As per Relevance of the word computer, we have this rfc below:
Network Working Group J.
Request for Comments: 1135
December 1989
The Helminthiasis of the
Status of this
This memo takes a look back at the helminthiasis (infestation with
or disease caused by parasitic worms) of the Internet that
unleashed the evening of 2 November 1988. This RFC
information about an event that occurred in the life of the Internet
This memo does not specify any standard. Distribution of this
is unlimited
----- "The obscure we see eventually, the
apparent takes longer." ----- Edward R.
The helminthiasis of the Internet was a self-replicating program
infected VAX computers and SUN-3 workstations running the 4.2 and 4.3
Berkeley UNIX code. It disrupted the operations of computers
accessing known security loopholes in applications closely
with the operating system. Despite system administrators efforts
eliminate the program, the infection continued to attack and
to other sites across the United States
This RFC provides a glimpse at the infection, its festering,
cure. The impact of the worm on the Internet community,
statements, the role of the news media, crime in the computer world
and future prevention will be discussed. A documentation
presents four publications that describe in detail this
parasitic computer program. Reference and bibliography sections
also included in this memo
1. The
----- "Sandworms, ya hate 'em, right??" -----
Keaton,
Defining "worm" versus "virus
A "worm" is a program that can run independently, will consume
resources of its host from within in order to maintain itself,
can propagate a complete working version of itself on to
machines
Reynolds [Page 1]
RFC 1135 The Helminthiasis of the Internet December 1989
A "virus" is a piece of code that inserts itself into a host
including operating systems, to propagate. It cannot
independently. It requires that its host program be run
activate it
In the early stages of the helminthiasis, the news media
cited the Internet worm to be a "virus", which was attributed
an early conclusion of some in the computer community before
specimen of the worm could be extracted and dissected. There
some computer scientists that still argue over what to call
affliction. In this RFC, we use the term, "worm".
1.1 Infection - The Worm
The worm specifically and only made successful attacks on
workstations and VAXes running Berkeley UNIX code
The Internet worm relied on the several known access loopholes
order to propagate over networks. It relied on
errors in two network programs: sendmail and fingerd
Sendmail is a program that implements the Internet's
mail services (routing and delivery) interacting with remote
[1, 2]. The feature in sendmail that was violated was a non
standard "debug" command. The worm propagated itself via
debug command into remote hosts. As the worm installed itself
a new host the new instance began self-replicating
Fingerd is a utility program that is intended to help
Internet users by supplying public information about
Internet users. This can be in the form of identification of
full name of, or login name of any local user, whether or not
are logged in at the time (see the Finger Protocol [3]).
Using fingerd, the worm initiated a memory overflow situation
sending too many characters for fingerd to accommodate (in
gets library routine). Upon overflowing the storage space,
worm was able to execute a small arbitrary program. Only 4.3
VAX machines suffered from this attack
Another of the worm's methods was to exploit the "trusted
features" often used in local networks to propagate (using
and rsh).
It also infected machines in /etc/hosts.equiv, machines
/.rhosts, machines in cracked accounts' .forward files,
cracked accounts' .rhosts files, machines listed as
gateways in routing tables, machines at the far end of point-to
Reynolds [Page 2]
RFC 1135 The Helminthiasis of the Internet December 1989
point interfaces, and other machines at randomly guessed
on networks of first hop gateways
The Internet worm was also able to infect systems using
passwords, typically spreading itself within local networks
this method. It tried to guess passwords, and upon
access, the worm was able to pose as a legitimate user
1.2 Festering - Password
The worm festered by going into a password cracking phase
attempting to access accounts with obvious passwords (using
readily available in the /etc/passwd file), such as: none at all
the user name, the user name appended to itself, the "nickname",
the last name, the last name spelled backwards. It also
breaking into into accounts with passwords from a personalized 432
word dictionary, and accounts with passwords in /usr/dict/words
Most users encountered a slowing of their programs, as the
became overloaded trying to run many copies of the worm program
or a lack of file space if many copies of the worm's
files existed concurrently. Actually, the worm was very
to hide itself and leave little evidence of its passage through
system. The users at the infected sites may have seen
files that showed up in the /usr/tmp directories of some
and obscure messages appeared in the log files of sendmail
1.3 The
Teams of computer science students and staff worked feverishly
understand the worm. The key was seen to get a source (
language) version of the program. Since the only
instances of the the worm were binary code, a major effort
made to translate back to source, that is decompile the code,
to study just what damage the worm was capable of. Two
teams emerged in the battle against the Internet worm:
Berkeley Team and the MIT team. They communicated and
code extensively. Both teams were able to scrutinize it and
immediate action on a cure and prevent reinfection. Just
regular medical Doctors, the teams searched, found and isolated
worm specimen which they could study. Upon analyzing the
and the elements of its design, they set about to develop
to treat and defeat it. Through the use of the "old boy network
of UNIX system wizards (to find out something, one asks
associate or friend if they know the answer or who else they
refer to to find out the answer), email and phone calls
extensively used to alert the computer world of the
patches that could be used at sites to close the sendmail hole
Reynolds [Page 3]
RFC 1135 The Helminthiasis of the Internet December 1989
fingerd holes. Once the information was disseminated to the
and these holes were patched, the Internet worm was stopped.
could not reinfect the same computers again, unless the worm
still sitting in an infected trusted host computer
The Internet worm was eliminated from most computers within 48-72
hours after it had appeared, specifically through the efforts
computer science staffs at the University research centers
Government and Commercial agencies apparently were slow in
around to recognizing the helminthiasis and eradicating it
2.
