On the evening of November 2, 1988 the Internet came under attack from within. Sometime after 5 p.m.,’ a program was execuied on one or more hosts connected to the Internet. Tha,. program collected host, network, and user information, then used that information to break into other machines using flaws present in those systems’ software. After breaking in, the program would replicate itse1.f and the replica would attempt to infect other systems in the same manner. Although the program would only infect Sun Microsystems’ Sun 3 systems and VAX@ computers running variants of 4 BSD UNIX,@ the program spread quickly, as did i.he confusion an.d consternation of system administrators and uszmrs as they discovered the invasion of their systems. Tht? scope of the break-ins came as a great surprise to aln.ost everyone, despite the fact that UNIX has long been kn.own to have some security weaknesses (cf. [4, 12, ,131). The program was mysterious to users at sites where it appeared. Unusual files were left in the /usr/tmp directories of some machines, and strange messages appeared in the log :‘iles of some of the utilities, such as the sendmail mail handling agent. The most noticeable effect, however, was that systems became more and more loaded wih running processes as they became repeatedly infected. As time went on, some of these machines bec:.me so loaded that they were unable to continue any processing; some machines failed completely when th ?ir swap space or process tables were exhausted. By early Thursday. morning, November 3, personnel at the IJniversity of California at Berkeley and Massachusetts Institute of Technology (MIT) had “captured” copies of the program and began to analyze it. People at other sites also bega:r to study the program and were developing methods of eradicating it. A common fear
[1]
Donn Seeley,et al.
A Tour of the Worm
,
1988
.
[2]
Kenneth M. King,et al.
Overreaction to External Attacks on Computer Systems Could Be More Harmful than the Viruses Themselves.
,
1988
.
[3]
John C. Klensin,et al.
Simple Mail Transfer Protocol
,
2001,
RFC.
[4]
Brian Reid,et al.
Reflections on some recent widespread computer break-ins
,
1991
.
[5]
Brian Reid.
Lessons from the UNIX breakins at Stanford
,
1986,
SOEN.
[6]
Eric Aiiman,et al.
Sendmail -- an internetwork mail router
,
1986
.
[7]
Eugene H. Spafford,et al.
The internet worm program: an analysis
,
1989,
CCRV.
[8]
James L. Clark,et al.
UNIX Operating System Security
,
1992,
SEC.
[9]
UNIX Password Security
,
1993
.
[10]
Peter J. Denning,et al.
The internet worm
,
1991
.