Virus, Worm Trojan Horse, Hoax Date: Fri, 17 Sep 1999 23:52:56 -0500 (CDT) From: Dennis Budd A virus is a piece of software that attaches itself to a program (i.e., the "host") and uses the host as modified by the virus to replicate itself, very much like the biological life forms it is named after. It may have other effects, ranging from random messages to major erasure of files, but those are in addition to the property of replication. A "worm" is a piece of software that replicates itself, traveling from computer to computer, *without* relying on a host program. Robert Morris's infamous Internet "worm" of 1989, which brought thousands of Unix systems around the country to their knees, was the first famous example. Again, a worm may have other effects, but they are not what defines it as a worm. In the case of the Morris worm, its massive consequences were the result of an unintended bug in the program that caused it to replicate thousands of copies of itself in one fell swoop instead of just one; had it functioned as he had intended, it would have spread to every vulnerable computer in the Internet without necessarily having been detected by anyone. Again, a "worm" may or may not have other effects built into it. A Trojan Horse is a program that on the surface provides something its unsuspecting victim wants, but when loaded and executed does something else, either instead of or in addition to its advertised purpose. It of course is named after the historic Trojan Horse that brought about the downfall of Troy. Since Trojan Horses are not in and of themselves intended to replicate, many of them do pretty nasty things, which is not particularly true of the majority of viruses. A Trojan Horse sent along with a hoax can steal the user's personal login information. A program can be both a virus and a Trojan, in that it offers you something nice, but when you execute it, it infects critical files on your computer with the purpose of replicating itself. Happy99.exe was such a program. Happy99 combined elements of both a virus and a worm in that it required the ability to infect the WINSOCK.DLL file (which all Internet access in Windows 95 goes through) in order to spread (i.e., a virus), but the resulting spawned copies spread through E-mail on their own (i.e. a worm). And the Trojan part was the nice fireworks display on the victim's computer screen as the program did its dirty work of infecting Windows 95. Increasingly we are seeing other programs that combine elements of all three. From the People Who Net documents (ed): Up-to-date information on viri and urban legends. http://www.symantec.com/avcenter/index.html and/or the real lists of viruses http://www.virusbtn.com/ Hoaxes http://www.av.ibm.com/BreakingNews/HypeAlert/ (mostly viruses) http://www.datafellows.fi/news/hoax.htm http://www.urbanlegends.com/ http://www.nonprofit.net/hoax/hoax.html http://www.cybernothing.org/faqs/net-abuse-faq.html http://kumite.com/myths/fas/fas-gt.htm http://kumite.com/myths/fas/ http://www.cancer.org/chain.html American Cancer Society re CA hoax. http://ciac.llnl.gov/ciac/CIACHoaxes.html http://kumite.com/myths/ http://www.yale.edu/its/security/virus-hoaxes.html http://www.stiller.com/Undel.htm http://www.symantec.com/avcenter/hoax.html Spam http://spam.abuse.net/ http://digital.net/~gandalf/spamfaq.html All fraud including internet http://www.fraud.org/