----- "Off with his head!!!" ----- The Red Queen
Alice in
Two lines have been drawn in the computer community in the
of the Internet worm of November 1988. One group contends that
release of the worm program was a naive accident, and that the
"escaped" during testing. Yet, when the worm program was unleashed
it was obvious it was spreading unchecked. Another group argues
the worm was deliberately released to blatantly point out
defects to a community that was aware of the problems, but
complacent about fixing them. Yet, one does not necessarily need
deliberately disrupt the entire world in order to report a problem
Both groups agree that the community cannot condone worm
whether "experimental" or "deliberate" as a means to heighten
awareness, as the consequences of such irresponsible acts can
devastating. Meanwhile, several in the news media stated that
author of the worm did the computer community a favor by exposing
security flaws, and that bugs and security flaws will not get
without such drastic measures as the Internet worm program
In the short term, the worm program did heighten the
community's awareness of security flaws. Also, the "old boy network
proved it was still alive and well! While networking and
as a whole have grown by leaps and bounds in the last twenty years
the Internet community still has the "old boys" who trust
communicate well with each other in the face of adversity
In the long term, all results of the helminthiasis are not complete
Many sites have either placed restrictions on access to
machines, and a few have chosen to remove themselves from
Internet entirely. The legal consequences of the Internet
program as a computer crime are still pending, and may stay in
condition into the next decade
Reynolds [Page 4]
RFC 1135 The Helminthiasis of the Internet December 1989
Yet, the problem of computer crime is, on a layman's level, a
one. Legal statutes, which notoriously are legislated after
fact, are only one element of the solution. Development
enforceable ethical standards that are universally agreed on in
computer community, coupled with enforceable laws should
eradicate computer crime
3. Ethics and the
----- "If you're going to play the game properly
you'd better know every rule." ----- Barbara
Ethical behavior is that of conforming to accepted
standards of conduct; dealing with what is good or bad within a
of moral principles or values. Up until recently, most
professionals and groups have not been overly concerned
questions of ethics
Organizations and computer professional groups have recently, in
aftermath of the Internet worm, issued their own "Statement
Ethics". Ethics statements published by the Internet
Board (IAB), the National Science Foundation (NSF), the
Institute of Technology (MIT), and the Computer Professionals
Social Responsibility (CPSR) are discussed below
3.1 The
The IAB issued a statement of policy concerning the proper use
the resources of the Internet in January, 1989 [4] (and
in the Communications of the ACM, June 1989). An excerpt
The Internet is a national facility whose utility is largely
consequence of its wide availability and accessibility
Irresponsible use of this critical resource poses an
threat to its continued availability to the technical community
The U.S. Government sponsors of this system have a
responsibility to the public to allocate government
wisely and effectively. Justification for the support of
system suffers when highly disruptive abuses occur. Access to
use of the Internet is a privilege and should be treated as
by all users of this system
The IAB strongly endorses the view of the Division Advisory
of the National Science Foundation Division of Network
Communications Research and Infrastructure which, in paraphrase
characterized as unethical and unacceptable any activity
purposely
Reynolds [Page 5]
RFC 1135 The Helminthiasis of the Internet December 1989
(a) seeks to gain unauthorized access to the resources of
Internet
(b) disrupts the intended use of the Internet
(c) wastes resources (people, capacity, computer) through
actions
(d) destroys the integrity of computer-based information, and/
(e) compromises the privacy of users
The Internet exists in the general research milieu. Portions
it continue to be used to support research and experimentation
networking. Because experimentation on the Internet has
potential to affect all of its components and users,
have the responsibility to exercise great caution in the
of their work. Negligence in the conduct of Internet-
experiments is both irresponsible and unacceptable
The IAB plans to take whatever actions it can, in concert
Federal agencies and other interested parties, to identify and
set up technical and procedural mechanisms to make the
more resistant to disruption. Such security, however, may
extremely expensive and may be counterproductive if it
the free flow of information which makes the Internet so valuable
In the final analysis, the health and well-being of the
is the responsibility of its users who must, uniformly,
against abuses which disrupt the system and threaten its long-
viability
3.2
The NSF issued an ethical network use statement on 30
1988, during the regular meeting of the Division Advisory
for Networking and Communications Research and Infrastructure (
reprinted in the Communications of the ACM (June of 1989) [5]),
that stated, in part
The Division Advisory Panel (DAP) of the NSF Division
Networking and Communication Research and Infrastructure (DNCRI
deplores lapses of ethical behavior which cause disruption to
national network resources. Industry, government, and
have established computer networks in support of research
scholarship. Recent events have accentuated the importance
establishing community standards for the ethical use of networks
In this regard, the DNCRI DAP defines as unethical any
which purposefully or through negligence
Reynolds [Page 6]
RFC 1135 The Helminthiasis of the Internet December 1989
a. disrupts the intended use of the networks
b. wastes resources through such actions (people, bandwidth
computer),
c. destroys the integrity of computer-based information
d. compromises the privacy of users
e. consumes unplanned resources for control and eradication
We encourage organizations managing and operating networks
adopt and publicize policies and standards for ethical behavior
We also encourage these organizations to adopt
procedures to enforce appropriate disciplinary responses
violations and to work with appropriate bodies on
legislation in this area
3.3
MIT issued a statement of ethics entitled, "Teaching
About Responsible Use of Computers" in 1985-1986 (and reprinted
the Communications of the ACM (June 1989) [6]). The
statement of ethics specifically outlined MIT's position on
intended use, privacy and security, system integrity,
intellectual property rights
Those standards, outlined in the MIT Bulletin under
procedures, call for all members of the community to act in
responsible, ethical, and professional way. The members of
MIT community also carry the responsibility to use the system
accordance with MIT's standards of honesty and personal conduct
3.4
The CPSR issued a statement on the Computer Virus in November 1988
(and reprinted in the Communications of the ACM (June 1989) [7]).
The CPSR believes
The incident should prompt critical review of our dependence
complex computer networks, particularly for military and defense
related function. The flaws that permitted the recent virus
spread will eventually be fixed, but other flaws will remain
Security loopholes are inevitable in any computer network and
prevalent in those that support general-purpose computing and
widely accessible
An effective way to correct known security flaws is to
Reynolds [Page 7]
RFC 1135 The Helminthiasis of the Internet December 1989
descriptions of the flaws so that they can be corrected.
therefore view the effort to conceal technical descriptions of
recent virus as short-sighted
CPSR believes that innovation, creativity, and the open
of ideas are the ingredients of scientific advancement
technological achievement. Computer networks, such as
Internet, facilitate this exchange. We cannot afford
that might restrict the ability of computer researchers
exchange their ideas with one another. More secure networks,
as military and financial networks, sharply restrict access
offer limited functionality. Government, industry, and
university community should support the continued development
network technology that provides open access to many users
The computer virus has sent a clear warning to the
community and to society at large. We hope it will provoke a
overdue public discussion about the vulnerabilities of
networks, and the technological, ethical, and legal choices
must address
4. The Role of the
----- "You don't worry about whether or not they'
written it, you worry whether or not they've read
before they go on the air." ----- Linda Ellerbee
the Pat Sajak Show
Airplane accidents, Pit Bulldog attacks, drought, disease...the
is there...whether you want them there or not. Predictably,
members of the press grabbed on to the worm invasion of the
and sensationalized the outbreak. Sites were named (including
like NASA Ames and Lawrence Livermore) and pointed to as
"violated". Questions of computer security were rampant.
of national security appropriately followed. The alleged
of the worm tended to be thought of by the press as a "genius" or
"hero".
