ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #268 [Report on the Worm] (1 message, 1394 bytes)
NOTICE: securitydigest.org recognises the rights of all third-party works.
START OF DOCUMENT
From: Gene Spafford <spaf>
Date: Fri 12:32:59 18/11/1988 EST
Subject: Report on the Worm
References: [Thread Prev: 261] [Thread Next: 307] [Message Prev: 270] [Message Next: 271]
On Monday, the printers should be getting an order to print copies of a joint Purdue CS/SERC technical report entitled "The Internet Worm Program: An Analysis," authored by yours truly. I have enclosed an abstract of that report below. In order to get an idea of how many copies to order for the first printing run, I'm posting this announcing its availability. If you would like to order one or more copies of the report, please send me e-mail with your SURFACE mail address ASAP. Purdue and SERC have a tradition of not charging for copies of our technical reports, so just your address is all you need to order; we may make an exception if any one person or organization orders multiple copies. Copies should be mailed starting the week of the 28th, and orders will be filled FIFO. This is the first in a planned set of reports on the incident. The others will be announced as they become available. One will have to do with the spread of both the program and the fixes. If you have not yet sent in your local experiences with the worm to either Cliff Stoll or myself, please do -- it will help us put together one or more such papers! --spaf The Internet Worm Program: An Analysis Eugene H. Spafford On the evening of 2 November 1988, someone infected the Internet with a worm program. That program used a number of methods to break into other machines and copy itself, thus infecting those systems. The infection eventually spread to thousands of machines, and disrupted normal activities and Internet connectivity for many days. This report gives a fairly detailed description of the components of the worm program -- data and functions. It is based on two completely independent reverse-compilations of the worm, along with a disassembled version. Almost no source code is given in the paper due to current concerns about the state of the "immune system" on the Internet, but the description should be complete enough to allow the reader to completely understand the nature of the attacks used by the program. The paper contains a list of the security flaws exploited by the worm program, and gives some recommendations on how to eliminate or mitigate their future use. The report also includes an analysis of the coding style and methods used by the author(s) of the worm, and draws some conclusions about both their abilities and intent.
END OF DOCUMENT
|ISSN 1742-948X 01 (Online) | 2005/03/01 | Copyright 2002-2008 securitydigest.org. All rights reserved.|