From: Dustin Cook on
"Jenn" <me(a)nowhere.whocareswhatthisemailisanyway> wrote in
news:hqi03b$jt2$1(a)news.eternal-september.org:

> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> news:hqau9t02cg1(a)news3.newsguy.com...
>> From: "blackhead" <larryharson(a)softhome.net>
>>
>> | I've managed to remove this virus from my computer several times,
>> | and it keeps reappearing. I've run Trend's Housecall anti-virus
>> | program and it doesn't find any thing.
>>
>> | Thanks for your help
>>
>> It is not a virus. It is a type of trojan and it is malware but it
>> is NOT a virus.
>>
>> Download, install, update and then execute, Malwarebytes'
>> Anti-Malware http://www.malwarebytes.org/mbam/program/mbam-setup.exe
>>
>
>
> What is the difference between a virus, a trojan, and malware??

Malware is a general classification for all of them.

A virus replicates it's own code either into your programs, documents,
html, or by companion (.com files will execute before .exes; so a
companion virus would pick the name notepad.com, and leave your
notepad.exe). An appender, prepender or cavity infector on the other hand
will modify your notepad.exe and not create a seperate .com file.

A trojan is a program which claims to do one thing, but does something
else; often without the user knowing.

AntivirusXP2010 is a trojan, but not a virus.

> thanks,



--
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge
this boulder right down a cliff." - Goblin Warrior

From: FromTheRafters on
"Jenn" <me(a)nowhere.whocareswhatthisemailisanyway> wrote in message
news:hqi03b$jt2$1(a)news.eternal-september.org...
> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> news:hqau9t02cg1(a)news3.newsguy.com...
>> From: "blackhead" <larryharson(a)softhome.net>
>>
>> | I've managed to remove this virus from my computer several times,
>> and
>> | it keeps reappearing. I've run Trend's Housecall anti-virus program
>> | and it doesn't find any thing.
>>
>> | Thanks for your help
>>
>> It is not a virus. It is a type of trojan and it is malware but it
>> is NOT a virus.
>>
>> Download, install, update and then execute, Malwarebytes'
>> Anti-Malware
>> http://www.malwarebytes.org/mbam/program/mbam-setup.exe
>>
>
>
> What is the difference between a virus, a trojan, and malware??

Malware is a sort of contraction for malicious software. It doesn't
matter what *kind* of malicious software. Software is both code and
data, you can have maliciously crafted data as well as maliciously
applied "programs".

A trojan is a program that does something undesired by the user, instead
of or in addition to what the users desires. One such 'trojan' has a
unique feature, the 'undesired' aspect can replicate itself - and can
infect other programs with the replicant, thus making them trojans as
well. Because of the replication and infection properties (generating
trojans as it goes about), emergent behavior (and the ability to
"evolve" or polymorph) makes it worthy of its own classification.
So...we call it a virus - and leave the term trojan to cover the
non-replicators.

As far as I can tell, the current thinking is:

It is a trojan, unless it self-replicates, in which case it is called a
virus, unless it doesn't *need* to infect programs in order to replicate
and spread, in which case it is a worm.

It bears keeping in mind that just because something is undesired,
doesn't make it *malicious*. Just because something replicates, doesn't
mean it is *malicious*. Just because it infects, doesn't make it
*malicious* (but you would be hard pressed to find an example of
non-malicious infection).


From: David H. Lipman on
From: "Jenn" <nope(a)noway.atnohow.anyday>

| See below.. I put all your definitions together (thanks, btw) to see if I
| could make sense of it all...
| I do understand what Malware is now.

>>Malware:
>>Ant: Malware is a shortening of "malicious software" and includes both the
>>above and any other terms people use for this stuff.

>>Dustin:Malware is a general classification for all of them.

>>FromTheRafters: Malware is a sort of contraction for malicious software. It
>>doesn't
>>matter what *kind* of malicious software. Software is both code and
>>data, you can have maliciously crafted data as well as maliciously
>>applied "programs".

| ---
| So far I understand this about Virus's.........

>>Virus:
>>Ant says: A virus infects other files so it can spread (like the biological
>>virus).

| ---
| This part I'm confused about. How does it replicate and why?... what's an
| appender/prepender/cavity infector?

>>Dustin: A virus replicates it's own code either into your programs,
>>documents,
>>html, or by companion (.com files will execute before .exes; so a
>>companion virus would pick the name notepad.com, and leave your
>>notepad.exe). An appender, prepender or cavity infector on the other hand
>>will modify your notepad.exe and not create a seperate .com file.

| ------------

>>Trojan:
>>Ant: A trojan is something you wouldn't want pretending to be something
>>harmless or that you might want (like the famous horse of Troy). It
>>doesn't spread by file-infection.

>>Dustin: A trojan is a program which claims to do one thing, but does
>>something
>>else; often without the user knowing.

| ok.. I understand the first 2 comments above...


| Below.. I'm kind of not understanding.....


>>FromTheRafters: A trojan is a program that does something undesired by the
>>user, instead
>>of or in addition to what the users desires. One such 'trojan' has a
>>unique feature, the 'undesired' aspect can replicate itself - and can
>>infect other programs with the replicant, thus making them trojans as
>>well. Because of the replication and infection properties (generating
>>trojans as it goes about), emergent behavior (and the ability to
>>"evolve" or polymorph) makes it worthy of its own classification.
>>So...we call it a virus - and leave the term trojan to cover the
>>non-replicators.
>>As far as I can tell, the current thinking is:

>>It is a trojan, unless it self-replicates, in which case it is called a
>>virus, unless it doesn't *need* to infect programs in order to replicate
>>and spread, in which case it is a worm.

