The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #120 [Re: ernie.berkeley.edu] (1 message, 657 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/120.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT

From: Theodore Ts'o <tytso@ATHENA.MIT.EDU>
To: phage
Date: Mon 16:13:42 07/11/1988 EST
Subject: Re: ernie.berkeley.edu
References: [Thread Prev: 116] [Thread Next: 123] [Message Prev: 118] [Message Next: 196]

Since as far as I know, no one (execpt the author of the virus), has a
copy of the program which listened at the other end at
ernie.berkeley.edu, any answer is probably going to be partially
guesswork.

Each time the virus is started, there is a 1/15 chance (it calls
random()) that it sends a single byte to ernie.berkeley.edu on some
magic port.

If the reports that he intended it to spread slowly are true, then its
possible that it was intended to monitor the spread of the virus.  Some
news reports mentioned that he panicked when, via some "monitoring
mechanism,"  he saw how fast it had propagated.  Given how, ahem,
reliable some of the news reports have been, I wouldn't count on this
story being true; but if it is, it would make a lot of sense.

						- Ted

END OF DOCUMENT