During the helminthiasis of the Internet, handling this news
"invasion", was critical. It's akin to trying to extinguish a
brush fire with a news reporter and a microphone in your way.
is of the essence. The U.C. Berkeley group, among others,
that it was a problem to get work accomplished with the
hounding them incessantly. At MIT, their news office was
in doing their job of keeping the press informed and satisfied,
out of the way of the students and staff working on the a cure
What is an appropriate response?? At MIT, even a carefully
Reynolds [Page 8]
RFC 1135 The Helminthiasis of the Internet December 1989
"technical" statement to the press resulted in very few
press releases on the Internet worm. Extrapolation and "flavoring
by the press were common. According to Eichin and Rochlis, "We
unable to show the T.V. crew anything "visual" caused by the virus
something which eventually become a common media request
disappointment. Instead, they settled for people looking
workstations talking 'computer talk'." [10]
Cornell University was very critical of the press in their report
the Provost: "The Commission suggests that media exaggeration of
value and technical sophistication of this kind of activity
the far more accomplished work of those students who complete
graduate studies without public fanfare; who make
contributions to computer sciences and the advancement of
through their patiently constructed dissertation; and who
their work to the close scrutiny and evaluation of their peers,
not to the interpretations of the popular press." [9]
5. Crime in the Computer
----- "A recent survey by the American Bar
found that almost one-half of those companies
Government agencies that responded had been
by some form of computer crime. The known financial
from those crimes was estimated as high as $730 million
and the report concluded that computer crime is
the worst white-collar offenses." ----- The
Fraud and Abuse Act of 1986
The term White Collar crime was first used by Edwin Sutherland,
noted American criminologist, in 1939. Sutherland contended that
popular view of crime as primarily a lower class (Blue Collar
activity was based on the failure to consider the activities of
robber barons and captains of industry who violated the law
virtual impunity
In this day and age, White Collar crime refers to violations of
law committed by salaried or professional persons in conjunction
their work. Computer crimes are identified and included in
classification. Yet, law enforcement agencies have historically
little attention to this new phenomenon. When a trial and
does occur, it's resulted more often in a fine and probation, than
prison term. A shift became apparent in the late 1970s, when
FBI's ABSCAM investigation (1978-80) resulted in the conviction
several U.S. legislators for bribery and related charges
The legal implication of the Internet worm program as a
crime is still pending, as there are few cases to rely on. On
Reynolds [Page 9]
RFC 1135 The Helminthiasis of the Internet December 1989
Federal level, HR-6061, "The Computer Virus Eradication Act of 1988"
(Herger & Carr) was introduced in the U.S. House of Representatives
On the State level, several states are considering their
statutes. Time will tell
Meanwhile, computer network security is still allegedly
compromised, as described in a recent DDN Security Bulletin [12].
6. Future
----- "This is a pretty kettle of fish." ----- Queen Mary
Stanley Baldwin at the time of Edward VII's
What roles can the computer community as a whole, play in
such outbreaks? Why were many people aware of the debug problem
the sendmail program and the overflow problem in fingerd, yet
appropriate fixes were not installed in existing systems
Various opinions have emerged
1) Computer ethics must be taken seriously. A standard
computer ethics is extremely important for the new groups
computer professionals graduating out of Universities.
"old" professionals and "new" professionals who
computers are ALL responsible for their applications
2) The "powers that be" of the Internet (IAB, DARPA, NSF, etc.)
should pursue the current problems in network security,
cause the flaws to be fixed
3) The openness and free flow of information of
should be rightfully preserved, as it demonstrated its
during the helminthiasis by expediting the analysis and
of the infestation
4) Promote and coordinate the establishment of committees
agency "police" panels that would handle, judge, and
violations based on a universally set standard of
ethics
5) The continued incidences of "computer crime" show a lack
professionalism and ethical standards in the
community. Ethics statements like those discussed in
RFC, not only need to be published, but enforced as well
There is a continuing need to instill a professional code
ethics and responsibilities in order to preserve
computer community
Reynolds [Page 10]
RFC 1135 The Helminthiasis of the Internet December 1989
7. Documentation
----- "Everybody wants to get into the act!" -----
Durante
Quite a number of articles and papers were published very soon
the worm invasion. Books, articles, and other documents
continuing to be written and published on the subject (see Section 9,
Bibliography). In this RFC, we have chosen four to review:
Cornell University Report on "The Computer Worm" [8], presented
the Provost of the University, Eichin and Rochlis' "With
and Tweezers: An Analysis of the Internet Virus of November 1988"
[9], Donn Seeley's "A Tour of the Worm" [10], and Gene Spafford's
"The Internet Worm Program: An Analysis" [11].
7.1 The Cornell University
The Cornell University Report on "The Computer Worm",
presented to the Provost of the University on 6 February 1989,
the Commission of Preliminary Enquiry, consisting of:
Eisenberg, Law, David Gries, Computer Science, Juris Hartmanis
Computer Science, Don Holcomb, Physics, M. Stuart Lynn, Office
Information Technologies (Chair), and Thomas Santoro, Office
the University Counsel
An introduction set the stage of the intent and purpose of
Commission
1) Accumulate all evidence concerning the
of the alleged Cornell University Computer
graduate student in the worm infestation of the Internet
and to assess the gathered evidence to determine
alleged graduate student was the perpetrator
2) Accumulate all evidence concerning the
involvement of any other members of the Cornell
community, and to assess such evidence to
whether or not any other members of the Cornell
community was involved in unleashing the worm on to
Internet, or knew of the potential worm infestation
of time
3) Evaluate relevant computer policies and procedures
determine which, if any, were violated and to
preliminary recommendations to the Provost as
whether any of such policies and procedures should
modified to inhibit potential future security
of this general type
Reynolds [Page 11]
RFC 1135 The Helminthiasis of the Internet December 1989
In the summary of findings and comments, the Commission named
Cornell University first year Computer Science graduate
that allegedly created the worm and unleashed it on to
Internet. The findings section also discussed
1) the impact of the invasion of the worm
2) the mitigation attempts to stop the worm
3) the violation of computer abuse policies
4) the intent
5) security attitudes and knowledge
6) technical sophistication
7) Cornell's involvement
8) ethical considerations
9) community sentiment
10) and Cornell University's policies on computer abuse
The report concluded that the worm program's gathering
unauthorized passwords and the dissemination of the worm over
national network were wrong. The Commission also disclaimed
contrary to media reports, Cornell University DID NOT condone
worm infection, nor heralded the unleashing of the worm program
a heroic event. The Commission did continue to encourage the
flow of scholarly research and reasonable trust within
University/Research communities
A background on the worm program, methods of investigation,
introduction to the evidence, an interpretation and findings
acknowledgements, and an extensive appendices were also
in the Commission's report
7.2 "With Microscope and Tweezers: An Analysis of the
Virus of November 1988"
Eichin and Rochlis' "With Microscope and Tweezers: An Analysis
the Internet Virus of November 1988", provides a
dissection of the worm program. The paper discusses the
points of the worm program then reviews strategies, chronology
lessons and open issues, acknowledgements; also included are
detailed appendix on the worm program subroutine by subroutine,
appendix on the cast of characters, and a reference section
A discussion of the terms "worm" versus "virus" is presented
These authors concluded that it was a "virus" infection, not
infection. Thus they use the term "virus" in their document.
