[3120] in WWW Security List Archive
Re: New and destructive word macro virus
daemon@ATHENA.MIT.EDU (Jacob Rose)
Sun Sep 29 16:50:28 1996
Date: Sat, 28 Sep 1996 23:15:19 -0400 (EDT)
From: Jacob Rose <jacob@whiteshell.com>
To: Nir Soffer <scorpios@cs.huji.ac.il>
Cc: "David W. Morris" <dwm@shell.portal.com>,
John Cronin <John.Cronin@oit.gatech.edu>,
"David M. Chess" <CHESS@watson.ibm.com>, www-security@ns2.rutgers.edu
In-Reply-To: <Pine.SUN.3.91-heb-2.05.960928175308.728A-100000@bagel.cs.huji.ac.il>
Errors-To: owner-www-security@ns2.rutgers.edu
> That all depends on how you define a virus, I for one define a virus as a
> piece of code that replicates itself via other pieces of code, just like
> a real life virus does, lives parasitaclly (sic) on the host of the body
Yes, definitely. A cancelbot is not (necessarily; I mean, it could be) a
virus. If you think "malicious code"=="virus" you should also remember to
scrub after booting from floppy; you don't want to catch FORM!
> until the body dies, and moves from diffrent cells to other cells. What
> you are describing here is what I define as a trojan - i.e - A piece of
> code that does something diffrent then you'd expect from it, often
Not necessarily, either. The Internet Worm was not a trojan or a virus
(though it may have had a viral stage, I can't remember); it was a worm; a
self-replicating *process* rather than a segment of code.
A trojan is a "gift" which purports to do one thing for you while
doing something else, like e-mailing your marketing data to Bill Gates.
Not all malicious software is a virus, worm, or trojan. Not all
reproductive code is malicious, either. Genetic algorithms, for instance,
produce routines through the process of natural selection (yes,
Virginia, evolution works) in an artificial environment in which
accomplishing-the-user's-goal is the ultimate reproductive strategy.
There are statistical packages on the market that do this successfully all
the time.
> maliciously. AFAIK virii are impossible on all UNIX systems , since there
> is no way (I know of, please correct me if I'm wrong) to trap instances
> other processes are started and then infect them (I'm not even sure that
You're trying to mix "worm" and "virus" - a worm doesn't infect other
processes, it infects other hosts (or, I suppose, other process spaces in
general). A virus doesn't infect hosts (not directly, anyway), it infects
binaries. Viruses and worms are both feasible under UNIX, but they are
made complicated by the many incompatible systems; different byte orders,
different binary formats, different file systems, different processors,
etc. There are a LOT of UNIX variations; very few platform-specific-OS
variations (one flavor of Windows 95 running on one hardware model with
one or two file systems and highly related processors, etc). They're also
limited by the protections of UNIX (ie, a DOS virus might infect the
boot files, but a UNIX virus would only have access to these if run by
root).
> Hmm. The line between a worm and a virus is a very fine line, I define
> worms as pieces of code who spread themselves via network holes. (as
> opposed to procesess that lurk around and wait for other programs to be
> executed and then infect them.). It's all a matter of semantics.
So is the difference between a "wrench" and a "hammer," but I like to
keep the two semantically differentiated!
Jacob Rose Hmm. Cheap petroleum-based consumer goods
jacob@whiteshell.com or clean air... ...let me think about it.
--------------------------------------------------------------------------
You have fifteen minutes to save the world. START NOW!
--------------------------------------------------------------------------
