The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #131 [Re:] (1 message, 1334 bytes)
NOTICE: recognises the rights of all third-party works.


From: Thomas Narten <narten>
To: phage
Date: Mon 19:56:38 07/11/1988 EST
Subject: Re:
References: [Thread Prev: 129] [Thread Next: 196] [Message Prev: 407] [Message Next: 405]

>	... Why is the internet address of
>	hardcoded into the virus?

>No one knows.

Further info from Monday's NYT:

"friends of the young computer expert, including Paul Graham, a
computer science graduate student at Harvard University, said the
program was first disseminated from a computer at MIT's AI lab while
its author, using remote control, sat at his computer at Cornell in
Ithaca, NY ....  Mr Graham said that the Morris virus program also had
a mechanism that was intended to conceal its point of origin further.
All copies that the program made of itself were to send messages
regularly identifying their location to a computer at UC Berkeley,
which would imply that this was where the virus program originated.

Mr. Morris left for dinner immediately after letting the program loose
in the network, intending to go to bed afterward, friends said.
However, after eating, he could not resist returning to his computer
to determine the progress of his program, which had been intended to
live secretly in the Arpanet.  Friends said that to his horror he
found that because of a design error the program had reproduced itself
so widely that it had already overloaded the network, and he himself
had trouble gaining access to remote computers so as to monitor or stop
the program's progress.

Mr. Morris then telephoned another friend, at Harvard's Aiken
Laboratory, and asked him to send out an alert over the Arpanet along
with instructions on how to disable the virus.  That person sent a
terse message in technical language explaining how to stop the virus
from spreading but ending with the comment: 'Hope this helps, but
more, I hope it is a hoax'.

Unfortunately, the message went to a abscure electronic bulletin
board; in any case the network was by then so overloaded that few
computer sites received it".

The message (appended) was sent to the tcp-ip list.

Other interesting comments about the sendmail hole:

"Eric Allman, a computer programmer who designed the mail program that
Morris exploited, said yesterday that he created the back door to
allow him to fine tune the program on a machine that an overzealous
administrator would not give him access to.  He said that he forgot to
remove the entry point before the program was widely distributed in 1985."