http:^^www.columbia.edu^~cs1003^handouts^rfc1135

This data set contains WWW-pages collected from computer science departments of various universities

                      sendWorm, try_fingerd, try_password,
                      try_rsh, try_sendmail, and waithit



Reynolds                                                       [Page 17]

RFC 1135           The Helminthiasis of the Internet       December 1989


              Camouflage:
                      checkother, other_sleep, send_message,
                      and xorbuf

   In Section 6, Spafford provides an analysis of the code of the worm.
   He discusses the structure and style, the problems of functionality,
   camouflage, specific comments, the sendmail attack, the machines
   involved, and the portability considerations.

   Finally, appendices supply the "mini-dictionary" of words contained
   in the worm, the bootstrap (vector) program that the worm traversed
   over to each machine, a corrected fingerd program, and the patches
   developed and invoked to sendmail to rectify the infection.

8.  References

   [1]  Allman, E., "Sendmail - An Internetwork Mail Router", University
        of California, Berkeley, Issued with the BSD UNIX documentation
        set, 1983.

   [2]  Postel, J., "Simple Mail Transfer Protocol", RFC 821,
        USC/Information Sciences Institute, August 1982.

   [3]  Harrenstien, K., "NAME/FINGER", RFC 742, SRI, December 1977.

   [4]  Internet Activities Board, "Ethics and the Internet", RFC 1087,
        IAB, January 1989.  Also appears in the Communications of the
        ACM, Vol. 32, No. 6, Pg. 710, June 1989.

   [5]  National Science Foundation, "NSF Poses Code of Networking
        Ethics", Communications of the ACM, Vol. 32, No. 6, Pg. 688,
        June 1989.  Also appears in the minutes of the regular meeting
        of the Division Advisory Panel for Networking and Communications
        Research and Infrastructure, Dave Farber, Chair, November 29-30
        1988.

   [6]  Massachusetts Institute of Technology, "Teaching Students About
        Responsible Use of Computers", MIT, 1985-1986.  Also reprinted
        in the Communications of the ACM, Vol. 32, No. 6, Pg. 704,
        Athena Project, MIT, June 1989.

   [7]  Computer Professionals for Social Responsibility, "CPSR
        Statement on the Computer Virus", CPSR, Communications of the
        ACM, Vol. 32, No. 6, Pg. 699, June 1989.

   [8]  Eisenberg, T., D. Gries, J. Hartmanis, D. Holcomb, M. Lynn, and
        T. Santoro, "The Computer Worm", Cornell University, 6 February
        1989.



Reynolds                                                       [Page 18]

RFC 1135           The Helminthiasis of the Internet       December 1989


   [9]  Eichin, M., and J. Rochlis, "With Microscope and Tweezers: An
        Analysis of the Internet Virus of November 1988", Massachusetts
        Institute of Technology, February 1989.

  [10]  Seeley, D., "A Tour of the Worm", Proceedings of 1989 Winter
        USENIX Conference, Usenix Association, San Diego, CA, February
        1989.

  [11]  Spafford, E., "The Internet Worm Program: An Analysis", Computer
        Communication Review, Vol. 19, No. 1, ACM SIGCOM, January 1989.
        Also issued as Purdue CS Technical Report CSD-TR-823, 28
        November 1988.

  [12]  DCA DDN Defense Communications System, "DDN Security Bulletin
        03", DDN Security Coordination Center, 17 October 1989.

9.  Bibliography

   Alexander, M., "A Year Later, Internet Still Under Attack",
   Computerworld, Vol. 23, No. 45, Pg. 1, 6 November 1989.

   Alexander, M., "It's Ba-a-ack: 'No Nukes Worm' Haunts Internet", Vol.
   23, No. 45, Pg. 6, 6 November 1989.

   Aucoin, R., "Computer Viruses: Checklist for Recovery", Computers in
   Libraries, Vol. 9, No. 2, Pg. 4, 1 February 1989.

   Aviation Week & Space Technology, "Rapid Spread of Virus Confirms
   Fears About Danger to Computers", Aviation Week & Space Technology,
   Vol. 129, No. 20, Pg. 44, 14 November 1988.

   Barnes, J., "Drawing the Lines: Changes in Computer Technology and
   Law Guarantee that Resdistricting in ther 1990s will be Different and
   a More Difficult Game", National Journal, Vol. 21, No. 13, Pg. 787, 1
   April 1989.

   Bellovin, S., "Security Problems in the TCP/IP Protocol Suite",
   Computer Communication Review, Vol. 19, No. 2, Pg. 32, 1 April 1989.

