[Dshield] Economic statistics

Keith Bergen keith at keithbergen.com
Wed Oct 1 18:10:21 GMT 2003

---- Original message ----
>Date: Wed, 01 Oct 2003 09:54:46 -0700
>From: John Hardin <johnh at aproposretail.com>  
>Subject: Re: [Dshield] Economic statistics  
>To: General DShield Discussion List <list at dshield.org>
>On Tue, 2003-09-30 at 12:23, 
Andrew.Patrick at kemperservices.com wrote:
>> >the difference between a virus and a worm lies
>> >with the mode of replication, does it not? I once
>> >had this down pat, but lack of discussion has
>> >made my memory foggy.
>> Actually, I believe that, technically, worms are a subset 
of viruses (i.e.
>> all worms are also viruses, but not all viruses are worms).
>Huh? Since when do worms spread by infecting other programs?
>> The defining characteristic of a worm, as opposed to other 
types of
>> viruses, is that a worm does not require any human action 
>> spread....
>Really? Lots of viruses spread without human interaction.
>How about this:
>A virus is program code that spreads by attaching itself to 
>legitimate program or document files. It must have write 
access to files
>in order to spread. If those programs or documents are 
transmitted to
>other computers, or are on shared storage, it will be able 
to spread to
>other computers when the infected file is accessed. This may 
or may not
>require user action depending on the nature of the infected 
>(consider, for example, an infected file that is called from 
>network-wide user login script).
>A worm is program code that spreads by directly attacking 
>systems, either through a flaw in a network service that 
allows the worm
>to inject its code into the new system, or through a flaw in 
some user
>tool that a user uses to process the file when it's 
received. This
>divides worms into two categories: autonomous, which 
directly attack
>publicly visible system services without human intervention, 
and ... uh
>... (somebody suggest a better name than non-autonomous) 
that require
>the user to interact (if only to the extent of starting 
Outlook to
>retrieve messages). 
>Perhaps: viruses attack files, worms attack services?

I agree with these. I offer up another definition to simplify.

A worm is a virus that will propagate by itself, or without 
user interaction.

MBlaster worm attached automatically to a vulnerable 
computer, and then used that computer to start attacking 
others. The user of the computer never saw anything.

A virus is spread by somebody reading an infected email, or 
going to an infected web page, or running a program of some 


More information about the list mailing list