Maximize
Bookmark

VX Heavens

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

RFC1135: The Helminthiasis of the Internet

Joyce Reynolds
ftp://ftp.rfc-editor.org/in-notes/rfc1135.txt
December 1989

1
[Back to index] [Comments (0)]

Network Working Group

Request for Comments: 1135

Status of this Memo

This memo takes a look back at the helminthiasis (infestation with, or disease caused by parasitic worms) of the Internet that was unleashed the evening of 2 November 1988. This RFC provides information about an event that occurred in the life of the Internet. This memo does not specify any standard. Distribution of this memo is unlimited.

Introduction

The obscure we see eventually, the completely apparent takes longer.

Edward R. Murrow


The helminthiasis of the Internet was a self-replicating program that infected VAX computers and SUN-3 workstations running the 4.2 and 4.3 Berkeley UNIX code. It disrupted the operations of computers by accessing known security loopholes in applications closely associated with the operating system. Despite system administrators efforts to eliminate the program, the infection continued to attack and spread to other sites across the United States.

This RFC provides a glimpse at the infection, its festering, and cure. The impact of the worm on the Internet community, ethics statements, the role of the news media, crime in the computer world, and future prevention will be discussed. A documentation review presents four publications that describe in detail this particular parasitic computer program. Reference and bibliography sections are also included in this memo.

1. The Infection

Sandworms, ya hate 'em, right??

Michael Keaton, Beetlejuice

Defining "worm" versus "virus"

A "worm" is a program that can run independently, will consume the resources of its host from within in order to maintain itself, and can propagate a complete working version of itself on to other machines.

A "virus" is a piece of code that inserts itself into a host, including operating systems, to propagate. It cannot run independently. It requires that its host program be run to activate it.

In the early stages of the helminthiasis, the news media popularly cited the Internet worm to be a "virus", which was attributed to an early conclusion of some in the computer community before a specimen of the worm could be extracted and dissected. There are some computer scientists that still argue over what to call the affliction. In this RFC, we use the term, "worm".

1.1 Infection - The Worm Attacks

The worm specifically and only made successful attacks on SUN workstations and VAXes running Berkeley UNIX code.

The Internet worm relied on the several known access loopholes in order to propagate over networks. It relied on implementation errors in two network programs: sendmail and fingerd.

Sendmail is a program that implements the Internet's electronic mail services (routing and delivery) interacting with remote sites [1, 2]. The feature in sendmail that was violated was a non-standard "debug" command. The worm propagated itself via the debug command into remote hosts. As the worm installed itself in a new host the new instance began self-replicating.

Fingerd is a utility program that is intended to help remote Internet users by supplying public information about other Internet users. This can be in the form of identification of the full name of, or login name of any local user, whether or not they are logged in at the time (see the Finger Protocol [3]).

Using fingerd, the worm initiated a memory overflow situation by sending too many characters for fingerd to accommodate (in the gets library routine). Upon overflowing the storage space, the worm was able to execute a small arbitrary program. Only 4.3BSD VAX machines suffered from this attack.

Another of the worm's methods was to exploit the "trusted host features" often used in local networks to propagate (using rexec and rsh).

It also infected machines in /etc/hosts.equiv, machines in /.rhosts, machines in cracked accounts' .forward files, machines cracked accounts' .rhosts files, machines listed as network gateways in routing tables, machines at the far end of point-to-point interfaces, and other machines at randomly guessed addresses on networks of first hop gateways.

The Internet worm was also able to infect systems using guessed passwords, typically spreading itself within local networks by this method. It tried to guess passwords, and upon gaining access, the worm was able to pose as a legitimate user.

1.2 Festering - Password Cracking

The worm festered by going into a password cracking phase, attempting to access accounts with obvious passwords (using clues readily available in the /etc/passwd file), such as: none at all, the user name, the user name appended to itself, the "nickname", the last name, the last name spelled backwards. It also tried breaking into into accounts with passwords from a personalized 432 word dictionary, and accounts with passwords in /usr/dict/words.

