Macro and Worm
what is the difference and which is the most dangerous? :)
Printable View
Macro and Worm
what is the difference and which is the most dangerous? :)
A macro is just a collection of commands to be executed in a certain order.Quote:
Originally posted here by Penguin
Macro and Worm
what is the difference and which is the most dangerous? :)
A worm is a program that is able to copy itself to other computers.
Macros are usually harmless but I'm guessing you mean macro virusses.
A macrovirus is a virus written in some macro language (like the stuff build into Word).
Virusses can spread to other programs or computers. A virus will also modify/delete other files. A worm will only spread itself around.
but how does a worm copy itself if i am using web email.. instead of Outlook Express or Outlook.. is there a risk of both as well?
I'm not an expert but I believe some worms have a built in/their own SMTP engine/server, or they will eat(take) everybody in your address list and email them via your email engine so it appears to have come from you. Then when they get infected this repeats and eventually everything gets clogged with email and your bandwith becomes 0 ;)
-It is I, me-
so what kind of programming language they using? and will this email infect my PC when i open a web email in my IE browser?
ASM, C, C++ and there are rumors of malicious java code but I do not know anything about that.Quote:
so what kind of programming language they using?
? As in Hotmail, Lycos, Yahoo?Quote:
web email
Disable HTML so that when you open an email with HTML/Java code you see the actual code. Also, do not download stuff that you do not know who it is from. If you do know who it is from, scan it, because you're more likely to get a virus from someone you know than someone you do not (not that they purposly sent it to you).
-JESUS IS COMING!! EVERYBODY LOOK BUSY!!!!-
In general a worm is considered to be a piece of malicious code which spreads itself without end-user intervention . . . unlike a macro virus which requires you to open a document in its appropriate application (hence providing an environment in which the macro is a valid code snippet.)
Worms, therefore, usually require a vulnerability in an already running application or service as a vector for infection. All things being the same, the best way to prevent the spread of a worm is to perform aggressive patching and updating of OS's and applications.
Or unplug anything that requires electricity.
There's a lot of fun stuff to explore here with how a worm is written so that it will execute, seek out a vector for replication, and then perform its nasty little task of replicating itself.
It is really interesting. the part I am most interested in is replication and finding a vector. I do not want to know how to damage systems. Anyway, it is considered blackhat by a lot of people so I do not ask. I assume its using ASM to attach itself to append it self to the beggining and/or end of a file then when conditions are correct, executing replication/exploitation.Quote:
There's a lot of fun stuff to explore here with how a worm is written so that it will execute, seek out a vector for replication, and then perform its nasty little task of replicating itself.
-Sam-
As I understand things, a "worm" requires a medium through which to travel. This is typically the internet, or a local network. The true worm will spread of its own accord, recently if you left an unprotected computer connected to the net for 30 minutes or so, you would be almost certain of being infected.
I use the strict definition that worms do not "infect", either the boot sector or files. Infection is what viruses do.
The two terms relate ONLY to how the thing gets about NOT if it does any damage.
A macro is a set of instructions to perform an automated function. The first ones I met were in basic, but since then they are in C, C++ and so on. A true "macro" is a small program used within another (larger) application. Typically you will find them in "office" packages like MS Office, Lotus Smartsuite, Corel and so on.
The significance of this is that you must have the application that they were written for, installed on your machine. For, example, if I sent you a Microsoft Word macro virus, and you did not have word, all you would see would be my macro code in the text editor you used INSTEAD of Word. The actual instruction sequence would not be invoked.
Worms that are network aware, will spread themselves without human intervention, they just look for mapped drives and sub-nets.
More commonly, human intervention is required, as some bozo has to open the e-mail document that carries the worm, or virus. This is not just restricted to e-mail, P2P and messaging applications can also carry them, but mostly they still require a positive reaction from the recipient.
Hope this helps
you said everything about the macro viruses. But is there any "micro" viruses. Please explain it to me. And yes I AM A NOOB. :)
Greetings Iaio,
Your question would depend on your definition of "micro"
As far as I am aware there is no malware written in microcode, simply because the authors cannot access the tools to write it and would have no means of delivering it. Also, given that microcode is specific to the internal functionality of a computer, it would be difficult to get it to spread.
If you are just referring to size, some of the earlier boot sector viruses written in assembly language were very small, less than 2k :eek:
"Ordinary" malware is written in a variety of higher level languages, and is quite "bloated" by comparison.
Try looking at the various definition pages of the AV suppliers' websites and check out a few boot sector viruses, file infectors, worms and trojans. You will soon see what I mean.
Cheers
nihil,
I think he meant micro as a comparison to macro. I don't think he was referring to microcode or bloat size. More like if there are viruses called macro viruses then surely there must be ones called micro viruses. :D
laio, there are no viruses, AFAIK, that are referred to as micro viruses (with possible exception of biological ones that humans and other animals get).
what is ASM?Quote:
Originally posted here by PM8228
ASM, C, C++ and there are rumors of malicious java code but I do not know anything about that.
