[Dshield] Economic statistics
keith at keithbergen.com
Wed Oct 1 18:10:21 GMT 2003
---- Original message ----
>Date: Wed, 01 Oct 2003 09:54:46 -0700
>From: John Hardin <johnh at aproposretail.com>
>Subject: Re: [Dshield] Economic statistics
>To: General DShield Discussion List <list at dshield.org>
>On Tue, 2003-09-30 at 12:23,
Andrew.Patrick at kemperservices.com wrote:
>> >the difference between a virus and a worm lies
>> >with the mode of replication, does it not? I once
>> >had this down pat, but lack of discussion has
>> >made my memory foggy.
>> Actually, I believe that, technically, worms are a subset
of viruses (i.e.
>> all worms are also viruses, but not all viruses are worms).
>Huh? Since when do worms spread by infecting other programs?
>> The defining characteristic of a worm, as opposed to other
>> viruses, is that a worm does not require any human action
>Really? Lots of viruses spread without human interaction.
>How about this:
>A virus is program code that spreads by attaching itself to
>legitimate program or document files. It must have write
access to files
>in order to spread. If those programs or documents are
>other computers, or are on shared storage, it will be able
to spread to
>other computers when the infected file is accessed. This may
or may not
>require user action depending on the nature of the infected
>(consider, for example, an infected file that is called from
>network-wide user login script).
>A worm is program code that spreads by directly attacking
>systems, either through a flaw in a network service that
allows the worm
>to inject its code into the new system, or through a flaw in
>tool that a user uses to process the file when it's
>divides worms into two categories: autonomous, which
>publicly visible system services without human intervention,
and ... uh
>... (somebody suggest a better name than non-autonomous)
>the user to interact (if only to the extent of starting
>Perhaps: viruses attack files, worms attack services?
I agree with these. I offer up another definition to simplify.
A worm is a virus that will propagate by itself, or without
MBlaster worm attached automatically to a vulnerable
computer, and then used that computer to start attacking
others. The user of the computer never saw anything.
A virus is spread by somebody reading an infected email, or
going to an infected web page, or running a program of some
More information about the list