From: Aron Roberts (aron@socrates.berkeley.edu)
Date: Thu Nov 07 2002 - 15:17:43 PST
At 13:21 -0800 2002-11-07, Bruce Satow wrote:
>This page is quite informative.
>
>http://www.anti-trojan.net/en/home.aspx
Thanks, Bruce, for this reference!
A minor nit: this page page claims that trojans "... or often
called backdoors ... run every time you boot up your machine" and
"open... a port (channel) ... which can be used by an attacker to
connect to your computer."
That's overly specific. Not all trojans set up 'backdoors,' run at
every boot, or offer a mechanism for outsiders to connect to, or
control, your computer over a network.
The 'classic' definition of a trojan is much broader: a computer
program that pretends to be something that it is not. Typically,
trojans masquerade as system utilities, file viewers, games, or some
other type of useful or fun program, but also (or instead) perform
some non-stated action(s). Often these actions are destructive, but
some trojans perform actions which are merely annoying ... or even
inconsequential.
The following is a set of definitions for the term "trojan horse"
gathered from a variety of sources by "Google Glossary," an
automated, experimental service on the "Labs" site of the Google
search engine. See also the 'related phrases' at the top of this
page:
http://labs.google.com/glossary?q=trojan+horse
The following is my idiosyncratic, high level summary of the
differences between "viruses," "worms," and "trojans":
- A "virus" is a piece of computer code that replicates by attaching
itself to other code.
Viruses typically attach themselves to code in existing files, on
boot sectors of volumes, and the like. They intercept calls to
legitimate functions performed by such code and run their own code
to replicate themselves or carry out their other actions, destructive
or otherwise. They may then allow the original code to continue
executing.
- A "worm" is a piece of computer code that replicates by
copying itself to other computers over a network, but without
specifically attaching itself to other code.
Worms typically copy one or more whole files from one computer
to another. Once copied to a new computer, they may then perform
various actions, destructive or otherwise.
- A "trojan" (aka "trojan horse") is a piece of computer code that
purports to carry out one or more stated purposes, but also -- or
instead -- performs one or more different, unstated actions.
Just to clarify further: viruses, worms, and trojans might be, or
might not be, destructive, whether intentionally or unintentionally.
(Some which were intended by their authors to be benign -- perhaps
intended just to replicate, and perhaps display "I was here"-type
messages -- were badly programmed and thus inadvertently have caused
harm, while others which were intended to be malicious have turned
out to have had few deleterious effects, again due to programmer
error.)
Furthermore, viruses and trojans might, or might not, directly use
network services. Worms almost always do so.
Finally, some miscreants can combine features of one, two, or all
three of these types. For instance, some trojans have been used as a
means of spreading viruses, worms, or both. As another, more
concrete example, some Microsoft Word "macro" viruses are written
simply to spread from document to document on a single computer, and
are only inadvertently propagated to other computers when they are
sent as e-mail attachments or saved on network-mounted volumes. Some
other Word macro viruses not only attach themselves to other
documents, but may also contain 'worm' code which allows them to
control other applications (such as Microsoft Outlook) to actively
send themselves to other users via e-mail.
Aron Roberts
Workstation Software Support Group
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
This archive was generated by hypermail 2b29 : Thu Nov 07 2002 - 15:22:27 PST