Most users encountered a slowing of their programs, as the systems became overloaded trying to run many copies of the worm program, or a lack of file space if many copies of the worm's temporary files existed concurrently. Actually, the worm was very careful to hide itself and leave little evidence of its passage through a system. The users at the infected sites may have seen strange files that showed up in the /usr/tmp directories of some machines and obscure messages appeared in the log files of sendmail.

1.3 The Cure

Teams of computer science students and staff worked feverishly to understand the worm. The key was seen to get a source (C language) version of the program. Since the only isolated instances of the the worm were binary code, a major effort was made to translate back to source, that is decompile the code, and to study just what damage the worm was capable of. Two specific teams emerged in the battle against the Internet worm: the Berkeley Team and the MIT team. They communicated and exchanged code extensively. Both teams were able to scrutinize it and take immediate action on a cure and prevent reinfection. Just like regular medical Doctors, the teams searched, found and isolated a worm specimen which they could study. Upon analyzing the specimen and the elements of its design, they set about to develop methods to treat and defeat it. Through the use of the "old boy network" of UNIX system wizards (to find out something, one asks an associate or friend if they know the answer or who else they could refer to to find out the answer), email and phone calls were extensively used to alert the computer world of the program patches that could be used at sites to close the sendmail hole and fingerd holes. Once the information was disseminated to the sites and these holes were patched, the Internet worm was stopped. It could not reinfect the same computers again, unless the worm was still sitting in an infected trusted host computer.

The Internet worm was eliminated from most computers within 48-72 hours after it had appeared, specifically through the efforts of computer science staffs at the University research centers. Government and Commercial agencies apparently were slow in coming around to recognizing the helminthiasis and eradicating it.

2. Impact

Off with his head!!!

The Red Queen, Alice in Wonderland


Two lines have been drawn in the computer community in the aftermath of the Internet worm of November 1988. One group contends that the release of the worm program was a naive accident, and that the worm "escaped" during testing. Yet, when the worm program was unleashed, it was obvious it was spreading unchecked. Another group argues that the worm was deliberately released to blatantly point out security defects to a community that was aware of the problems, but were complacent about fixing them. Yet, one does not necessarily need to deliberately disrupt the entire world in order to report a problem.

Both groups agree that the community cannot condone worm infestation whether "experimental" or "deliberate" as a means to heighten public awareness, as the consequences of such irresponsible acts can be devastating. Meanwhile, several in the news media stated that the author of the worm did the computer community a favor by exposing the security flaws, and that bugs and security flaws will not get fixed without such drastic measures as the Internet worm program.

In the short term, the worm program did heighten the computer community's awareness of security flaws. Also, the "old boy network" proved it was still alive and well! While networking and computers as a whole have grown by leaps and bounds in the last twenty years, the Internet community still has the "old boys" who trust and communicate well with each other in the face of adversity.

In the long term, all results of the helminthiasis are not complete. Many sites have either placed restrictions on access to their machines, and a few have chosen to remove themselves from the Internet entirely. The legal consequences of the Internet worm program as a computer crime are still pending, and may stay in that condition into the next decade.

Yet, the problem of computer crime is, on a layman's level, a social one. Legal statutes, which notoriously are legislated after the fact, are only one element of the solution. Development of enforceable ethical standards that are universally agreed on in the computer community, coupled with enforceable laws should help eradicate computer crime.

3. Ethics and the Internet

If you're going to play the game properly, you'd better know every rule.

Barbara Jordan


Ethical behavior is that of conforming to accepted professional standards of conduct; dealing with what is good or bad within a set of moral principles or values. Up until recently, most computer professionals and groups have not been overly concerned with questions of ethics.

Organizations and computer professional groups have recently, in the aftermath of the Internet worm, issued their own "Statement of Ethics". Ethics statements published by the Internet Activities Board (IAB), the National Science Foundation (NSF), the Massachusetts Institute of Technology (MIT), and the Computer Professionals for Social Responsibility (CPSR) are discussed below.