Section 1, goals and targets by the teams of computer
were defined. There were three steps taken to find out the
workings of the virus
Reynolds [Page 12]
RFC 1135 The Helminthiasis of the Internet December 1989
- isolating a specimen of the virus in a
which could be analyzed
- "decompiling" the virus, into a form that
be shown to reduce to the executable of the
things, so that the higher level version could
interpreted
- analyzing the strategies used by the virus,
the elements of its design, in order to find
and methods of defeating it
Major points were outlined of how the virus attacked and who
attacked
How it entered
Who it attacked
What it attacked
What it did NOT do
In Section 2, the target of the attacks by the virus
discussed. This included the sendmail debug mode, the
daemon bug, rexec and passwords, rsh, trusted host features,
information flow. A description of the virus' self
included how it covered its tracks, and what camouflage it used
go undetected to the machines and system administrators.
were analyzed in three subjects: reinfection prevention
heuristics, and vulnerabilities not used
Many defenses were launched to stop the virus. Some
convenient or inconvenient for end users of the infected systems
Those mentioned in this document included
- full isolation from the
- turning off mail
- patching out the "debug" command in
- shutting down the finger
- fixing the finger
- mkdir /usr/tmp/sh (a simple way to keep the
from propagating
Reynolds [Page 13]
RFC 1135 The Helminthiasis of the Internet December 1989
- defining pleasequit (did not stop the virus
- renaming the UNIX C compiler and
- requiring new passwords for all
After the virus was diagnosed, a tool was created which
the password attack (including the virus' internal directory)
was posted to the Internet. System administrators were able
analyze the passwords in use on their system
Section 3 chronicles the events that took place between Wednesday
2 November 1988 through Friday, 11 November 1988 (EST).
Section 4, lessons and open issues are viewed and discussed
- Connectivity was important
- The "old boy network" worked
- Late night authentication is an interesting problem
(How did you know that it really is MIT on
phone??)
- Whom do you call (if you need to talk to the manager
the Ohio State University network at 3 o'clock in
morning)?
- Speaker phones and conference calling proved very useful
- The "teams" that were formed and how they reacted
the virus is a topic for future study
- Misinformation and illusions ran rampant
- Tools were not as important as one would
anticipated
- Source availability was important
- The academic sites performed the best, better
government and commercial sites
- Managing the press was critical
General points for the future
- "We have met the enemy and he is us."
(Alleged author of the virus was an insider.)
Reynolds [Page 14]
RFC 1135 The Helminthiasis of the Internet December 1989
- Diversity is good
- "The cure shouldn't be worse than the disease."
(It may be more expensive to prevent such
than is is to clean up after them.)
- Defenses must be at the host level, not the network level
(The network performed its function perfectly and
not be faulted; the flaws were in several
programs.)
- Logging information is important
- Denial of service attacks are easy
- A central security fix repository may be a good idea
- Knee-jerk reactions should be avoided
Appendix A describes the virus program subroutine by subroutine
A flow of information among the subroutines is pictured on
19. Appendix B presents the 432 words built in the worm'
dictionary. Appendix C lists the "cast of characters"
defeating the virus
7.3 "A Tour of the Worm
In Donn Seeley's "A Tour of the Worm", specific details
presented as a "walk thru" of this particular worm program.
paper opened with an abstract, introduction, detailed
of events upon the discovery of the worm, an overview,
internals of the worm, personal opinions, and conclusion
The chronology section presented a partial list representing
current known dates and times (in PST). In the
overview, the worm is defined as a 99-line bootstrap
written in the C language, plus a large relocatable object
that was available in VAX and various Sun-3 versions.
classified activities of the worm into two categories of
and defense. Attack consisted of locating hosts (and accounts)
penetrate, then exploiting security holes on remote systems
pass across a copy of the worm and run it. The defense
fell into three categories: preventing the detection of intrusion
inhibiting the analysis of the program, and authenticating
worms. When analyzing this particular program, Seeley stated
it is just as important to establish what the program DOES NOT do
as what it does do
Reynolds [Page 15]
RFC 1135 The Helminthiasis of the Internet December 1989
This worm did not delete a system's files
This worm did not modify existing files
This worm did not install trojan horses
This worm did not record or transmit decrypted passwords
This worm did not try to capture superuser privileges
This worm did not propagate over UUCP, X.25, DECNET, or BITNET
This worm specifically draws upon TCP/IP
This worm did not infect System V systems, unless they had
modified to use Berkeley network programs like sendmail
fingerd, and rexec
In section 4, the "internals" of the worm were examined
charted. The main thread of control in the worm was analyzed
then an examination of the worm's data structure was presented
Population growth of the worm, security holes, the worms' use
rsh and rexec network services, the use of the TCP finger
to gain entry to a system, and the sendmail attack are discussed
Password cracking and faster password encryption algorithms
discussed
In the opinions section, certain questions that a "
ordinary system administrator" might ask were discussed
Did the worm cause damage
Was the worm malicious
Will publication or worm details further harm security
7.4 "The Internet Worm Program: An Analysis
Gene Spafford's "The Internet Worm Program: An Analysis",
described the infection of the Internet as a worm program
exploited flaws in utility programs in UNIX based systems.
report gives a detailed description of the components of the
program: data and functions. He focuses his study on
completely independent reverse-compilations of the worm and
version disassembled to VAX assembly language
Reynolds [Page 16]
RFC 1135 The Helminthiasis of the Internet December 1989
In Section 4, Spafford provided a high-level example of how
worm program functioned. The worm consisted of two parts: a
program, and a bootstrap (or vector) program. A description
the point of view of a host that was infected was presented
Section 5 describes the data structures and organization of
routines of the program
1) The worm had few global data structures
2) The worm constructed a linked list of
records
3) The worm constructed a simple array of
IP addresses through the use of the
"netstat" command
4) An array of records was filled in with
about each network interface active on the current host
5) A linked list of records was built to hold
information
6) The program maintained an array of "object"
held the files that composed the worm
7) A mini-dictionary of words was present in the
to use in password guessing
8) Every text string used by the program, except
the words in the mini-dictionary, was masked (XOR
with the bit pattern 0x81.
9) The worm used the following routines
setup and utility
main, doit, crypt, h_addaddr
h_addname, h_addr2host, h_clean
h_name2host, if_init, loadobject
makemagic, netmastfor, permute
rt_init, supports_rsh, and supports_
network and password attacks
attack_network, attack_user, crack_0,
crack_1, crack_2, crack_3, cracksome
ha, hg, hi, hl, hul, infect, scan_gateways
sendWorm, try_fingerd, try_password
try_rsh, try_sendmail, and
Reynolds [Page 17]
RFC 1135 The Helminthiasis of the Internet December 1989
Camouflage
checkother, other_sleep, send_message
and
In Section 6, Spafford provides an analysis of the code of the worm
He discusses the structure and style, the problems of functionality
camouflage, specific comments, the sendmail attack, the
involved, and the portability considerations
Finally, appendices supply the "mini-dictionary" of words
in the worm, the bootstrap (vector) program that the worm
over to each machine, a corrected fingerd program, and the
developed and invoked to sendmail to rectify the infection
8.
