Abstract
On the evening of 2 November 1988, someone “infected” Internet with a worm program. That program exploited flaws in utility programs in systems based on BSD-derived versions of Unix. The flaws allowed the program to break into those machines and copy itself, thus infecting those systems. This program eventually spread to thousands of machines, and disrupted normal activities and Internet connectivity for many days.
This paper explains why this program was a worom (as opposed to a virus), and provides a brief chronology of both the spread and eradication of the program. That is followed by discussion of some specific issues raised by the community's reaction and subsequent discussion of the event. Included are some interesting lessons learned from the incident.
The presentation in [26] is a condensation of an early version of this paper.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Participants, Proceedings Of The Virus Post-Mortem Meeting, National Computer Security Center, Ft. George Meade, MD, 8 November 1988.
Staff, “Uncle Sam's Anti-Virus Corps,” Unix Today!, p. 10, Jan 23, 1989.
Allman, Eric, Sendmail—An Internetwork Mail Router, University of California, Berkeley, 1983. Issued with the BSD Unix documentation set.
Bishop, Matt, “An Application of a Fast Data Encryption Standard Implementation,” Computing Systems: The Journal Of The Usenix Association, vol. 1, no. 3, pp. 221–254, University of California Press, Summer 1988.
Brunner, John, The Shockwave Rider, Harper & Row, 1975.
Cohen, Fred, “Computer Viruses: Theory and Experiments,” Proceedings Of The 7Th National Computer Security Conference, pp. 240–263, 1984.
Comer, Douglas E., Internetworking with TCP/IP: Principles, Protocols and Architecture, Prentice Hall, Englewood Cliffs, NJ, 1988.
Denning, Peter, “The Internet Worm,” American Scientist, vol. 77, no. 2, March-April 1989.
Denning, Peter J., “Computer Viruses,” American Scientist, vol. 76, pp. 236–238, May–June 1988.
Eichin, Mark W. and Jon A. Rochlis, “With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988,” Proceedings of The Symposium On Research In Security And Privacy, IEEE-CS, Oakland, CA, May 1989.
Eisenberg, Ted, David Gries, Juris Hartmanis, Dan Holcomb, M. Stuart Lynn, and Thomas Santoro, The Computer Worm, Office of the Provost, Cornell University, Ithaca, NY, Feb. 1989.
Gerrold, David, When Harlie Was One, Ballentine Books, 1972. The first edition.
Grampp, Fred. T. and Robert H. Morris, “Unix Operating System Security,” At&T Bell Laboratories Technical Journal, vol. 63, no. 8, part 2, pp. 1649–1672, Oct. 1984.
Harrenstien, K., “Name/Finger,” Rfc 742, SRI Network Information Center, December 1977.
Hinden, R., J. Haverty, and A. Sheltzer, “The DARPA Internet: Interconnecting Heterogeneous Computer Networks with Gateways,” Computer Magazine, vol. 16, no. 9, pp. 38–48, IEEE-CS, September 1983.
King, Kenneth M., “Overreaction to External Attacks on Computer Systems Could be More Harmful than the Viruses Themselves,” Chronicle Of Higher Education, p. A36, November 23, 1988.
Kocher, Bryan, “A Hygiene Lesson,” Communications Of The Acm, vol. 32, no. 1, p. 3, January 1989.
Markhoff, John, “Author of Computer ‘Virus’ Is Son of U. S. Electronic Security Expert,” New York Times, p. A1, November 5, 1988.
Morris, Robert and Ken Thompson, “Unix Password Security,” Communications Of The Acm, vol. 22, no. 11, pp. 594–597, ACM, November 1979.
Postel, Jonathan B., “Simple Mail Transfer Protocol,” Rfc 821, SRI Network Information Center, August 1982.
Reid, Brian, “Reflections on Some Recent Widespread Computer Breakins,” Communications Of The Acm, vol. 30, no. 2, pp. 103–105, ACM, February 1987.
Ritchie, Dennis M., “On the Security of Unix,” in Unix Supplementary Documents, AT & T, 1979.
Royko, Mike, “Here's how to stop computer vandals,” The Chicago Tribune, November 7, 1988.
Seeley, Donn, “A Tour of the Worm,” Proceedings of 1989 Winter Usenix Conference, Usenix Association, San Diego, CA, February 1989.
Shoch, John F. and Jon A. Hupp, “The Worm Programs — Early Experience with a Distributed Computation,” Communications of The Acm, vol. 25, no. 3, pp. 172–180, ACM, March 1982.
Spafford, Eugene H., “The Internet Worm: Crisis and Aftermath,” Communications Of The Acm, vol. 32, no. 6, pp. 678–687, ACM, June 1986.
Spafford, Eugene H., “The Internet Worm Program: An Analysis,” Computer Communication Review, vol. 19, no. 1, ACM SIGCOM, January 1989. Also issued as Purdue CS technical report TR-CSD-823
Spafford, Eugene H., “Some Musings on Ethics and Computer Break-Ins,” Proceedings Of The Winter Usenix Conference, Usenix Association, San Diego, CA, February 1989.
Steiner, Jennifer, Clifford Neuman, and Jeffrey Schiller, “Kerberos: An Authentication Service for Open Network Systems,” Usenix Association Winter Conference 1988 Proceedings, pp. 191–202, February 1988.
Stoll, Cliff, The Cuckoo's Egg, Doubleday, NY, NY, October 1989. Also published in Frankfurt, Germany by Fischer-Verlag.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1989 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Spafford, E.H. (1989). The internet worm incident. In: Ghezzi, C., McDermid, J.A. (eds) ESEC '89. ESEC 1989. Lecture Notes in Computer Science, vol 387. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-51635-2_54
Download citation
DOI: https://doi.org/10.1007/3-540-51635-2_54
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-51635-4
Online ISBN: 978-3-540-46723-6
eBook Packages: Springer Book Archive