3.1 The IAB

The IAB issued a statement of policy concerning the proper use of the resources of the Internet in January, 1989 [4] (and reprinted in the Communications of the ACM, June 1989). An excerpt:

The Internet is a national facility whose utility is largely a consequence of its wide availability and accessibility. Irresponsible use of this critical resource poses an enormous threat to its continued availability to the technical community.

The U.S. Government sponsors of this system have a fiduciary responsibility to the public to allocate government resources wisely and effectively. Justification for the support of this system suffers when highly disruptive abuses occur. Access to and use of the Internet is a privilege and should be treated as such by all users of this system.

The IAB strongly endorses the view of the Division Advisory Panel of the National Science Foundation Division of Network, Communications Research and Infrastructure which, in paraphrase, characterized as unethical and unacceptable any activity which purposely:

  1. seeks to gain unauthorized access to the resources of the Internet,
  2. disrupts the intended use of the Internet,
  3. wastes resources (people, capacity, computer) through such actions,
  4. destroys the integrity of computer-based information, and/or
  5. compromises the privacy of users.

The Internet exists in the general research milieu. Portions of it continue to be used to support research and experimentation on networking. Because experimentation on the Internet has the potential to affect all of its components and users, researchers have the responsibility to exercise great caution in the conduct of their work. Negligence in the conduct of Internet-wide experiments is both irresponsible and unacceptable.

The IAB plans to take whatever actions it can, in concert with Federal agencies and other interested parties, to identify and to set up technical and procedural mechanisms to make the Internet more resistant to disruption. Such security, however, may be extremely expensive and may be counterproductive if it inhibits the free flow of information which makes the Internet so valuable. In the final analysis, the health and well-being of the Internet is the responsibility of its users who must, uniformly, guard against abuses which disrupt the system and threaten its long-term viability.

3.2 NSF

The NSF issued an ethical network use statement on 30 November 1988, during the regular meeting of the Division Advisory Panel for Networking and Communications Research and Infrastructure (and reprinted in the Communications of the ACM (June of 1989) [5]), that stated, in part:

The Division Advisory Panel (DAP) of the NSF Division of Networking and Communication Research and Infrastructure (DNCRI) deplores lapses of ethical behavior which cause disruption to our national network resources. Industry, government, and academe have established computer networks in support of research and scholarship. Recent events have accentuated the importance of establishing community standards for the ethical use of networks. In this regard, the DNCRI DAP defines as unethical any activity which purposefully or through negligence:

  1. disrupts the intended use of the networks,
  2. wastes resources through such actions (people, bandwidth or computer),
  3. destroys the integrity of computer-based information,
  4. compromises the privacy of users,
  5. consumes unplanned resources for control and eradication.

We encourage organizations managing and operating networks to adopt and publicize policies and standards for ethical behavior. We also encourage these organizations to adopt administrative procedures to enforce appropriate disciplinary responses to violations and to work with appropriate bodies on drafting legislation in this area.

3.3 MIT

MIT issued a statement of ethics entitled, "Teaching Students About Responsible Use of Computers" in 1985-1986 (and reprinted in the Communications of the ACM (June 1989) [6]). The official statement of ethics specifically outlined MIT's position on the intended use, privacy and security, system integrity, and intellectual property rights.

Those standards, outlined in the MIT Bulletin under academic procedures, call for all members of the community to act in a responsible, ethical, and professional way. The members of the MIT community also carry the responsibility to use the system in accordance with MIT's standards of honesty and personal conduct.

3.4 CPSR

The CPSR issued a statement on the Computer Virus in November 1988 (and reprinted in the Communications of the ACM (June 1989) [7]). The CPSR believes:

The incident should prompt critical review of our dependence on complex computer networks, particularly for military and defense-related function. The flaws that permitted the recent virus to spread will eventually be fixed, but other flaws will remain. Security loopholes are inevitable in any computer network and are prevalent in those that support general-purpose computing and are widely accessible.

