What is the difference between a worm and a trojan ?

Discussion in 'Security Software' started by Peter Meister, May 19, 2004.

  1. Ok, I know the difference between a virus and a trojan. But what is the difference between a worm
    and a trojan? Is the one a subset of the other type or are they completele different ?

    Peter
     
    Peter Meister, May 19, 2004
    #1
    1. Advertisements

  2. Peter Meister

    Bit Twister Guest

    A worm could install a trojan.

    A trojan is malware which allows crackers into your system through a backdoor.
    A worm is malware which infectects your system and spreads by it's self.
    It may carry a trojan as a payload.
     
    Bit Twister, May 19, 2004
    #2
    1. Advertisements

  3. A worm is a self-replicating piece of code that doesn't require the user
    to take action in order to activate it. It infects a machine, then goes
    looking for other machines to infect, all the while unattended and most
    likely unnoticed by the user. Worms are typically self-contained; i.e.
    they don't infect other files.
    A trojan is a program that appears to be something it's not; typically
    something interesting, amusing or beneficial. It can masquerade as a utility
    ("Click here to protect your computer against viruses!") or as something
    else ("Click here to see Britny naked!").
     
    Ben M. Schorr, MVP-OneNote, May 19, 2004
    #3
  4. Peter Meister

    Phil Weldon Guest

    A virus for computer systems changes the way part of a program or operating
    system operates by taking advantage of security flaws. A virus does not
    necessarily spread from an infected system to other systems.

    A 'worm' is a virus that spreads itself by using the systems it infects
    to spread to other machines through the Internet or through other networks.
    The 'Swen' worm is a good example; it harvests email addresses from Usenet
    newsgroups and from storage on infected systems, then emails infectious
    messages to those harvested addresses. Sasser is also a worm.

    A trojan has the specific purpose of allowing outside access to a computer
    system; the infected system can be controlled by a remote system, and data
    can be transfer to the remote system as well. A trojan can be spread by a
    virus.

    Spyware collects data from the system it compromises and communicates that
    data to a remote source; it isn't a virus because it doesn't really
    'infect' the system, but is installed as a program (or a cookie) without the
    explicit consent of the system owner.

    On the other hand, there are a million stories in the internet, and nearly
    as many definitions.

    --
    Phil Weldon, pweldonatmindjumpdotcom
    For communication,
    replace "at" with the 'at sign'
    replace "mindjump" with "mindspring."
    replace "dot" with "."
     
    Phil Weldon, May 19, 2004
    #4
  5. Peter Meister

    null Guest

    Since both viruses and worms "spread", the question is usually "what's
    the difference between a virus and a worm?" I found one non-technical
    answer that may be sufficient to give you the basic idea:

    http://www.bsu.edu/ucs/article/0,1370,6188-1940-4488,00.html


    Art
    http://www.epix.net/~artnpeg
     
    null, May 19, 2004
    #5
  6. Peter Meister

    StarScripter Guest

    Peter Meister wrote:
    | Ok, I know the difference between a virus and a trojan. But what is
    | the difference between a worm and a trojan? Is the one a subset of
    | the other type or are they completele different ?
    |
    | Peter

    From the Microsoft Computer Dictionary:

    worm n. A program that propagates itself across computers, usually by
    creating copies of itself in each computer's memory. A worm might
    duplicate itself in one computer so often that it causes the computer to
    crash. Sometimes written in separate segments, a worm is introduced
    surreptitiously into a host system either as a prank or with the intent
    of damaging or destroying information. See also bacterium, Internet
    Worm, Trojan horse, virus.


    Trojan horse n. A destructive program disguised as a game, utility, or
    application. When run, a Trojan horse does something harmful to the
    computer system while appearing to do something useful. See also virus,
    worm.


    virus n. An intrusive program that infects computer files by inserting
    in those files copies of itself. The copies are usually executed when
    the file is loaded into memory, allowing the virus to infect still other
    files, and so on. Viruses often have damaging side effects-sometimes
    intentionally, sometimes not. For example, some viruses can destroy a
    computer's hard disk or take up memory space that could otherwise be
    used by programs. See also Good Times virus, Trojan horse, worm.
     