   Bellovin, S., "The Worm and the Debug Option", Forum Risks to the
   Publics in Computer and Related Systems, Vol. 7, No. 74, ACM
   Committee on Computers and Public Policy, 10 November 1988.

   Bender, D., "Computer Law: Evidence and Procedure", (Kept up to date
   with supplements.), M. Bender, New York, NY, 1978-present.

   Bidgoli, H., and R. Azarmsa, "Computer Security: New Managerial
   Concern for the 1990's and Beyond", Journal of Systems Management,



Reynolds                                                       [Page 19]

RFC 1135           The Helminthiasis of the Internet       December 1989


   Vol. 40, No. 10, Pg. 21, 1 October 1989.

   Bloombecker, J., "Short-Circuiting Computer Crime", Datamation, Vol.
   35, No. 19, Pg. 71, 1 October 1989.

   Bloombecker, J., and J. Buck, "Computer Ethics for Cynics", Computers
   and Society, Vol. 18, No. 3, Pgs. 30-32, ACM Special Interest Group
   on Computers and Society, New York, NY, July 1988.

   Bologna, J. "Computer Insecurities: An Analysis of Recent Surveys on
   Computer Related Crime and Computer Security", Data Processing &
   Communications Security, Vol. 12, No. 4, Fall 1988.

   Bologna, J. "The One Minute Fraud Auditor", Computers & Security,
   Vol. 8, No. 1, Pg. 29, 1 February 1989.

   Boston Herald, "Computer Whiz Puts Virus in Computers", Pg. 1, Boston
   Herald, 5 November 1988.

   Brand, R., "Attack of the Tiger Teams: Inside America's Computer
   Security Crisis", Tempus Books, August 1989.

   Brenner, A., "LAN Security", LAN Magazine, August 1989.

   Brunner, J., "The Shockwave Rider", Harper & Row, 1975.

   Burger, R., "Computer Viruses: A High-Tech Disease", 2nd Edition,
   Abacus, Grand Rapids, Michigan, 1988.

   Campbell, B., and C. Jackson, "The Internet Worm: Rethinking the
   Security Threat", Unisphere, Vol. 9, No. 1, Pgs. 44, 46, 48, April
   1989.

   Campell, D., "Computer Contagion", Security Management, Vol. 32, No.
   10, Pg. 83, 1 October 1988.

   Chain Store Age Executive, "Retail Technology: Computer 'Viruses'",
   Chain Store Age Executive, Vol. 64, No. 12, Pg. 67, 1 December 1989.

   Chess, D., "Computer Viruses and Related Threats to Computer and
   Network Integrity", Computer Networks and ISDN Systems, Vol. 17, No.
   2, 1989.

   Christiansen, D., "A Matter of Ethics", IEEE Spectrum, Vol. 25, Pg.
   15, August 1988.

   Cohen, F., "Computational Aspects of Computer Viruses", Computers &
   Security, Vol. 8, No. 4., Pg. 325, 1 June 1989.



Reynolds                                                       [Page 20]

RFC 1135           The Helminthiasis of the Internet       December 1989


   Cohen, F., "Models of Practical Defenses Against Computer Viruses",
   Computers & Security, Vol. 8, No. 2, Pg. 149, 1 April 1989.

   Colyer, J., "Risks of Unchecked Input in C Programs", Forum Risks to
   the Publics in Computer and Related Systems, Vol. 7, No. 74, ACM
   Committee on Computers and Public Policy, 10 November 1988.

   Commerce Clearing House, "Guide to Computer Law", (Topical Law
   Reports), Chicago, Ill., 1989.

   Communications of the ACM, "Letters", ACM Forum, Vol. 32, No. 6, Pgs.
   672-673, June 1989.

   Communications of the ACM, "Letters", ACM Forum, Vol. 32, No. 9, Pgs.
   1044-1045, September 1989.

   Computers & Security, "Random Bits & Bytes", Computers & Security,
   Vol. 8, No. 3, Pg. 178, 1 May 1989.

   Computer Law and Tax Report, "Difficult to Prosecute Virus Authors",
   Computer Law and Tax Report, Vol. 15, No. 5, Pg. 7, 1 December 1988.

   Computer Law and Tax Report, "Virus Bill Introduced", Computer Law
   and Tax Report, Vol. 15, No. 4, Pg. 13, 1 November 1988.

   Computerworld, "MIS Reacts", Pg. 157, 7 November 1988.

   Cornell Computer Science Department, "Policy for the Use of the
   Research Computing Facility", Cornell University, 21 August, 1987.

   Data Communications, "Internet Virus Aftermath: Is Tighter Security
   Coming?", Data Communications, Vol. 17, No. 14, Pg. 52, 1 December
   1988.