An effective way to correct known security flaws is to publish descriptions of the flaws so that they can be corrected. We therefore view the effort to conceal technical descriptions of the recent virus as short-sighted.

CPSR believes that innovation, creativity, and the open exchange of ideas are the ingredients of scientific advancement and technological achievement. Computer networks, such as the Internet, facilitate this exchange. We cannot afford policies that might restrict the ability of computer researchers to exchange their ideas with one another. More secure networks, such as military and financial networks, sharply restrict access and offer limited functionality. Government, industry, and the university community should support the continued development of network technology that provides open access to many users.

The computer virus has sent a clear warning to the computing community and to society at large. We hope it will provoke a long overdue public discussion about the vulnerabilities of computer networks, and the technological, ethical, and legal choices we must address.

4. The Role of the Media

You don't worry about whether or not they've written it, you worry whether or not they've read it before they go on the air.

Linda Ellerbee, the Pat Sajak Show.


Airplane accidents, Pit Bulldog attacks, drought, disease...the media is there...whether you want them there or not. Predictably, some members of the press grabbed on to the worm invasion of the Internet and sensationalized the outbreak. Sites were named (including sites like NASA Ames and Lawrence Livermore) and pointed to as being "violated". Questions of computer security were rampant. Questions of national security appropriately followed. The alleged perpetrator of the worm tended to be thought of by the press as a "genius" or a "hero".

During the helminthiasis of the Internet, handling this news media "invasion", was critical. It's akin to trying to extinguish a major brush fire with a news reporter and a microphone in your way. Time is of the essence. The U.C. Berkeley group, among others, reported that it was a problem to get work accomplished with the press hounding them incessantly. At MIT, their news office was commended in doing their job of keeping the press informed and satisfied, yet out of the way of the students and staff working on the a cure.

What is an appropriate response?? At MIT, even a carefully worded "technical" statement to the press resulted in very few coherent press releases on the Internet worm. Extrapolation and "flavoring" by the press were common. According to Eichin and Rochlis, "We were unable to show the T.V. crew anything "visual" caused by the virus, something which eventually become a common media request and disappointment. Instead, they settled for people looking at workstations talking 'computer talk'." [10]

Cornell University was very critical of the press in their report to the Provost: "The Commission suggests that media exaggeration of the value and technical sophistication of this kind of activity obscures the far more accomplished work of those students who complete their graduate studies without public fanfare; who make constructive contributions to computer sciences and the advancement of knowledge through their patiently constructed dissertation; and who subject their work to the close scrutiny and evaluation of their peers, and not to the interpretations of the popular press." [9]

5. Crime in the Computer World

A recent survey by the American Bar Association found that almost one-half of those companies and Government agencies that responded had been victimized by some form of computer crime. The known financial loss from those crimes was estimated as high as $730 million, and the report concluded that computer crime is among the worst white-collar offenses.

The Computer Fraud and Abuse Act of 1986


The term White Collar crime was first used by Edwin Sutherland, a noted American criminologist, in 1939. Sutherland contended that the popular view of crime as primarily a lower class (Blue Collar) activity was based on the failure to consider the activities of the robber barons and captains of industry who violated the law with virtual impunity.

In this day and age, White Collar crime refers to violations of the law committed by salaried or professional persons in conjunction with their work. Computer crimes are identified and included in this classification. Yet, law enforcement agencies have historically paid little attention to this new phenomenon. When a trial and conviction does occur, it's resulted more often in a fine and probation, than a prison term. A shift became apparent in the late 1970s, when the FBI's ABSCAM investigation (1978-80) resulted in the conviction of several U.S. legislators for bribery and related charges.

The legal implication of the Internet worm program as a computer crime is still pending, as there are few cases to rely on. On the Federal level, HR-6061, "The Computer Virus Eradication Act of 1988" (Herger & Carr) was introduced in the U.S. House of Representatives. On the State level, several states are considering their own statutes. Time will tell.