[1] Allman, E., "Sendmail - An Internetwork Mail Router",
of California, Berkeley, Issued with the BSD UNIX
set, 1983.
[2] Postel, J., "Simple Mail Transfer Protocol", RFC 821,
USC/Information Sciences Institute, August 1982.
[3] Harrenstien, K., "NAME/FINGER", RFC 742, SRI, December 1977.
[4] Internet Activities Board, "Ethics and the Internet", RFC 1087,
IAB, January 1989. Also appears in the Communications of
ACM, Vol. 32, No. 6, Pg. 710, June 1989.
[5] National Science Foundation, "NSF Poses Code of
Ethics", Communications of the ACM, Vol. 32, No. 6, Pg. 688,
June 1989. Also appears in the minutes of the regular
of the Division Advisory Panel for Networking and
Research and Infrastructure, Dave Farber, Chair, November 29-30
1988.
[6] Massachusetts Institute of Technology, "Teaching Students
Responsible Use of Computers", MIT, 1985-1986. Also
in the Communications of the ACM, Vol. 32, No. 6, Pg. 704,
Athena Project, MIT, June 1989.
[7] Computer Professionals for Social Responsibility, "
Statement on the Computer Virus", CPSR, Communications of
ACM, Vol. 32, No. 6, Pg. 699, June 1989.
[8] Eisenberg, T., D. Gries, J. Hartmanis, D. Holcomb, M. Lynn,
T. Santoro, "The Computer Worm", Cornell University, 6
1989.
Reynolds [Page 18]
RFC 1135 The Helminthiasis of the Internet December 1989
[9] Eichin, M., and J. Rochlis, "With Microscope and Tweezers:
Analysis of the Internet Virus of November 1988",
Institute of Technology, February 1989.
[10] Seeley, D., "A Tour of the Worm", Proceedings of 1989
USENIX Conference, Usenix Association, San Diego, CA,
1989.
[11] Spafford, E., "The Internet Worm Program: An Analysis",
Communication Review, Vol. 19, No. 1, ACM SIGCOM, January 1989.
Also issued as Purdue CS Technical Report CSD-TR-823, 28
November 1988.
[12] DCA DDN Defense Communications System, "DDN Security
03", DDN Security Coordination Center, 17 October 1989.
9.
Alexander, M., "A Year Later, Internet Still Under Attack",
Computerworld, Vol. 23, No. 45, Pg. 1, 6 November 1989.
Alexander, M., "It's Ba-a-ack: 'No Nukes Worm' Haunts Internet", Vol
23, No. 45, Pg. 6, 6 November 1989.
Aucoin, R., "Computer Viruses: Checklist for Recovery", Computers
Libraries, Vol. 9, No. 2, Pg. 4, 1 February 1989.
Aviation Week & Space Technology, "Rapid Spread of Virus
Fears About Danger to Computers", Aviation Week & Space Technology
Vol. 129, No. 20, Pg. 44, 14 November 1988.
Barnes, J., "Drawing the Lines: Changes in Computer Technology
Law Guarantee that Resdistricting in ther 1990s will be Different
a More Difficult Game", National Journal, Vol. 21, No. 13, Pg. 787, 1
April 1989.
Bellovin, S., "Security Problems in the TCP/IP Protocol Suite",
Computer Communication Review, Vol. 19, No. 2, Pg. 32, 1 April 1989.
Bellovin, S., "The Worm and the Debug Option", Forum Risks to
Publics in Computer and Related Systems, Vol. 7, No. 74,
Committee on Computers and Public Policy, 10 November 1988.
Bender, D., "Computer Law: Evidence and Procedure", (Kept up to
with supplements.), M. Bender, New York, NY, 1978-present
Bidgoli, H., and R. Azarmsa, "Computer Security: New
Concern for the 1990's and Beyond", Journal of Systems Management
Reynolds [Page 19]
RFC 1135 The Helminthiasis of the Internet December 1989
Vol. 40, No. 10, Pg. 21, 1 October 1989.
Bloombecker, J., "Short-Circuiting Computer Crime", Datamation, Vol
35, No. 19, Pg. 71, 1 October 1989.
Bloombecker, J., and J. Buck, "Computer Ethics for Cynics",
and Society, Vol. 18, No. 3, Pgs. 30-32, ACM Special Interest
on Computers and Society, New York, NY, July 1988.
Bologna, J. "Computer Insecurities: An Analysis of Recent Surveys
Computer Related Crime and Computer Security", Data Processing &
Communications Security, Vol. 12, No. 4, Fall 1988.
Bologna, J. "The One Minute Fraud Auditor", Computers & Security
Vol. 8, No. 1, Pg. 29, 1 February 1989.
Boston Herald, "Computer Whiz Puts Virus in Computers", Pg. 1,
Herald, 5 November 1988.
Brand, R., "Attack of the Tiger Teams: Inside America's
Security Crisis", Tempus Books, August 1989.
Brenner, A., "LAN Security", LAN Magazine, August 1989.
Brunner, J., "The Shockwave Rider", Harper & Row, 1975.
Burger, R., "Computer Viruses: A High-Tech Disease", 2nd Edition
Abacus, Grand Rapids, Michigan, 1988.
Campbell, B., and C. Jackson, "The Internet Worm: Rethinking
Security Threat", Unisphere, Vol. 9, No. 1, Pgs. 44, 46, 48,
1989.
Campell, D., "Computer Contagion", Security Management, Vol. 32, No
10, Pg. 83, 1 October 1988.
Chain Store Age Executive, "Retail Technology: Computer 'Viruses'",
Chain Store Age Executive, Vol. 64, No. 12, Pg. 67, 1 December 1989.
Chess, D., "Computer Viruses and Related Threats to Computer
Network Integrity", Computer Networks and ISDN Systems, Vol. 17, No
2, 1989.
Christiansen, D., "A Matter of Ethics", IEEE Spectrum, Vol. 25, Pg
15, August 1988.
Cohen, F., "Computational Aspects of Computer Viruses", Computers &
Security, Vol. 8, No. 4., Pg. 325, 1 June 1989.
Reynolds [Page 20]
RFC 1135 The Helminthiasis of the Internet December 1989
Cohen, F., "Models of Practical Defenses Against Computer Viruses",
Computers & Security, Vol. 8, No. 2, Pg. 149, 1 April 1989.