    StarScripter, May 19, 2004
    #6
  7. Peter Meister

    kurt wismer Guest

    that part is debatable... if you add that criteria we're left with a
    wide variety of self-replicating malware that has no classification...
     
    kurt wismer, May 19, 2004
    #7
  8. All of these terms are *aspects* of certain malware programs.
    Generally, trojans don't replicate. However, Phatbot trojan
    has adopted worm function, and so becomes a worm as well
    as whatever else it is. The terms only really become clear if
    one talks about each in its purest form.

    A trojan appears (for some reason) to be something desireable,
    and yet has a function that is decidedly *not* desired. It may or
    may not alspo supply the desired function.

    Both worm and virus are self-replicating programs which may or
    may not have any other function than replication. The difference
    between worm and virus (IMO) is in the way that they replicate.

    This has been discussed many many many times in a.c.v. where
    I have been known to hang out. Not many agree with me, but
    that's my story - and I'm stickin' to it.
     
    FromTheRafters, May 20, 2004
    #8
  9. Many worms require human interaction in order to function, in fact
    most of the more common ones do. The most pure forms of worm
    do infact do as you say, however it is not a defining factor.
    Some definitions do indeed say this, but it is an inadequate definition
    because some worms don't do *this* either.
    Superfluous, but not incorrect.
    Usually referred to as "does not *need* to infect programs", as opposed
    to viruses which *do* need to infect programs.

    (files are not the only things that can be considered programs)
    ....or is something else in addition to what it appears to be.
     
    FromTheRafters, May 20, 2004
    #9
  10. Peter Meister

    data64 Guest

    (Peter Meister) wrote in online.com:
    What is the difference between a virus and a worm ?

    data64
     
    data64, May 20, 2004
    #10
  11. Peter Meister

    kurt wismer Guest

    both are self-replicating malware... a virus must be able to 'infect' a
    host 'program' and a worm must be able to reproduce without infecting
    a host program (where 'program' is understood to mean 'a sequence of
    executable or interpretable instructions' and 'infect' is understood to
    mean 'attach to a host in such a way that when an attempt is made to
    execute the host the infector executes as well as or instead of the
    host')...

    of course these are not mutually exclusive, a worm that can also infect
    or a virus that can also spread without infecting is allowed -
    worm/virus hybrids are sometimes lumped into the blanket term 'blended
    threat'...
     
    kurt wismer, May 20, 2004
    #11
  12. kurt wismer wrote:
    That's one reason why the taxonomy of malware has lost its meaning. Many
    of them try to do many things.

    Once upon a time there were distinctions. The difference between a virus
    and trojan was in motivation. Viruses try to spread as much as possible,
    and often send information about their hosts to the attacker. Trojans
    try to give control of the infected machine to the attacker.

    The subdivision virus vs. worm was historic. First viruses had to store
    themselves on floppies, because sneakernet was the only medium
    available. When networked computers became common, it was enough to
    infect a running application instance (worm). You could get rid of a
    worm by turning power off.

    But as mentioned, the differences don't count anymore.

    -- Lassi
     
    Lassi Hippeläinen, May 20, 2004
    #12
  13. Peter Meister

    kurt wismer Guest

    i'm afraid you are mistaken...
    a) you're apparently mistaking backdoor trojans for all trojans - not
    all are intended to give remote access, that's a relatively new
    capability...
    b) virus infection creates a trojan out of the host program - it always
    has done...
    viruses didn't have to do any such thing... viruses infected programs,
    they always did... those programs may be on the floppy disk or the user
    may later move them on to a floppy disk... regardless, programs were
    shared often enough that no special effort needed to be made to ensure
    distribution between machines...
    that's an issue of how it's implemented, not how it's defined...
    respectfully, i think it may be that you were misunderstanding the
    differences in the first place... it's not hard, there are no end of
    computer jargon files out there that people think are authoritative but
    are in fact woefully inadequate when they attempt to cover this field
    with a few short lines... i've been following this field for the past
    15 years and i can't think of a single instance of a major redefinition
    of any of the principle concepts (virus, worm, or trojan) during that
    time...
     
    kurt wismer, May 20, 2004
    #13
  14. No, I was simplifying (maybe too far). I tried to show the architectural
    differences in malware types. But as mentioned, they doesn't matter
    anymore, because today the buggers can mix all of the features.