Meanwhile, computer network security is still allegedly being compromised, as described in a recent DDN Security Bulletin [12].

6. Future Prevention

This is a pretty kettle of fish.

Queen Mary to Stanley Baldwin at the time of Edward VII's abdication


What roles can the computer community as a whole, play in preventing such outbreaks? Why were many people aware of the debug problem in the sendmail program and the overflow problem in fingerd, yet, appropriate fixes were not installed in existing systems?

Various opinions have emerged:

  1. Computer ethics must be taken seriously. A standard for computer ethics is extremely important for the new groups of computer professionals graduating out of Universities. The "old" professionals and "new" professionals who use computers are ALL responsible for their applications.
  2. The "powers that be" of the Internet (IAB, DARPA, NSF, etc.) should pursue the current problems in network security, and cause the flaws to be fixed.
  3. The openness and free flow of information of networking should be rightfully preserved, as it demonstrated its worth during the helminthiasis by expediting the analysis and cure of the infestation.
  4. Promote and coordinate the establishment of committees or agency "police" panels that would handle, judge, and enforce violations based on a universally set standard of computer ethics.
  5. The continued incidences of "computer crime" show a lack of professionalism and ethical standards in the computer community. Ethics statements like those discussed in this RFC, not only need to be published, but enforced as well. There is a continuing need to instill a professional code of ethics and responsibilities in order to preserve the computer community.

7. Documentation Review

Everybody wants to get into the act!

Jimmy Durante


Quite a number of articles and papers were published very soon after the worm invasion. Books, articles, and other documents are continuing to be written and published on the subject (see Section 9, Bibliography). In this RFC, we have chosen four to review: The Cornell University Report on "The Computer Worm" [8], presented to the Provost of the University, Eichin and Rochlis' "With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988" [9], Donn Seeley's "A Tour of the Worm" [10], and Gene Spafford's, "The Internet Worm Program: An Analysis" [11].

7.1 The Cornell University Report

The Cornell University Report on "The Computer Worm", was presented to the Provost of the University on 6 February 1989, by the Commission of Preliminary Enquiry, consisting of: Ted Eisenberg, Law, David Gries, Computer Science, Juris Hartmanis, Computer Science, Don Holcomb, Physics, M. Stuart Lynn, Office of Information Technologies (Chair), and Thomas Santoro, Office of the University Counsel.

An introduction set the stage of the intent and purpose of the Commission:

  1. Accumulate all evidence concerning the involvement of the alleged Cornell University Computer Science graduate student in the worm infestation of the Internet, and to assess the gathered evidence to determine the alleged graduate student was the perpetrator.
  2. Accumulate all evidence concerning the potential involvement of any other members of the Cornell University community, and to assess such evidence to determine whether or not any other members of the Cornell University community was involved in unleashing the worm on to the Internet, or knew of the potential worm infestation ahead of time.
  3. Evaluate relevant computer policies and procedures to determine which, if any, were violated and to make preliminary recommendations to the Provost as to whether any of such policies and procedures should be modified to inhibit potential future security violations of this general type.

In the summary of findings and comments, the Commission named the Cornell University first year Computer Science graduate student that allegedly created the worm and unleashed it on to the Internet. The findings section also discussed:

  1. the impact of the invasion of the worm,
  2. the mitigation attempts to stop the worm,
  3. the violation of computer abuse policies,
  4. the intent,
  5. security attitudes and knowledge,
  6. technical sophistication,
  7. Cornell's involvement,
  8. ethical considerations,
  9. community sentiment,
  10. and Cornell University's policies on computer abuse.

The report concluded that the worm program's gathering of unauthorized passwords and the dissemination of the worm over a national network were wrong. The Commission also disclaimed that contrary to media reports, Cornell University DID NOT condone the worm infection, nor heralded the unleashing of the worm program as a heroic event. The Commission did continue to encourage the free flow of scholarly research and reasonable trust within the University/Research communities.