Colyer, J., "Risks of Unchecked Input in C Programs", Forum Risks
the Publics in Computer and Related Systems, Vol. 7, No. 74,
Committee on Computers and Public Policy, 10 November 1988.
Commerce Clearing House, "Guide to Computer Law", (Topical
Reports), Chicago, Ill., 1989.
Communications of the ACM, "Letters", ACM Forum, Vol. 32, No. 6, Pgs
672-673, June 1989.
Communications of the ACM, "Letters", ACM Forum, Vol. 32, No. 9, Pgs
1044-1045, September 1989.
Computers & Security, "Random Bits & Bytes", Computers & Security
Vol. 8, No. 3, Pg. 178, 1 May 1989.
Computer Law and Tax Report, "Difficult to Prosecute Virus Authors",
Computer Law and Tax Report, Vol. 15, No. 5, Pg. 7, 1 December 1988.
Computer Law and Tax Report, "Virus Bill Introduced", Computer
and Tax Report, Vol. 15, No. 4, Pg. 13, 1 November 1988.
Computerworld, "MIS Reacts", Pg. 157, 7 November 1988.
Cornell Computer Science Department, "Policy for the Use of
Research Computing Facility", Cornell University, 21 August, 1987.
Data Communications, "Internet Virus Aftermath: Is Tighter
Coming?", Data Communications, Vol. 17, No. 14, Pg. 52, 1
1988.
Dean, P., "Was Science-fiction Novel Germ of a Computer Virus?",
Angeles Times, San Diego County Edition, Part V, Pgs. 1, 2, & 3, 9
November 1988.
DeBow, Y., "Bankers Review Security Procedures After Virus Attack",
Computer Banking, Vol. 6, No. 1, Pg. 8, January 1989.
Defense Data Network, "BSD 4.2 and 4.3 Software Problem Resolution",
DDN MGT Bulletin #43, DDN Network Information Center, 3
1988.
Demaio, H., "Viruses - A Management Issue", Computers & Security
Vol. 8, No. 5, Pg. 381, 1 August 1989.
Reynolds [Page 21]
RFC 1135 The Helminthiasis of the Internet December 1989
Denning, P., "The Science of Computing: The Internet Worm",
Scientist, Vol. 77, No. 2, Pgs. 126-128, March 1989.
Devoy, J., Gilssmann, R., and K. Miklofsky, "Media, File
Schemes Facilitate WORM Utilization", Computer Technology Review
Vol. 8, No. 13, Fall 1988.
Dewdney, A., "Computer Recreations; Of Worms, Viruses and Core War",
Scientific American, March 1989
Discover, "Technology: Communicable Computer Disease", Discover, Vol
10, No. 1, Pg. 64, 1 January 1989.
El-Baghdadi, M., "The Pivotal Role in Computer Security",
Management, Vol. 33, No. 7, Pg. 63, 1 July 1989.
Electronic Learning, "Computer Viruses: An Epidemic Real
Imagined?", Electronic Learning, Vol. 8, No. 6, April 1989.
Eloff, J., "Computer Security Policy: Important Issues", Computers &
Security, Vol. 7, No. 6, Pg. 559, 1 December 1988.
Ellerbee, L., "And So It Goes", G.P. Putnam's Sons, Berkley Edition
June 1987.
Ellis, A., "Underwriting Update-Computer Viruses: Working Out
Bugs", Best's Review, Vol. 90, No. 1, Pg. 84, 1 May 1989.
Elmer-DeWitt, P., "Invasion of the Data Snatchers! - A 'Virus
Epidemic Strikes TERROR in the Computer World", Time Magazine
Technology Section, Pgs. 62-67, 26 September 1988.
Elmer-DeWitt, P., "The Kid Put Us Out of Action", Time Magazine, Pg
76, 14 November 1988.
Elmer-DeWitt, P., "You Must Be Punished", Time Magazine,
Section, Pg. 66, 26 September 1988.
Fainberg, T., "The Night the Network Failed", New Scientist, Vol
121, No. 1654, Pg. 38, 4 March 1989.
Fenwick, W., Chair, "Computer Litigation, 1985: Trial Tactics
Techniques", Litigation Course Handbook Series No. 280, Prepared
distribution at the Computer Litigation, 1985: Trial Tactics
Techniques Program, February-March 1985.
Fifield, K., "Smartcards Outsmart Computer Crime", Computers &
Security, Vol. 8, No. 3, May 1989.
Reynolds [Page 22]
RFC 1135 The Helminthiasis of the Internet December 1989
Fisher, L., "On the Front Lines in Battling Electronic Invader",
New York Times, November 1988.
Fites, P., Johnston, P., and M. Kratz, "The Computer Virus Crisis",
Van Nostrand Reinhold, New York, NY., 1989
Forcht, K., Thomas, D., and K. Wigginton, "Computer Crime:
the Lawyer's Perspective", Journal of Business Ethics, Vol. 8, No. 4
April 1989.
Friis, W., "Is Your PC Infected?", ABA Banking Journal, Vol. 81, No
5, Pg. 49, 1 May 1989.
Gardner, E., Samuels, L., and B. Render, "Computer Security",
Journal of Information Systems Management, Vol. 6, No. 4, Pg. 42,
Fall 1989.
Gardner, P., "The Internet Worm: What Was Said and When", Computers &
Security, Vol. 8, No. 4, June 1989.
Gemignani, M., "Viruses and Criminal Law", Communications of the ACM
Vol. 32, No. 6, Pgs. 669-671, June 1989.
Gerlth, J., "Intruders Into Computer Systems Still Hard
Prosecute", The New York Times, 5 November 1988.
Gerrold, D., "When Harlie Was One", Ballentine Books, 1st Edition
1972.
Gleissner, W., "A Mathematical Theory for the Spread of
Viruses", Computers & Security, Vol. 8, No. 1, Pg. 35, 1
1989.
Greenberg, R., "Know thy Viral Enemy: It's More Important Than
to Guard Your Data and Your System Against Infection by
Viruses", Byte, Vol. 14, No. 6, Pg. 275, 1 June 1989.
Greenia, M., "Computer Security Information Sourcebook",
Services, Sacramento, CA, 1989.
Harvard College, "Misuse of Computer Systems", Handbook
Students", Pg. 85, Harvard College, 1987-1988.
Hawkins, C., "What Users Should Know About Computer Viruses",
Telecommunications, North American Edition, Vol. 23, No. 7, 1
1989.
Herrick, G., "Computer Viruses: Prevention is Better than Cure",
Reynolds [Page 23]
RFC 1135 The Helminthiasis of the Internet December 1989
Accountant's Magazine, Vol. 93, No. 992, Pg. 24, 1 March 1989.
Hertzoff, I., "Layer Your LAN", Security Management, Vol. 33, No. 9,
Pg. 201, 1 September 1989.
Highland, H., "Reports from the Victims", Computers & Security, Vol
8, No. 2, Pg. 101, 1 April 1989.