? As in Hotmail, Lycos, Yahoo?
Disable HTML so that when you open an email with HTML/Java code you see the actual code. Also, do not download stuff that you do not know who it is from. If you do know who it is from, scan it, because you're more likely to get a virus from someone you know than someone you do not (not that they purposly sent it to you).
-JESUS IS COMING!! EVERYBODY LOOK BUSY!!!!-
all the reply seems to say that there is no way to prevent a worm from multiplying.. onli the patching the OS will solve the issue.. and is it possible to know how a worm is written?
You know a ton Mittens, but the reason there are no "micro" viruses is because righting large programs in ASM takes forever and is really hard to debug. I'm not sure if you have ever programed or read it. I have read it for cracking serials (blackhat :( not that I'm good at it), but it's really really hard to read. And I have tried to write ASM programs for my calculator which is like 100x less complex than a computer and that was really hard as well. Also it varies a lot based on OS. So it's not like you can write a "Windows" virus because the low level calls are still interprited by the OS. So it becomes a "Windows XP" virus. The effectiveness decreases unless you write it so that it can deal with a multitude of OS's... but the time and dedication taken to do that would be imense.Quote:
laio, there are no viruses, AFAIK, that are referred to as micro viruses (with possible exception of biological ones that humans and other animals get).
-Sam-
ASM = Assembly Language
And pretty much you can't prevent worm propogation without having appropriate A/V or other methods of removing the worm. To this day, I still receive Code Red worm activity nofication on my IDS.
I can write it out for people who dont know what that means. I just assumed that people would know. I apologize.Quote:
ASM = Assembly Language
They just sit around on a machine until they are removed. Even if a whole is 20 years gone by it can still be on a machine. What is scary is viruses with AI. That can find new security holes, upgrade themselves against newer AV software and such.Quote:
And pretty much you can't prevent worm propogation without having appropriate A/V or other methods of removing the worm. To this day, I still receive Code Red worm activity nofication on my IDS.
-Sam-
wao.. how they do that? is there any one of those out there now..
What are you refering to?Quote:
wao.. how they do that? is there any one of those out there now..
those with AI ones?
you mean the network aware and self updateing malware..Quote:
wao.. how they do that? is there any one of those out there now..
Plenty.. I would recomend going to the tutorials and having a read there.. start with the stickies..
read some of the virus listings on McAfee and Symantec..
if you like, search those sites this will help more than 1000 oneline replies in this thread..
<line Deleted>
there that should help especially the exe's to search for..
cheers
What the hell are you talking about? Just the fact that they can mail themselves then trick dumb idiots into downloading them or the fact that they can drop mirc and pirch scripts then interact with users VIA: IRC and trick them into downloading could possably be considered some small form of "AI" simply because of the interaction between worms & users.
:rolleyes:
Not entirely true. You can easily prevent infection by a worm or virus if you can take away its infection vector.Quote:
Originally posted here by MsMittens
And pretty much you can't prevent worm propogation without having appropriate A/V or other methods of removing the worm. To this day, I still receive Code Red worm activity nofication on my IDS.
For example if you remove the .ida script mapping in IIS you remove the infection vector for Code Red thereby preventing infection (of Code Red) without the need for patching and/or AV.
But you would really need to know what you are doing!
I mean actual AI. It thinks or rather replicates "thinking". Not only self updating, but self aware. It realizes what it is which makes it better able to do what it's supposed to (not that it's a good thing). It'd be pretty wierd/scary to have a self aware virus.Quote:
What the hell are you talking about? Just the fact that they can mail themselves then trick dumb idiots into downloading them or the fact that they can drop mirc and pirch scripts then interact with users VIA: IRC and trick them into downloading could possably be considered some small form of "AI" simply because of the interaction between worms & users.
-Sam-
I replicate therefor I am ;)
Where I can find some e-books about ASM with examples. I want to take some look at this.
ASM calls depend on the OS and I think motherboard/processor. Google for ASM tutorials. Although most of the calls are processor independant some are, or some calls are handled differently I think.
-Sam-
Code:mv b, 5
mv a, 5
cp a, b
jp nno
Assembly is processor architecture dependant (i386/680x0/PPC). If you want to use systemcalls for printing to a screen i.e. these are OS dependant (Mac OS/Windows/Linux/*BSD).Quote:
Originally posted here by PM8228
ASM calls depend on the OS and I think motherboard/processor. Google for ASM tutorials. Although most of the calls are processor independant some are, or some calls are handled differently I think.
Thanks for clearing that up SirDice.
-Sam-
:DQuote:
Originally posted here by Penguin
Macro and Worm
what is the difference and which is the most dangerous? :)
hi well the main difference is that a worm can spread itself on the computers on the network and a micro virus sannot .a macro virus just is a set od instruction which are exexcuted when a certain condition arises .a worm can by itself find the security holes exploits them and find its way to another computers