Path: utzoo!attcan!uunet!husc6!cmcl2!rutgers!deimos!uxc!uxc.cso.uiuc.edu!m.cs.uiuc.edu!p.cs.uiuc.edu!zweig From: zweig@p.cs.uiuc.edu Newsgroups: comp.protocols.tcp-ip Subject: Virus Terminology Survey Message-ID: <93400013@p.cs.uiuc.edu> Date: 21 Nov 88 16:58:00 GMT Lines: 61 Nf-ID: #N:p.cs.uiuc.edu:93400013:000:3047 Nf-From: p.cs.uiuc.edu!zweig Nov 21 10:58:00 1988 There have been a number of not-always-consistent schemes for talking about nasty things on both the InterNet and on PC's and Mac's and stuff floating around the net and the news media these past few weeks. Perhaps the TCP-IP group can come up with a definitive nomenclature. Here is an off the cuff reading of what I can remember/surmise from what's been floating around: VIRUS -- a program which replicates itself and causes damage; so-called because of similatrites to viruses which make people/animals sick. WORM -- a program which copies itself to other systems over a network. Sometimes it seems to be taken for granted that worms are nasty, others it seems necessary to add modifiers to that effect. TROJAN HORSE -- a program which sits on a system until someone runs it; then it attacks the system using the priviledges of whoever activated it. Since this term is taken from Greek mythology, a TH is always nasty (the image is something that you let into your address-space/file system and something leaps out of it and kills you). MOLE -- a program which sneaks into systems via a method not normally known/allowed. I think -- there seem to be other conflicting usages out there. LOGIC BOMB -- a program/process which causes havoc ("explodes") when a certain logical criterion is met -- usually when a certain time has elapsed. I have heard these called "sleepers" since a LB sleeps until it is supposed to go off. HACKER -- a person who maliciously breaks into systems. I hate this term, since I call myself a hacker pretty often. CRACKER is a better term, much more widely used in Europe I am told ("crackers are" in British slang). Hacker originally referred to someone who could look at 10,000+ lines of assembly code and figure out the 6 bytes that needed to be changed (a "hack" at the giant block of code) to fix the thing. It is supposed to be a term of some reverence indicating someone who both fervently and successfully pursues a given discipline. Thus terms like "UNIX hacker", "AI hacker", "Network hacker" and "cracker hacker." HOLE -- an aspect of a program which allows unauthorized/unexpected use. (Other, of course, than mere existence which has also been cited as a widely-exploited security loophole in much software.) Not all of these terms are mutually exclusive: the Morris worm can be viewed as a virus as well as a mole, given the above definitions. I'd appreciate postings/e-mail of other terms/usages people have seen and/or are using. Maybe we could get UPI to broadcast a list so the news media will start calling a spade a spade, a hacker a hacker, a worm a worm and so forth.... Johnny Zweig University of Illinois at Urbana-Champaign Department of Computer Science --------------------------------Disclaimer:------------------------------------ Rule 1: Don't believe everything you read. Rule 2: Don't believe anything you read. Rule 3: There is no Rule 3. -------------------------------------------------------------------------------