Hispanic Business, "Consumer Showcase: Bits & Bytes:
Thunderstorms to Disgruntled Employees to Computer Viruses, a
System's Vulnerability is Often Overlooked until Disaster Strikes",
Hispanic Business, Vol. 11, No. 8, Pg. 36, 1 August 1989.
Hoffer, J., and D. Straub, "The 9 to 5 Underground: Are You
Computer Crimes?", Sloan Management Review, Vol. 30, No. 4, Pg. 35,
Summer 1989.
Hoffman, L., "Risk Analysis and Computer Security: Towards a
at Last", Computers & Security, Vol. 8, No. 1, Pg 23, 1
1989.
Hospitals, "Information Management: Electronic Computer Viruses
not Running Rampant in Hospital Information Systems, but Health
Executives are Entirely Too Lax About Computer System Security", Vol
63, No. 11, Pg. 64, 5 June 1989.
Huband, F., and R. Shelton, Editors, "Protection of Computer
and Software: New Approaches for Combating Theft of Software
Unauthorized Intrusion", Papers presented at a workshop sponsored
the National Science Foundation, 1986.
Hughes, W., "The Computer Fraud and Abuse Act of 1986,
Record (30 April 1986)", Washington, D.C., 30 April 1986.
Industry Week, "Computer Flu Is After You", Industry Week, Vol. 238,
No. 2, Pg. 39, 16 January 1989.
Information Executive, "Promoting Computer Ethics: The
Generation", Information Executive, Vol., 2, No. 4, Pg. 42,
1989.
Information Hotline, "Plan to Combat Computer Viruses", Vol. 21, No
8, Pg. 10, 1 October 1989.
Jamieson, R., and L. Graham, "Security and Control Issues in
Area Network Design, Computers & Security, Vol. 8, No. 4, Pg. 305, 1
June 1989.
Reynolds [Page 24]
RFC 1135 The Helminthiasis of the Internet December 1989
Jander, M., "The Naked Network", Computer Decisions, Vol. 21, No. 4,
Pg. 39, 1 April 1989.
Joyce, E., "Time Bomb: Inside The Texas Virus Trial",
Decisions, Vol. 20, No. 12, Pg. 38, 1 December 1988.
Keenan, T., "Emerging Vulnerabilities in Office Automation Security",
Computers & Security, Vol. 8, No. 3, Pg. 223, 1 May 1989.
Kellam-Scott, B., "Profile: Bellcore Computer and Network
Symposium", Bellcore Exchange, Vol. 5, No. 1, Pg. 24, 1 January 1989.
King, K., "Overreaction to External Attacks on Computer Systems
be More Harmful Than the Viruses Themselves", Chronicle of
Education, Pg. A36, 23 November 1988. Also in: Educom Bulletin, Vol
23, No. 4, Pg. 5, Winter 1988
Kluepfel, H., "Computer Use and Abuse: Computer Systems and
Data are Vulnerable to Error, Omission, and Abuse",
Management, Vol. 33, No. 2, Pg. 72, 1 February 1989.
Kocher, B., "A Hygiene Lesson", Communications of the ACM, Vol. 32,
No. 6, Pg. 3, January 1989.
Kosko, J., "Computer Security Experts Advise Steps to Reduce the
of Virus Attacks", Virus Discussion List, 22 September 1989.
Kruys, J., "Security of Open Systems", Computers & Security, Vol. 8,
No. 2, Pg. 139, 1 April 1989.
Lapsley, P., "'We are Under Attack. . .' (The Internet 'Worm':
Chronology)", UNIX Review, Vol. 7, No. 1, Pgs. 69-70, 72-73,
1989.
Lerner, E., "Computer Virus Threatens to Become Epidemic",
America, Vol. 27, No. 2, Pg. 14, 1 February 1989.
Lewyn, M., and D. Carroll, "'Scary' Virus Clogs Top Computers",
Today, Section A, Col. 2, Pg. 1, 4 November 1988.
Lim, B., "Protection of Computer Programs Under the Computer
Protection Law of the Republic of Korea", Harvard International
Journal, Vol. 30, No. 1, Pg. 171, Winter 1989.
Lu, W., and M. Sundareshan, "Secure Communication in
Environments: A Hierachical Key Management Scheme for End-to-
Encryption", IEEE Transactions on Communications, Vol. 37, No. 10,
Pg. 1014, 1 October 1989.
Reynolds [Page 25]
RFC 1135 The Helminthiasis of the Internet December 1989
Lunt, T., "Access Control Policies: Some Unanswered Questions",
Computers & Security, Vol. 8, No. 1, Pg. 43, 1 February 1989.
Lynn, M., "Ethical Responsibility Key to Computer Security",
Educational Record, Vol. 70, No. 2, Pg. 36, Spring 1989.
Machalow, R., "Security for Lotus Files", Computers in Libraries
Vol. 9, No. 2, Pg. 19, 1 February 1989.
Maher, J., and J. Hicks, "Computer Viruses: Controller's Nightmare",
Management Accounting, Vol. 71, No. 4, Pg. 44, 1 October 1989.
Markoff, J., "Author of Computer 'Virus' is Son of U.S.
Security Expert", Pgs. A1, A7, The New York Times, 5 November 1988.
Markoff, J., "Computer Experts Say Virus Carried No Hidden Dangers",
The New York Times, 9 November 1988.
Markoff, J., "Computer Snarl: A 'Back Door' Ajar", Pg. B10, The
York Times, 7 November 1988.
Markoff, J., "Learning to Love the Computer Whiz", The New
Times, 8 November 1988.
Markoff, J., "The Computer Jam: How It Came About", The New
Times, 9 November 1988.
Markoff, J., "U.S. is Moving to Restrict Access to Facts
Computer Virus", Pg. A28, The New York Times, 11 November 1988.
Markoff, J., "'Virus' in Military Computers Disrupts
Nationwide", The New York Times, 4 November 1988.
Marshall, E., "The Worm's Aftermath", Science, Vol. 242, Pg. 1121, 25
November 1988.
Martin, M., and R. Schinzinger, "Ethics in Engineering", McGraw Hill
2nd Edition, 1989.
Martin, N., "Revenge of the Nerds", The Washington Monthly, Vol. 20,
No. 12, Pg. 21, 1 January 1989.
McAfee, J., "The Virus Cure", Datamation, Vol. 35, No. 4, Pg. 29, 15
February 1989.
McEwen, J., "Dedicated Computer Crime Units", Report Contributors: D
Fester and H. Nugent, Prepared for the National Institute of Justice
U.S. Department of Justice, by Institute for Law and Justice, Inc
Reynolds [Page 26]
RFC 1135 The Helminthiasis of the Internet December 1989
under contract number OJP-85-C-006, Washington, D.C., 1989.
