A Report On The Internet Worm
Authors: Bob Page
Abstract:
- This data was collected through an emergency mailing list set up
by Gene Spafford at Purdue University, for administrators of major
Internet sites - some of the text is included verbatim from that
list. Mail was heavy since the formation of the list; it continues
to be on Monday afternoon - I get 2-3 messages every hour. It's
possible that some of this information is incomplete, but I thought
you like to know what I know so far.
Title: A Tour of the Worm
Authors: Donn Seeley
Abstract:
- On the evening of November 2, 1988, a self-replicating program was
released upon the Internet. This program (a worm) invaded VAX and
Sun-3 computers running versions of Berkeley UNIX, and used their
resources to attack still more computers. Within the space of hours
this program had spread across the U.S., infecting hundreds or
thousands of computers and making many of them unusable due to the
burden of its activity. This paper provides a chronology for the
outbreak and presents a detailed description of the internals of the
worm, based on a C version produced by decompiling.
GAO Report on Computer Security (June 1989)
Author: GAO
Abstract:
- GAO Report to Congress after the Internet Worm Incident.
Title: The Internet Worm Incident
Authors: Eugene H. Spafford
Abstract:
- This paper explains why this program was a worm (as opposed to a
virus), and provides a brief chronology of both the spread and
eradication of the program. That is followed by discussion of some
specific issues raised by the community's reaction and subsequent
discussion of the event. Included are some interesting lessons
learned from the incident.
Title: The Internet Worm Program: An Analysis
Authors: Eugene H. Spafford
Abstract:
- This report gives a detailed description of the components of the worm
program - data and functions.It is based on study of two completely
independent reverse-compilations of the worm and a version
disassembled to VAX assembly language. Almost no source code is given
in the paper because of current concerns about the state of the
"immune system" of Internet hosts, but the description should be
detailed enough to allow the reader to understand the behavior of the
program. The paper contains a review of the security flaws exploited
by the worm program, and gives some recommendations on how to
eliminate or mitigate their future use. The report also includes an
analysis of the coding style and methods used by the author(s) of the
worm, and draws some conclusions about his abilities and intent.
Title: With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988
Authors: Mark W. Eichin Jon A. Rochlis
Abstract:
- In early November 1988 the Internet, a collection of networks
consisting of 60,000 host computers implementing the TCP/IP protocol
suite, attacked by virus, program which broke into computers on the
network and which spread from one machine to another This paper is
detailed analysis of the virus programitself, as well as the reactions
of the besieged Internet community. We discuss the structure of the
actual program, as well as the strategies the virus used to reproduce
itself. We present the chronology of events as seen by our team at
MIT, one of handful of groups around the country working to take apart
the virus, in an attempt to discover its secrets and to learn the
network' vulnerabilities. We describe the lessons that this incident
has taught the Internet community and topics for future consideration
and resolution. A detailed routine by routine description of the virus
program including the contents of its built in dictionary is
provided.
|