A background on the worm program, methods of investigation, an introduction to the evidence, an interpretation and findings, acknowledgements, and an extensive appendices were also included in the Commission's report.

7.2 "With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988"

Eichin and Rochlis' "With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988", provides a detailed dissection of the worm program. The paper discusses the major points of the worm program then reviews strategies, chronology, lessons and open issues, acknowledgements; also included are a detailed appendix on the worm program subroutine by subroutine, an appendix on the cast of characters, and a reference section.

A discussion of the terms "worm" versus "virus" is presented. These authors concluded that it was a "virus" infection, not worm infection. Thus they use the term "virus" in their document. In Section 1, goals and targets by the teams of computer scientists were defined. There were three steps taken to find out the inner workings of the virus:

Major points were outlined of how the virus attacked and who it attacked:

In Section 2, the target of the attacks by the virus were discussed. This included the sendmail debug mode, the finger daemon bug, rexec and passwords, rsh, trusted host features, and information flow. A description of the virus' self protection included how it covered its tracks, and what camouflage it used to go undetected to the machines and system administrators. Flaws were analyzed in three subjects: reinfection prevention, heuristics, and vulnerabilities not used.

Many defenses were launched to stop the virus. Some were convenient or inconvenient for end users of the infected systems. Those mentioned in this document included:

After the virus was diagnosed, a tool was created which duplicated the password attack (including the virus' internal directory) and was posted to the Internet. System administrators were able to analyze the passwords in use on their system.

Section 3 chronicles the events that took place between Wednesday, 2 November 1988 through Friday, 11 November 1988 (EST). In Section 4, lessons and open issues are viewed and discussed:

General points for the future:

Appendix A describes the virus program subroutine by subroutine. A flow of information among the subroutines is pictured on page 19. Appendix B presents the 432 words built in the worm's dictionary. Appendix C lists the "cast of characters" in defeating the virus.

7.3 "A Tour of the Worm"

In Donn Seeley's "A Tour of the Worm", specific details were presented as a "walk thru" of this particular worm program. The paper opened with an abstract, introduction, detailed chronology of events upon the discovery of the worm, an overview, the internals of the worm, personal opinions, and conclusion.

The chronology section presented a partial list representing the current known dates and times (in PST). In the descriptive overview, the worm is defined as a 99-line bootstrap program written in the C language, plus a large relocatable object file that was available in VAX and various Sun-3 versions. Seeley classified activities of the worm into two categories of attack and defense. Attack consisted of locating hosts (and accounts) to penetrate, then exploiting security holes on remote systems to pass across a copy of the worm and run it. The defense tactics fell into three categories: preventing the detection of intrusion, inhibiting the analysis of the program, and authenticating other worms. When analyzing this particular program, Seeley stated that it is just as important to establish what the program DOES NOT do, as what it does do:

and

In section 4, the "internals" of the worm were examined and charted. The main thread of control in the worm was analyzed, then an examination of the worm's data structure was presented. Population growth of the worm, security holes, the worms' use of rsh and rexec network services, the use of the TCP finger service to gain entry to a system, and the sendmail attack are discussed. Password cracking and faster password encryption algorithms are discussed.

In the opinions section, certain questions that a "mythical ordinary system administrator" might ask were discussed:

7.4 "The Internet Worm Program: An Analysis"

Gene Spafford's "The Internet Worm Program: An Analysis", described the infection of the Internet as a worm program that exploited flaws in utility programs in UNIX based systems. His report gives a detailed description of the components of the worm program: data and functions. He focuses his study on two completely independent reverse-compilations of the worm and a version disassembled to VAX assembly language.

In Section 4, Spafford provided a high-level example of how the worm program functioned. The worm consisted of two parts: a main program, and a bootstrap (or vector) program. A description from the point of view of a host that was infected was presented.

