Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: Virus Research Information: What Are The Different Kinds?

  1. #11
    AO Veteran NeuTron's Avatar
    Join Date
    Apr 2003
    Posts
    550
    The way I look at it, a virus can be any bit of code or any program meant to cause harm of malicious nature, or destroy/damage data on any given system

    As far as i know, it isn't the intent that makes a virus a virus. A virus is usually described as any coding that can replicate itself. This is very similar to biological viruses. Whether it is intended to do harm or not does not dictate its classification.

    From TrendMicro:
    What is a Virus?
    A computer virus is a program – a piece of executable code – that has the unique ability to replicate. ..
    Other than that minor point...it was a nice tut.

    -NeuTron

  2. #12
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840
    [offtopic as well]

    I knew it was going to attract people from both parties ...or at least the ones that know how outspoken I am againts Kerry

    [/offtopic]

    Now edit the tut so I can delete my off topic posts and have it take a nice spot in the archives.

  3. #13
    Probably because the tutorial wasn't on that? Look at the topic, please..
    How Can I Protect Myself From This Crap?
    How can a firewall protect you from a virus? Most worms exploit a vulnerability, and I would expect rootkits to be made exploiting the same vulnerability. Just as easily as blaster left a shell on port 4444, I would expect there are tools that drop Sub7 on a single machine instead.

    The worm is just another vector to drop a backdoor.
    So sit behind a firewall and have your OS updated as well.

  4. #14
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    I'd like to clarify some points/statements that have been raised in this thread.

    Per Ed Skoudis in his book Fighting Malicious Code, (a darned fine read and I thoroughly recommend it), he offers the following definitions, (these are not verbatim).

    Viruses Viruses are executable code that _requires_ human interaction to propogate.

    Worms Worms are executable code that _do not_ require human interaction to propogate.

    Thus, since those two definitions are absolutely accurate, I would suggest that TrendMicro needs to redo their site.

    Now someone is going to jump up and yell about viruses that, when activated, demonstrate worm-like activity in addition to "normal" viral activity..... Yep, no problem and it has been a trend in the last 18 months to two years to attempt this kind of activity. Ed, discusses this in depth and accurately points out that this is what is called a "Blended Threat". He further goes on to point out how and why blended threats will become the norm.

    He also discusses polymorphism, (that act of a virus or worm changing it's appearance on each iteration while continuing to be able to carry out the same actions thus making signature creation much more difficult), and encryption which also makes signature generation more difficult hence the IDS systems signatures looking for file encryption generated by some of the typical encryption engines.

    Spyder: On a professional level you could have mentioned the higher end firewall's ability to remove executable content from SMTP streams bearing in mind that SMTP is the typical vector of a _virus_. You could also have pointed out that a firewall is a very useful tool in the prevention of virus propgation, especially in a corprate environment, by only allowing outbound SMTP connection to emanate from specific IP addresses, (the mail servers). This is also useful, (in addition to an outbound POP, (port 110), connection), in the prevention of users connecting to personal web servers.

    Viruses and anti-virus technology is a huge subject and is difficult to cover without spending an inordinate amount of time and effort researching it for a tutorial. You have, however, come up with a pretty good primer as to what they are and some ways to deal with them....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #15
    I think a better definition of a virus would be:
    Virus: spreads locally or through physical means
    Worm: spreads remotely network to network

    I think the first definition of a virus was something that could spread locally, but has since become broad. Personally, I consider a virus to include anything with only a sole malicious purpose. But the "Virus" has since turned into many different things, which can be summed up as "Malware".

    Malware: Any code that sucks. (yes a catch all)
    Adware: Software that takes excessive information or resources for marketing purposes.
    Spyware: Keyloggers, remote monitoring tools.
    Virus: Locally spreading malicious code (w/o network capability)
    Worm: Virus that replicates over a network instead of locally (w/ network capability)

    And then the payloads can vary from being a trojan, backdoor, smtp engine, whatever. But of course, polymorphism (edit: or "blended threats") throws all definitions out the window.

    Tiger- That book rocks. Seriously. I hate to see the worm that implements the code from hydan in it, it would be an heuristic nightmare. I'm not sure I agree with his prediction that there will be a day when all systems get owned and we need to patch by cd's in the mail.

  6. #16
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Malware: Any code that sucks.
    I think malware is the "catch all" for anything that isn't "pleasant" code and covers all you put in the list.

    Adware: Software that takes excessive information or resources for marketing purposes.
    Individual/Corporate greed.... nothing more....

    Spyware: Keyloggers, remote monitoring tools.
    Nasty.... Nasty.... Nasty... nuff said?

    Virus: Locally spreading malicious code
    Errrrr.... they email themselves across the world.... Hardly "local" don't you think?

    Worm: Network aware malware
    Yep.... and the internet is a network...
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #17
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    Malware: Any code that sucks.
    Adware: Software that takes excessive information or resources for marketing purposes.
    Spyware: Keyloggers, remote monitoring tools.
    Virus: Locally spreading malicious code
    Worm: Network aware malware
    I like that little bit, Soda.. kinda caught my attention. Look's about correct, although viruses aren't really locally spread code, they can be spread across the internet, etc.

    Now, perhaps I should have added information regarding how a firewall is useful in this aspect and perhaps added information about worms and trojan's. So here's what I'm going to do. I'm going to make a part two of this tutorial and include those things. The name will be changed to something such as "Virus Research Information Part Two: Advanced Security and Greater Threats". I'll be working on that one, however in the mean time I'd like to clarify something as well. The primary focus of this tutorial was NOT security (although I added it in). It was (just as the topic says) what are the different kinds, which I went into. My first tutorial here, the Tiny Virus Protection Tip Guide is more geared towards protections and what not (Holy ****, it's in the title there too!).

    Anyways, thanks for the constructive critisizm everyone and I hope some people learned from it and/or enjoyed it. I'll be working extensively on part two.

    EDIT: Ahh, Tiger ya beat me to 'em
    Space For Rent.. =]

  8. #18
    Errrrr.... they email themselves across the world.... Hardly "local" don't you think?
    Wouldn't MyDoom be classified as a worm? Although it requires user interaction to launch....bah who cares.
    A perfect example of how polymorphism ruins a solid definition.

    I would think that a virus in its first used definition would be code that appends itself to other binaries? If it can reach other networks, it's more wormish?

    [off topic]I was like... 7 years old when I was playing oregon trail or some game on the 486 when a picture of a goat skull with AOL logos for eyes popped up and scared the beejeebers out of me. I've been trying to find the name of that virus ever since so I can play with it.[/off topic]

    edit for spy:

    No prob...

    It's just that classifications and definitions are absolutely not standardized, if you google "define: virus" you will see all kinds of contradictory definitions. I just felt that your tut was intended to include security somewhere, because this is after all a security forum.

  9. #19
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    [off topic]I was like... 7 years old when I was playing oregon trail or some game on the 486 when a picture of a goat skull with AOL logos for eyes popped up and scared the beejeebers out of me.[/off topic]
    Haha, I remember that game. I played it on my OLD AS HELL Mac machine. Anyways, yeah that was very off-topic

    I just felt that your tut was intended to include security somewhere, because this is after all a security forum.
    Indeed, and your correct I just posted on a more informative type basis. The tutorial in itself wasn't meant to teach security from viruses, my other tutorial that I made (my very first one) was. Even that one was a tiny one (thus the name) and wasn't fully written out to be my best
    Space For Rent.. =]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •