home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!elroy.jpl.nasa.gov!usc!cs.utexas.edu!qt.cs.utexas.edu!yale.edu!jvnc.net!netnews.upenn.edu!netnews.cc.lehigh.edu!news
- From: rslade@sfu.ca
- Newsgroups: comp.virus
- Subject: The Internet Worm (CVP)
- Message-ID: <0019.9301051858.AA13030@barnabas.cert.org>
- Date: 25 Dec 92 08:15:35 GMT
- Sender: virus-l@lehigh.edu
- Lines: 67
- Approved: news@netnews.cc.lehigh.edu
-
- HISVIRO.CVP 921215
-
- The Internet Worm
-
- By the fall of 1988, VIRUS-L had been established (let's hear it for
- Ken!) and was very active. Issues were, in fact, coming out on a
- daily basis, so I was quite surprised when I didn't receive one on
- November 3rd. I didn't get one on November 4th, either. It wasn't
- until November 5th, actually, that I found out why.
-
- Most machines on the net were not of the type that the Worm would
- have affected. The Worm was only able to run and propagate on
- machine running the UNIX operating system, and then only those with
- specific versions and specific CPUs. However, given that the
- machines that are connected to the Internet also comprise the
- transport mechanism for the Internet, a "minority group" of
- machines, thus affected, impacted the performance of the net as a
- whole.
-
- I learned it, initially, from a newspaper report. However, by the
- 5th I was also starting to get mailings across the net again.
- During the run of the worm, a sufficient number of machines had been
- affected that both email and distribution list mailings were
- impaired. Some mail was lost, either by mailers which could not
- handle the large volumes that "backed up", or by mail queues being
- dumped in an effort disinfect systems.
-
- Most mail was not lost, but was substantially delayed. The delay
- could have been caused by a number, or combination of factors. In
- some cases mail would have been re-routed, via a possibly less
- efficient path, after a certain time. In other cases "backbone"
- machines, affected by the Worm, were simply much slower at
- processing mail. In still others, mail routers would either crash
- or be stopped, with a consequent delay in mail delivery.
- Ironically, electronic mail was the primary means that the various
- parties attempting to deal with the worm were trying to use to
- contact each other.
-
- By Sunday, November 6th, things were pretty much back to normal.
- Mail was flowing, distribution lists and electronic "periodicals"
- were running and the news was getting around. The one difference
- was the enormous volume of traffic given over to one topic: the
- Internet Worm.
-
- The Internet Worm is still the pre-eminent case of a viral program
- in our time. Even today, no "virus" story in the popular media is
- complete without some reference to it. It rates a mention in "The
- Cuckoo's Egg". Each school term brings fresh requests for
- bibliographic material on it (sparked, one suspects, by either
- choice or assignment of essay topics). Currently (December of 1992)
- there is a "thread" running on comp.security.misc on "Fun things to
- do with RTM" which occupies about half the total bandwidth.
-
- In many ways this fame (or infamy) is deserved: the Internet Worm is
- the story of data security in miniature. The Worm used "trusted"
- links, password cracking, security "holes" in standard programs,
- standard and default operations and, of course, the power of viral
- replication.
-
- copyright Robert M. Slade, 1992 HISVIRO.CVP 921215
-
- ==============
- Vancouver ROBERTS@decus.ca | Slade's Law of Computer
- Institute for Robert_Slade@sfu.ca | Literacy:
- Research into rslade@cue.bc.ca | - There is no such thing
- User p1@CyberStore.ca | as "computer illiteracy";
- Security Canada V7K 2G6 | only illiteracy itself.
-