    -- Lassi (who started with Teletypes and punched tape in 1972)
     
    Lassi Hippeläinen, May 20, 2004
    #14
  15. =?iso-8859-1?Q?Hippel=E4inen?=
    In particular, a Trojan is generally targeted at the one person or machine
    that gets the malware. Viruses and worms are meant to distribute
    themselves. In its operation, a virus creates a trojan.

    Alun.
    ~~~~

    [Please don't email posters, if a Usenet response is appropriate.]
     
    Alun Jones [MS MVP - Security], May 20, 2004
    #15
  16. Peter Meister

    Bill Unruh Guest

    (Alun Jones [MS MVP - Security]) writes:

    ]In article <>, Lassi
    ]=?iso-8859-1?Q?Hippel=E4inen?=
    ]>Once upon a time there were distinctions. The difference between a virus
    ]>and trojan was in motivation. Viruses try to spread as much as possible,
    ]>and often send information about their hosts to the attacker. Trojans
    ]>try to give control of the infected machine to the attacker.

    ]In particular, a Trojan is generally targeted at the one person or machine
    ]that gets the malware. Viruses and worms are meant to distribute
    ]themselves. In its operation, a virus creates a trojan.

    ?? Trojan-- From Trojan horse-- When the greek city troops could not
    breach teh walls of Troy, they left with a gift to the Trojans to
    propitiate them of a giant wooden horse. The Trojans pulled the horse
    into the city. That night the greeks hidden in the horse came out,
    opened the gates ofthe city and Troy was destroyed.

    By analogy, an attractive programme which contains hidden within it a
    piece of malware, so when the attractive program is run, the malware is
    also run, breaching the security of the machine. It is something which
    requires the action of accepting and running the attractive offering to
    bring up the malware. Many email "viruses" propagate via trojans.

    A worm is something which finds a soft entry and tunnels into a machine.
    Ie, it propagates via hidden defects in the software of the system.
    The old Morris sendmail would I think be a worm.

    Ie, worms and trojans refer to the method of propagation. A virus could
    propagate by means of a trojan. A virus could replicate by means of
    trojans.

    (It is a shame that the people who got destroyed by the hidden men
    should in addition have their name sullied by being attached to the means of destruction.
    The horse should really have been called Ulysses's Horse, since it was
    his idea, he being a wiley artifacer, and the means of propagation should be
    called a Ulysses. )
     
    Bill Unruh, May 20, 2004
    #16
  17. Peter Meister

    MisterKurtz Guest


    So where do the condoms come in?


    Kurtz
     
    MisterKurtz, May 20, 2004
    #17
  18. Peter Meister

    Phil Weldon Guest

    Insult to injury?

    --
    Phil Weldon, pweldonatmindjumpdotcom
    For communication,
    replace "at" with the 'at sign'
    replace "mindjump" with "mindspring."
    replace "dot" with "."


     
    Phil Weldon, May 21, 2004
    #18
  19. Peter Meister

    kurt wismer Guest

    they always good mix all the features - why they didn't start doing so
    much earlier, i have no idea...
     
    kurt wismer, May 21, 2004
    #19
  20. Peter Meister

    kurt wismer Guest

    kurt wismer wrote:
    [snip]
    oh, that's embarrassing... should be "they always could mix all the
    features"... i have no idea how "good" got in there...
     
    kurt wismer, May 21, 2004
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.