Description
The 1988 Internet
Worm was the first major worldwide computer security incident
where malware
(software that is malicious) propagated throughout the internet.
This worm infected Unix servers, taking advantage of different
types of vulnerability in installed code such as Sendmail
and finger. The lessons from that incident are still valid
and, surprisingly perhaps, the vulnerabilities identified
that allowed the worm to cause such problems are still present
in some modern software.
Use in teaching
I
supplement the book chapters on critical systems with discussions
on other topics, including security. This case study shows how
worms can propagate by taking advantage of security vulnerabilities
and how availability and security are closely related topics.
Related chapters
Chapter
3: Dependability
Chapter 9: Dependable systems specification
Supporting
documents
The incident
was documented in a paper in Communications of the ACM, 'The
Internet Worm: Crisis and Aftermath'. by Gene Spafford. (Comm
ACM, 32 (6), June 1989 - accessible to ACM Digital Library
members).
Overview
of the Internet Worm
My Powerpoint
presentation giving an overview of the security incident.
Download the PDF from here.
Incident
analysis
This
is a detailed analysis of the 1988 Internet Worm incident
by researchers at MIT. It was the basis for a published
paper on the incident in Communications of the ACM in July
1989.
The
Internet archive of the message first reporting the incident
Messages
generated as system managers discussed how to handle the worm
A more
recent major security incident occurred in 2001 when the
'Code Red' worm struck a large number of Internet servers.
This exploited a similar vulnerability (no array bound checking
in C resulting in buffer overflow) to that exploited by
the original worm. This is a link to the description of
the problem in Communciations of the ACM.
The
Code Red Worm
|
