arrow Communications of the ACM
arrow Volume 32 , Issue 6 (1989)

access SIGs conferences publication page subscription page

Crisis and aftermath
Pages 678-687

E. H. Spafford

metadata:   abstract index terms reviews  
rule rule rule rule
full text:   pdf 1156 KB

back to top
blue HR


Last November the Internet was infected with a worm program that eventually spread to thousands of machines, disrupting normal activities and Internet connectivity for many days. The following article examines just how this worm operated.

back to top
blue HR


Categories and Subject Descriptors:
Computing Milieux -Computers and Society - Social Issues (K.4.2): Abuse and crime involving computers**; Computing Milieux -Management of Computing and Information Systems - Miscellaneous (K.6.m): Security*; Computing Milieux -The Computing Profession - Miscellaneous (K.7.m): Ethics**; Computing Milieux -Management of Computing and Information Systems - General (K.6.0);

General Terms:
Design, Management, Performance, Security

back to top
blue HR


From Computing Reviews
Thomas C. Richards

This paper contains a detailed analysis of the Internet worm incident, which occurred in November 1988. During the evening of November 2 the worm spread quickly to Sun 3 systems and VAX computers running 4 BSD UNIX. As time went on these machines became so loaded that they were unable to continue processing. Within several hours effective methods of stopping the invading program had been discovered.

This paper contains a complete analysis of how the Internet worm operated and of the aftermath of its release. This includes how bugs in the fingerd and sendmail software in UNIX were exploited and how the attacker used common lists of passwords until a match was found. A detailed overview of how the worm program functioned is also presented. The author concludes his discussion with the moral, ethical, and legal issues related to this type of computer security breach.

blue HR