have seen "trojan" used a
    lot for programs that let a remote person do things on your computer.
    Technically, to be a trojan, that program needs to have been let on to the
    computer by the user who thought it was something else, but people are
    applying it to programs that get on through worms.
     
    Tim Smith, May 22, 2004
    #15
  16. Peter Meister

    Mark Steward Guest

    Ah, but the Trojans didn't write the book...

    Anyway, Trojan probably means "related to Troy": it the horse they used at
    Troy, not a Trojan-horse. The supposed inventor was (as you pointed out)
    notoriously cunning, so his name was so often as an insult that the more
    specific meaning probably wouldn't have stuck .

    And writing Odysseus (Latin Ulysses) would just confuse everybody - we all
    know how much difficulty there is between virii and viruses...

    BTW, is cross-posting generally between these newsgroups generally accepted?

    Mark
     
    Mark Steward, May 24, 2004
    #16
  17. On Thu, 20 May 2004, Bill Unruh wrote:
    [snip]
    Possibilities:
    1. The horse was named after the battle.
    2. The horse was named after the city it was taken into.
    3. The horse was named after the people that were suckered in.
    4. Ulysses had better/worse PR (depending on your point of view).

    Many have heard the story of what allegedly happened to the cities of
    Sodom and Gomorrah, and most people have heard of "sodomy", a practice
    named after the city of Sodom, but nobody that I know of has named any
    practice after the city of Gomorrah. I think that's unfair[1]. :)

    [1] Exactly *which* of the two cities it's unfair to is another matter.
     
    Norman L. DeForest, May 24, 2004
    #17
  18. According to the Gay & Black Glossary (
    http://mindprod.com/ggloss/gomorrahy.html ), "gomorrahy" is "the
    Canadian legal term for fisting (both vaginal and anal insertion of a
    hand), footing (both vaginal and anal), and stumping (both vaginal and
    anal insertion of an amputated stump)." In other words, gomorrahy -
    a.k.a. the Sin of Gomorrah - is extremity insertion (it being understood
    that the penis is no more an extremity than it is a middle leg).

    Book of Gomorrah
     
    Book of Gomorrah, May 25, 2004
    #18
  19. So, now I'll know in case that ever comes up on "Jeopardy".

    ....what is Gomorrahy, Alex? (Canada clue?)
     
    FromTheRafters, May 26, 2004
    #19
  20. Peter Meister

    mike3 Guest

    All viruses, including worms, can replicate once inside a computer.
    Trojans are just programs that promise one thing but do something
    completely different (and usually something bad) -- for instance a
    program might promise to be a cool game but when executed it wipes
    your hard disk. But they _do_not_replicate_. Viruses (including worms)
    REPLICATE. Trojans do not. Since a virus and worm are pretty much the
    same thing, a self-replicating program, the difference is in the means
    of execution. File viruses simply piggyback on other programs within
    the computer they infect, so they require the user to activate or copy
    these programs to multiply and spread to other computers. Worm viruses
    are 100% self-contained, they do not require piggybacking on another
    program to be executed. Usually the user just executes the virus, it
    installs itself into the registry, and proceeds to e-mail or otherwise
    propagate itself. Trojans are just scraps of harmful code that do not
    replicate at all. Trojans CAN NOT REPLICATE ON THEIR OWN. For the
    analogy to a biological system, a virus/worm is the equivalent of a
    biological virus, whereas a trojan is some sort of toxic chemical or
    gene. The toxic chemical cannot make more of itself, but the virus
    can.
     
    mike3, Jun 3, 2004
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.