   Dean, P., "Was Science-fiction Novel Germ of a Computer Virus?", Los
   Angeles Times, San Diego County Edition, Part V, Pgs. 1, 2, & 3, 9
   November 1988.

   DeBow, Y., "Bankers Review Security Procedures After Virus Attack",
   Computer Banking, Vol. 6, No. 1, Pg. 8, January 1989.

   Defense Data Network, "BSD 4.2 and 4.3 Software Problem Resolution",
   DDN MGT Bulletin #43, DDN Network Information Center, 3 November
   1988.

   Demaio, H., "Viruses - A Management Issue", Computers & Security,
   Vol. 8, No. 5, Pg. 381, 1 August 1989.




Reynolds                                                       [Page 21]

RFC 1135           The Helminthiasis of the Internet       December 1989


   Denning, P., "The Science of Computing: The Internet Worm", American
   Scientist, Vol. 77, No. 2, Pgs. 126-128, March 1989.

   Devoy, J., Gilssmann, R., and K. Miklofsky, "Media, File Management
   Schemes Facilitate WORM Utilization", Computer Technology Review,
   Vol. 8, No. 13, Fall 1988.

   Dewdney, A., "Computer Recreations; Of Worms, Viruses and Core War",
   Scientific American, March 1989

   Discover, "Technology: Communicable Computer Disease", Discover, Vol.
   10, No. 1, Pg. 64, 1 January 1989.

   El-Baghdadi, M., "The Pivotal Role in Computer Security", Security
   Management, Vol. 33, No. 7, Pg. 63, 1 July 1989.

   Electronic Learning, "Computer Viruses: An Epidemic Real or
   Imagined?", Electronic Learning, Vol. 8, No. 6, April 1989.

   Eloff, J., "Computer Security Policy: Important Issues", Computers &
   Security, Vol. 7, No. 6, Pg. 559, 1 December 1988.

   Ellerbee, L., "And So It Goes", G.P. Putnam's Sons, Berkley Edition,
   June 1987.

   Ellis, A., "Underwriting Update-Computer Viruses: Working Out the
   Bugs", Best's Review, Vol. 90, No. 1, Pg. 84, 1 May 1989.

   Elmer-DeWitt, P., "Invasion of the Data Snatchers! - A 'Virus'
   Epidemic Strikes TERROR in the Computer World", Time Magazine,
   Technology Section, Pgs. 62-67, 26 September 1988.

   Elmer-DeWitt, P., "The Kid Put Us Out of Action", Time Magazine, Pg.
   76, 14 November 1988.

   Elmer-DeWitt, P., "You Must Be Punished", Time Magazine, Technology
   Section, Pg. 66, 26 September 1988.

   Fainberg, T., "The Night the Network Failed", New Scientist, Vol.
   121, No. 1654, Pg. 38, 4 March 1989.

   Fenwick, W., Chair, "Computer Litigation, 1985: Trial Tactics and
   Techniques", Litigation Course Handbook Series No. 280, Prepared for
   distribution at the Computer Litigation, 1985: Trial Tactics and
   Techniques Program, February-March 1985.

   Fifield, K., "Smartcards Outsmart Computer Crime", Computers &
   Security, Vol. 8, No. 3, May 1989.



Reynolds                                                       [Page 22]

RFC 1135           The Helminthiasis of the Internet       December 1989


   Fisher, L., "On the Front Lines in Battling Electronic Invader", The
   New York Times, November 1988.

   Fites, P., Johnston, P., and M. Kratz, "The Computer Virus Crisis",
   Van Nostrand Reinhold, New York, NY., 1989

   Forcht, K., Thomas, D., and K. Wigginton, "Computer Crime: Assessing
   the Lawyer's Perspective", Journal of Business Ethics, Vol. 8, No. 4
   April 1989.

   Friis, W., "Is Your PC Infected?", ABA Banking Journal, Vol. 81, No.
   5, Pg. 49, 1 May 1989.

   Gardner, E., Samuels, L., and B. Render, "Computer Security", The
   Journal of Information Systems Management, Vol. 6, No. 4, Pg. 42,
   Fall 1989.

   Gardner, P., "The Internet Worm: What Was Said and When", Computers &
   Security, Vol. 8, No. 4, June 1989.

   Gemignani, M., "Viruses and Criminal Law", Communications of the ACM,
   Vol. 32, No. 6, Pgs. 669-671, June 1989.

   Gerlth, J., "Intruders Into Computer Systems Still Hard to
   Prosecute", The New York Times, 5 November 1988.