Menkus, B., "It's Time to Rethink Data Processing Fire Protection",
Computers & Security, Vol. 8, No. 5, Pg. 389, 1 August 1989.
Menkus, B., "The Computer Virus Situation is not Encouraging",
Computers & Security, Vol. 8, No. 2, Pg. 115, 1 April 1989.
Menkus, B., "The Employee's Role in Protecting Information Assets",
Computers & Security, Vol. 8, No. 6, Pg. 487, 1 October 1989.
Menkus, B., "Understanding Password Compromise", Computers &
Security, Vol. 7, No. 6, Pg. 549, 1 December 1989.
Menkus, B., "U.S. Government Agencies Belatedly Address
System Security Issues", Computers & Security, Vol. 7, No. 4, Pg
361, 1 August 1988.
Meredith, D., "Cornell Panel Concludes Morris Responsible
Computer Worm", Cornell Chronicle, April 1989.
Miller, Jr., K., "Computer Viruses", Business and Economic Review
Vol. 35, No. 4, Pg. 36, 1 June 1989.
Mizock, M., "Ethics--The Guiding Light of Professionalism",
Management, Vol. 24, No. 8, August 1986.
Modern Railroads, "How to Outwit Computer 'Hackers'",
Railroads, Vol. 44, No. 3, Pg. 40, 1 February 1989.
Moir, D., "Maintaining System Security", Dr. Dobb's Journal
Software Tools for the Pro, Vol. 14, No. 6, Pg. 75, 1 June 1989.
Munro, N., "Big Guns Take Aim at Virus", Government Computer News
Vol. 7, No. 24, Pgs. 1, 100, November 1988.
National Computer Security Center, "Proceedings of the Virus Post
Mortem Meeting", NCSC, St. George Meade, MD, 8 November 1988.
National Institute of Standards and Technology, "Computer Viruses
Related Threats: A Management Guide", NIST Special Publication 500-
166, August 1989.
Neumann, P., Editor, "Forum of Risks to the Public in Computers
Related Systems", Vol. 7, No. 69, ACM Committee on Computers
Public Policy, 3 November 1988.
Newhouse News Service, "Congressmen Plan Hearings on Virus",
Reynolds [Page 27]
RFC 1135 The Helminthiasis of the Internet December 1989
Seattle Times, Pg. B2, 27 November 1988.
NSF Network Service Center (NNSC), "Internet Computer Virus Update",
NSFNET, Cambridge, MA, 4 November 1988.
Ostapik, F., "The Effect of the Internet Worm on Network and
Security", Connextions, Vol. 3, No. 9, Pgs. 16-17, September 1989.
Ostrow, R., and T. Maugh II, "Legal Doubts Rise in Computer
Case", Los Angeles Times, Part I, Col. 1, Pg. 4, 9 November 1988.
Page, B., "A Report on the Internet Worm", University of Lowell
Computer Science Department, 7 November 1988.
Palmore, T., "Computer Bytes: Viruses and Vaccines", TechTrends, Vol
34, No. 2, Pg. 26, 1 March 1989.
Parker, D., "Fighting Computer Crime", Scribner, New York, 1983.
PC Week, "'Worm' Attacks National Network", Pg. 8, 7 November 1988.
Perry, W., "Why Software Defects So Often Go Undiscovered",
Government Computer News, Vol. 7, No. 24, Pg. 85, 21 November 1988.
Peterson, I., "Worming into a Computer's Vulnerable Core",
News, Volume #134, 12 November 1988.
Phelps, E., "Bug Bytes", Security Management, Vol. 33, No. 9, Pg. 85,
1 September 1989.
Presstime, "Contagious Communication", Presstime, Vol. 11, No. 3,
March 1989.
Radai, Y., "The Israeli PC Virus", Computers & Security, Vol. 8, No
2, Pg. 111, 1 April 1989.
Reese, L., "Of MICE and Men", Security Management, Vol. 33, No. 9,
Pg. 89, 1 September 1989.
Resource Management, "Computer Viruses: Background
Recommendations for Keeping Software Healthy are Detailed",
Management, Pg. 8, 1 July 1989.
Richards, T., and R. Knotts, "Top Management's View of
Related Fraud", Sig Security, Audit & Control Review, Vol. 6, No. 4,
Pg. 34, Winter 1989.
Rivera, A., "Computer Viruses: A Different Perspective",
Reynolds [Page 28]
RFC 1135 The Helminthiasis of the Internet December 1989
Processing & Communications Security, Vol. 13, No. 1, Winter 1989.
Rowe, J., Shelton, C., and M. Krohn, "Avoiding Computer Viruses",
Business Education Forum, Vol. 44, No. 2, Pg. 17, 1 November 1989.
Royko, M., "Here's How to Stop Computer Vandals", Chicago Tribune, 6
November 1988.
Rubin, H., and A. Paliotta, "Perimeter Security for
with External Entities", The Internal Auditor, Vol. 46, No. 2, Pg
40, March-April 1989.
Rubin, M., "Private Rights, Public Wrongs: the Computer and
Privacy", Ablex Publishing 1988.
Sampson, K., "Computer Viruses: Not Fads, Not Funny", The Office
Vol. 110. No. 4, Pg. 56, 1 October 1989.
Samuelson, P., "Can Hackers be Sued for Damages Caused by
Viruses?", Communications of the ACM, Vol. 32, No. 6, Pgs. 666-669,
June 1989.
Schneider, W., "Computer Viruses: What They Are, How They Work,
They Might Get You, and How to Control Them in
Institutions", Behavior Research Methods, Instruments, & Computers
Vol. 21, No. 2, Pg. 334, 1 April 1989.
Schultz, J., "Low Cost Security Solutions for Personal Computers",
Signal, Vol. 44, No. 3, Pg. 71, 1 November 1989.
Schweitzer, J., "Protecting Information on Local Area Networks",
Butterworths, Boston, 1988.
Seeley, D., "Password Cracking: A Game of Wits", Communications
the ACM, Vol. 32, No. 6, Pgs. 700-703, June 1989.
Shadabuddin, S., "Computer Security Problems and Control Techniques",
American Business Review, Vol. 7, No., 1, Pg. 14, 1 January 1989.
Shaw, E., Jr., "Computer Fraud and Abuse Act of 1986,
Record (3 June 1986), Washington, D.C., 3 June 1986.
Sheiman, D., "Legal Affairs: Coming Soon...To A Personal
Near You", The Amicus Journal, Vol. 11, No. 3, Pg. 38, Summer 1989.
Siegel, L. and J. Markoff, "The High Cost of High Tech, the Dark
of the Chip", Harper & Row, New York, 1985.
Reynolds [Page 29]
RFC 1135 The Helminthiasis of the Internet December 1989
Sims, C., "Researchers Fear Computer 'Virus' Will Slow Use
