manishjha18
In the zone
What is the difference between a Honeypot and a Honeynet?
and how to make a bootable disk say of win 98
and What is the difference between a Trojan and a Worm?<
A computer worm is a self-replicating computer program, similar to a computer virus. A virus attaches itself to, and becomes part of, another executable program; however, a worm is self-contained and does not need to be part of another program to propagate itself.
The name 'worm' was taken from The Shockwave Rider, a 1970s science fiction novel by John Brunner. Researchers writing an early paper on experiments in distributed computing noted the similarities between their software and the program described by Brunner and adopted the name.
The first implementation of a worm was by two researchers at Xerox PARC in 1978. [1]
The first worm to attract wide attention, the Morris worm, was written by Robert Tappan Morris, Jr. at the MIT Artificial intelligence Laboratory. It was released on November 2, 1988, and quickly infected a great many computers on the Internet at the time. It propagated through a number of bugs in BSD Unix and its derivatives. Morris himself was convicted under the US Computer Crime and Abuse Act and received 3 years' probation, community service and a fine in excess of $10,000.
In addition to replication, a worm may be designed to do any number of things, such as delete files on a host system or send documents via email. More recent worms may be multi-headed and carry other executables as a payload. However, even in the absence of such a payload, a worm can wreak havoc just with the network traffic generated by its reproduction. Mydoom, for example, caused a noticeable worldwide Internet slowdown at the peak of its spread.
A common payload is for a worm to install a backdoor in the infected computer, as was done by Sobig and Mydoom. These zombie computers are used by spam senders for sending junk email or to cloak their website's address.[2] Spammers are thought to pay for the creation of such worms [3] [4] , and worm writers have been caught selling lists of IP addresses of infected machines.[5] Others try to blackmail companies with threatened DDOS attacks.[6] The backdoors can also be exploited by other worms, such as Doomjuice, which spreads using the backdoor opened by Mydoom.
Whether worms can be useful is a common theoretical question in computer science and artificial intelligence. The Nachi family of worms, for example, tried to download then install patches from Microsoft's website to fix various vulnerabilities in the host system (the same vulnerabilities that they exploited). This eventually made the systems affected more secure, but generated considerable network traffic ? often more than the worms they were protecting against ? rebooted the machine in the course of patching it, and, maybe most importantly, did its work without the explicit consent of the computer's owner or user. As such, most security experts deprecate worms, whatever their payload.
See also: Timeline of notable computer viruses and worms
This usage of the term 'worm' should not be confused with WORM (in capitals), which stands for Write Once, Read Many, a property of some computer storage media.
When referring to a computer, a Trojan horse or Trojan is a computer program which claims to be innocuous but instead has a malicious effect ? one which the programmer (or packager, or distributor) intended and the user didn't expect. The term is derived from the classical myth of the Trojan Horse.
A Trojan horse differs from a virus in that it is a stand-alone program ? a Trojan does not attach to other programs or files. It differs from a worm in that it does not move from one computer to another on its own. A person must transfer and run it deliberately, such as by email or by posting it to a download area where it could be downloaded by a victim.
A simple example of a Trojan horse would be a program named "SEXY.EXE" that is posted with a promise of "hot pix"; but, when run, it instead erases all the files on the computer and displays a taunting message.
On the Microsoft Windows platform, an attacker might attach a Trojan with an innocent-looking filename to an email message which entices the recipient into opening the file. The Trojan itself would typically be a Windows executable program file, and thus must have an executable filename extension such as .exe, .scr, .bat, or .pif. Since Windows is sometimes configured by default to hide filename extensions from a user, the Trojan horse's extension might be "masked" by giving it a name such as 'Readme.txt.exe'. With filenames hidden, the user would only see 'Readme.txt' and could mistake it for a harmless text file. Icons can also be chosen to imitate a different file type.
When the recipient double-clicks on the attachment, the trojan might superficially do what the user expects it to do (open a text file, for example), so as to keep the victim unaware of its malicious purpose. Meanwhile, it might discreetly modify or delete files, change the configuration of the computer, or even use the computer as a base from which to attack local or other networks.
For example, Trojans are often used to set up networks of zombie computers from which DDoS attacks can be launched, or which can be used to send spam.
Spyware is another form of Trojan horse which is becoming much more common. Spyware is software which purports to help the user or add new features, but when a user downloads it and runs it, can changes the user's home page in his web browser or track a user as he browses the web, reporting the usage information to a company which then uses this information for usually commercial purposes.
Similarly, Trojans may be used to phish for bank or other account details.
Trojan horses can be protected against through end user awareness. If a user does not open unusual attachments that arrive unexpectedly, any unopened Trojans will not affect the computer. This is true even if you know the sender or recognize the source's address. Even if one expects an attachment, scanning it with updated antivirus software before opening it is prudent. Files downloaded from file-sharing services such as Kazaa or Gnutella are particularly suspect because file-sharing services have been a known distribution method for Trojans to spread.
Some Trojans do not infect other programs and are usually easily deleted, but others are much more dangerous. The MyDoom epidemic in early 2004 was spread by using Trojan-horse attachments in email with a terse message saying that the attachment could not be delivered, making users curious to open it and see what it was. (MyDoom is technically a worm, since it spreads itself to other computers by sending infected email attachments, but it depends on users double-clicking on the attachments to actually infect their computers?a Trojan-like property.)
An early Trojan horse was the 1975 ANIMAL program, a game to identify an animal but which also spread itself to other users on UNIVAC Exec 8 computers[1] .