>>It bears keeping in mind that just because something is undesired,
>>doesn't make it *malicious*. Just because something replicates, doesn't
>>mean it is *malicious*. Just because it infects, doesn't make it
>>*malicious* (but you would be hard pressed to find an example of
>>non-malicious infection).


Viruses self replicate. One way they do this by inserting code into other executables.
The code can be inserted at the beginning -- prepended
The code can be placed at the end -- appended
The code can be inserted somewhere in the middle -- cavity
These are file infectors.

Others use disk sectors such as a boot sector as in the NYB and Form viruses.

Others use scripting languages embedded in a product such as the macro laguage of the MS
Office Suite. These are called Macro Viruses.
{To me any malware the self replicates and only lives only inside a host application are
parasites but that never causght on.}
Macro Viruses cross platforms. A Macro Virus can be equally virulent on MS Office on a
Windows platform as a MAC platform as they share the same data files and macro language.
This is also true for a virus written for a language such as Sun Java for their Virtual
Machine (VM) which runs under many operating systems.

Once other executables are "infected" they too can "infect" other executables and thus the
code spreads.

Internet worms use network protocols to spread. Thus Internet worms may be deemed as
viruses.
Email, NNTP, NetBIOS, SMB are all network protocols that have been used.

Trojans don't self replicate. They need assistance to get into a computer and "infect"
them. They could use the software vulnerabiliy/exploitation vector or Social Engineering
which is the human vulnerabiliy/exploitation vector.

In any case all "malware" have an intended purpose called a payload. Trojans and Viruses
can have the same or similar payload. The difference is the transmittal modal.
Usually however they don't have the same payload.

Trojans can be further broken down to sub-types depending on their payload. Examples:
Browser Helper Objects (BHOs), Remote Access Trojans (RATs), keyloggers, data stealers,
banker/bancos, adware, spyware, etc...

Note that it is possible for a trojan to be infected with a virus. An example would an
IRC Trojan infected by the Parite virus.



--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


From: FromTheRafters on
"Jenn" <nope(a)noway.atnohow.anyday> wrote in message
news:hqr2q6$u70$1(a)news.eternal-september.org...

[...]

> This part I'm confused about. How does it replicate and why?

By reading itself (or a description of itself) and writing itself
elsewhere. In the modern definitions, it writes itself to a position
where its code will execute when another program is called upon to
execute (called "infection"). This other (infected) program is "hosting"
the virus - as the virus cannot exist without being hosted - it has no
"file" or other program container of its own.

So far, this scenario fits the definition of "trojan" with respect to an
"infected" program. That is to say that the program now does something
undesired in addition to (parasitic infection), or instead of
(overwriting virus), what the user expects or desires. What it does is
it creates more of the same on each iteration.

As to why it does this? -- because it can. It makes for a very
interesting trojan that generates more trojans. This makes it important
to note that it is *more* than a simple trojan and that there is a clear
distinction between these and non-replicating trojans. So, now the
definition of trojan should include a "non-replicating" feature so that
the two entities can be kept separate

>... what's an appender/prepender/cavity infector?

The virus places its code after the host program's code (appender),
before the host program's code (prepender) or within a gap in the host
program's code (cavity). The infamous CIH was (is) a fragmented cavity
infector - fragmented and interspersed within several gaps.

[...]

> Below.. I'm kind of not understanding.....
>
>
>>FromTheRafters: A trojan is a program that does something undesired by
>>the user, instead
>>of or in addition to what the users desires. One such 'trojan' has a
>>unique feature, the 'undesired' aspect can replicate itself - and can
>>infect other programs with the replicant, thus making them trojans as
>>well. Because of the replication and infection properties (generating
>>trojans as it goes about), emergent behavior (and the ability to
>>"evolve" or polymorph) makes it worthy of its own classification.
>>So...we call it a virus - and leave the term trojan to cover the
>>non-replicators.
>>As far as I can tell, the current thinking is:
>
>>It is a trojan, unless it self-replicates, in which case it is called
>>a
>>virus, unless it doesn't *need* to infect programs in order to
>>replicate
>>and spread, in which case it is a worm.
>>
>>It bears keeping in mind that just because something is undesired,
>>doesn't make it *malicious*. Just because something replicates,
>>doesn't
>>mean it is *malicious*. Just because it infects, doesn't make it
>>*malicious* (but you would be hard pressed to find an example of
>>non-malicious infection).

Is there anything specific in there that you want claified?



From: Ant on
"Jenn" wrote:
> So far I understand this about Virus's.........
>
>>Virus:
>>Ant says: A virus infects other files so it can spread (like the biological
>>virus).
>
> ---
> This part I'm confused about. How does it replicate

The original file is run by the usual methods - tricking the user into
running it, exploiting a software vulnerability and so on. Once run it
infects legitimate executable files, essentially with a copy of
itself. When the infected legitimate files are run they can now infect
more files with the virus. The virus will then do whatever else it
does and sometimes hand control back to the original file's code which
continues as normal. Usually it will mark infected files so it doesn't
infect them more than once.

> and why?...

So it can maintain its presence on the system and possibly infect
other systems. Viruses were much more prevalent in the days before
most people had access to the internet and files were often exchanged
between systems via removable media (floppy disks). These days it's
only necessary to direct someone to a malicious web site or for a
legitimate site to be compromised in order to spread malware. The
infected file (viral) method is somewhat redundant.

> what's an appender/prepender/cavity infector?

Just technicalities of how the virus inserts its code. i.e. at the
end, beginning or within unused areas of an executable file. It could
also completely overwrite the original file.


First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4 5
Prev: antivir za win98
Next: Ping: David Kaye