Browse Prior Art Database

Helminthiasis of the Internet (RFC1135)

IP.com Disclosure Number: IPCOM000001946D
Original Publication Date: 1989-Dec-01
Included in the Prior Art Database: 2019-Feb-11
Document File: 33 page(s) / 47K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

J.K. Reynolds: AUTHOR

Related Documents

10.17487/RFC1135: DOI

Abstract

This memo takes a look back at the helminthiasis (infestation with, or disease caused by parasitic worms) of the Internet that was unleashed the evening of 2 November 1988. This RFC provides information about an event that occurred in the life of the Internet. This memo does not specify any standard. This document provides a glimpse at the infection, its festering, and cure. The impact of the worm on the Internet community, ethics statements, the role of the news media, crime in the computer world, and future prevention is discussed. A documentation review presents four publications that describe in detail this particular parasitic computer program. Reference and bibliography sections are also included.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 5% of the total text.

Network Working Group J. Reynolds Request for Comments: 1135 ISI December 1989

The Helminthiasis of the Internet

Status of this Memo

This memo takes a look back at the helminthiasis (infestation with, or disease caused by parasitic worms) of the Internet that was unleashed the evening of 2 November 1988. This RFC provides information about an event that occurred in the life of the Internet. This memo does not specify any standard. Distribution of this memo is unlimited.

Introduction

----- "The obscure we see eventually, the completely apparent takes longer." ----- Edward R. Murrow

The helminthiasis of the Internet was a self-replicating program that infected VAX computers and SUN-3 workstations running the 4.2 and 4.3 Berkeley UNIX code. It disrupted the operations of computers by accessing known security loopholes in applications closely associated with the operating system. Despite system administrators efforts to eliminate the program, the infection continued to attack and spread to other sites across the United States.

This RFC provides a glimpse at the infection, its festering, and cure. The impact of the worm on the Internet community, ethics statements, the role of the news media, crime in the computer world, and future prevention will be discussed. A documentation review presents four publications that describe in detail this particular parasitic computer program. Reference and bibliography sections are also included in this memo.

1. The Infection

----- "Sandworms, ya hate ’em, right??" ----- Michael Keaton, Beetlejuice

Defining "worm" versus "virus"

A "worm" is a program that can run independently, will consume the resources of its host from within in order to maintain itself, and can propagate a complete working version of itself on to other machines.

Reynolds [Page 1]

RFC 1135 The Helminthiasis of the Internet December 1989

A "virus" is a piece of code that inserts itself into a host, including operating systems, to propagate. It cannot run independently. It requires that its host program be run to activate it.

In the early stages of the helminthiasis, the news media popularly cited the Internet worm to be a "virus", which was attributed to an early conclusion of some in the computer community before a specimen of the worm could be extracted and dissected. There are some computer scientists that still argue over what to call the affliction. In this RFC, we use the term, "worm".

1.1 Infection - The Worm Attacks

The worm specifically and only made successful attacks on SUN workstations and VAXes running Berkeley UNIX code.

The Internet worm relied on the several known access loopholes in order to propagate over networks. It relied on implementation errors in two network programs: sendmail and fingerd.

Sendmail is a program that implements the Internet’s electronic mail services (routing and delivery) interacting with remote sites [1, 2]. The feature in sendmail that was violated was a non- standard "debug" command. The worm propagate...

Processing...
Loading...