Browse Prior Art Database

Helminthiasis of the Internet (RFC1135) Disclosure Number: IPCOM000001946D
Original Publication Date: 1989-Dec-01
Included in the Prior Art Database: 2000-Sep-12
Document File: 29 page(s) / 70K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

J.K. Reynolds: AUTHOR


----- "The obscure we see eventually, the completely apparent takes longer." ----- Edward R. Murrow

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 4% of the total text.

Network Working Group J. Reynolds

Request for Comments: 1135 ISI

December 1989

The Helminthiasis of the Internet

Status of this Memo

This memo takes a look back at the helminthiasis (infestation with,

or disease caused by parasitic worms) of the Internet that was

unleashed the evening of 2 November 1988. This RFC provides

information about an event that occurred in the life of the Internet.

This memo does not specify any standard. Distribution of this memo

is unlimited.


----- "The obscure we see eventually, the completely

apparent takes longer." ----- Edward R. Murrow

The helminthiasis of the Internet was a self-replicating program that

infected VAX computers and SUN-3 workstations running the 4.2 and 4.3

Berkeley UNIX code. It disrupted the operations of computers by

accessing known security loopholes in applications closely associated

with the operating system. Despite system administrators efforts to

eliminate the program, the infection continued to attack and spread

to other sites across the United States.

This RFC provides a glimpse at the infection, its festering, and

cure. The impact of the worm on the Internet community, ethics

statements, the role of the news media, crime in the computer world,

and future prevention will be discussed. A documentation review

presents four publications that describe in detail this particular

parasitic computer program. Reference and bibliography sections are

also included in this memo.

1. The Infection

----- "Sandworms, ya hate 'em, right??" ----- Michael

Keaton, Beetlejuice

Defining "worm" versus "virus"

A "worm" is a program that can run independently, will consume the

resources of its host from within in order to maintain itself, and

can propagate a complete working version of itself on to other


A "virus" is a piece of code that inserts itself into a host,

including operating systems, to propagate. It cannot run

independently. It requires that its host program be run to

activate it.

In the early stages of the helminthiasis, the news media popularly

cited the Internet worm to be a "virus", which was attributed to

an early conclusion of some in the computer community before a

specimen of the worm could be extracted and dissected. There are

some computer scientists that still argue over what to call the

affliction. In this RFC, we u...