[ Search ] [ What's New? ] [ About ]
[ Bugs ] [ Misc ] [ Mailing Lists ] [ Newgroups ] [ NewsWire ] [ Papers ] [ People ]
[ Pictures ] [ Publications ] [ Responce Teams ] [ Tools ] [ Upcoming Events ] [ Web Sites ]

Internet Worm

A Report On The Internet Worm
Authors: Bob Page
Abstract:
This data was collected through an emergency mailing list set up by Gene Spafford at Purdue University, for administrators of major Internet sites - some of the text is included verbatim from that list. Mail was heavy since the formation of the list; it continues to be on Monday afternoon - I get 2-3 messages every hour. It's possible that some of this information is incomplete, but I thought you like to know what I know so far.

Title: A Tour of the Worm
Authors: Donn Seeley
Abstract:
On the evening of November 2, 1988, a self-replicating program was released upon the Internet. This program (a worm) invaded VAX and Sun-3 computers running versions of Berkeley UNIX, and used their resources to attack still more computers. Within the space of hours this program had spread across the U.S., infecting hundreds or thousands of computers and making many of them unusable due to the burden of its activity. This paper provides a chronology for the outbreak and presents a detailed description of the internals of the worm, based on a C version produced by decompiling.

GAO Report on Computer Security (June 1989)
Author: GAO
Abstract:
GAO Report to Congress after the Internet Worm Incident.

Title: The Internet Worm Incident
Authors: Eugene H. Spafford
Abstract:
This paper explains why this program was a worm (as opposed to a virus), and provides a brief chronology of both the spread and eradication of the program. That is followed by discussion of some specific issues raised by the community's reaction and subsequent discussion of the event. Included are some interesting lessons learned from the incident.

Title: The Internet Worm Program: An Analysis
Authors: Eugene H. Spafford
Abstract:
This report gives a detailed description of the components of the worm program - data and functions.It is based on study of two completely independent reverse-compilations of the worm and a version disassembled to VAX assembly language. Almost no source code is given in the paper because of current concerns about the state of the "immune system" of Internet hosts, but the description should be detailed enough to allow the reader to understand the behavior of the program. The paper contains a review of the security flaws exploited by the worm program, and gives some recommendations on how to eliminate or mitigate their future use. The report also includes an analysis of the coding style and methods used by the author(s) of the worm, and draws some conclusions about his abilities and intent.

Title: With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988
Authors: Mark W. Eichin Jon A. Rochlis
Abstract:
In early November 1988 the Internet, a collection of networks consisting of 60,000 host computers implementing the TCP/IP protocol suite, attacked by virus, program which broke into computers on the network and which spread from one machine to another This paper is detailed analysis of the virus programitself, as well as the reactions of the besieged Internet community. We discuss the structure of the actual program, as well as the strategies the virus used to reproduce itself. We present the chronology of events as seen by our team at MIT, one of handful of groups around the country working to take apart the virus, in an attempt to discover its secrets and to learn the network' vulnerabilities. We describe the lessons that this incident has taught the Internet community and topics for future consideration and resolution. A detailed routine by routine description of the virus program including the contents of its built in dictionary is provided.


Aleph One / aleph1@underground.org
Copyright © 1996 Computer Underground Society. All rights reserved.