Section 5 describes the data structures and organization of the routines of the program:

  1. The worm had few global data structures.
  2. The worm constructed a linked list of host records.
  3. The worm constructed a simple array of gateway IP addresses through the use of the system "netstat" command.
  4. An array of records was filled in with information about each network interface active on the current host.
  5. A linked list of records was built to hold user information.
  6. The program maintained an array of "object" that held the files that composed the worm.
  7. A mini-dictionary of words was present in the worm to use in password guessing.
  8. Every text string used by the program, except for the words in the mini-dictionary, was masked (XOR) with the bit pattern 0x81.
  9. The worm used the following routines:
    setup and utility:
    main, doit, crypt, h_addaddr, h_addname, h_addr2host, h_clean, h_name2host, if_init, loadobject, makemagic, netmastfor, permute, rt_init, supports_rsh, and supports_telnet
    network and password attacks:
    attack_network, attack_user, crack_0, crack_1, crack_2, crack_3, cracksome, ha, hg, hi, hl, hul, infect, scan_gateways, sendWorm, try_fingerd, try_password, try_rsh, try_sendmail, and waithit
    Camouflage:
    checkother, other_sleep, send_message, and xorbuf

In Section 6, Spafford provides an analysis of the code of the worm. He discusses the structure and style, the problems of functionality, camouflage, specific comments, the sendmail attack, the machines involved, and the portability considerations.

Finally, appendices supply the "mini-dictionary" of words contained in the worm, the bootstrap (vector) program that the worm traversed over to each machine, a corrected fingerd program, and the patches developed and invoked to sendmail to rectify the infection.

8. References

  1. Allman, E., "Sendmail - An Internetwork Mail Router", University of California, Berkeley, Issued with the BSD UNIX documentation set, 1983.
  2. Postel, J., "Simple Mail Transfer Protocol", RFC 821, USC/Information Sciences Institute, August 1982.
  3. Harrenstien, K., "NAME/FINGER", RFC 742, SRI, December 1977.
  4. Internet Activities Board, "Ethics and the Internet", RFC 1087, IAB, January 1989. Also appears in the Communications of the ACM, Vol. 32, No. 6, Pg. 710, June 1989.
  5. National Science Foundation, "NSF Poses Code of Networking Ethics", Communications of the ACM, Vol. 32, No. 6, Pg. 688, June 1989. Also appears in the minutes of the regular meeting of the Division Advisory Panel for Networking and Communications Research and Infrastructure, Dave Farber, Chair, November 29-30 1988.
  6. Massachusetts Institute of Technology, "Teaching Students About Responsible Use of Computers", MIT, 1985-1986. Also reprinted in the Communications of the ACM, Vol. 32, No. 6, Pg. 704, Athena Project, MIT, June 1989.
  7. Computer Professionals for Social Responsibility, "CPSR Statement on the Computer Virus", CPSR, Communications of the ACM, Vol. 32, No. 6, Pg. 699, June 1989.
  8. Eisenberg, T., D. Gries, J. Hartmanis, D. Holcomb, M. Lynn, and T. Santoro, "The Computer Worm", Cornell University, 6 February 1989.
  9. Eichin, M., and J. Rochlis, "With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988", Massachusetts Institute of Technology, February 1989.
  10. Seeley, D., "A Tour of the Worm", Proceedings of 1989 Winter USENIX Conference, Usenix Association, San Diego, CA, February 1989.
  11. Spafford, E., "The Internet Worm Program: An Analysis", Computer Communication Review, Vol. 19, No. 1, ACM SIGCOM, January 1989. Also issued as Purdue CS Technical Report CSD-TR-823, 28 November 1988.
  12. DCA DDN Defense Communications System, "DDN Security Bulletin 03", DDN Security Coordination Center, 17 October 1989.

9. Bibliography

10. Security Considerations

If security considerations had not been so widely ignored in the Internet, this memo would not have been possible.

Author's Address

Joyce K. Reynolds
University of Southern California
Information Sciences Institute
4676 Admiralty Way
Marina del Rey, CA 90292
Phone: (213) 822-1511
EMail: JKREY@ISI.EDU
[Back to index] [Comments (0)]
deenesitfrplruua