olsen@XN.LL.MIT.EDU (Jim Olsen) (11/08/88)
>From the Sunday New York Times (page 1): >"[Robert Morris] quickly recognized that things had gone terribly wrong >and, they disclosed, he arranged for a friend to send out instructions >on eradicating the virus to the same computers plagued by the virus." Has anyone identified this alleged eradication message? I checked our USENET logs at the time and found no such message. I only saw partial reports and patches, later refined as the worm was more fully analyzed. Where did this "friend" supposedly post the message?
sewilco@datapg.MN.ORG (Scot E Wilcoxon) (11/09/88)
In article <1151@xn.LL.MIT.EDU> olsen@xn.ll.mit.edu (Jim Olsen) writes: >>From the Sunday New York Times (page 1): >>"[Robert Morris] quickly recognized that things had gone terribly wrong >>and, they disclosed, he arranged for a friend to send out instructions >>on eradicating the virus to the same computers plagued by the virus." > >Has anyone identified this alleged eradication message? Look in comp.protocols.tcp-ip for a message from "foo@bar" (I don't remember what domain it is in :-). It was vague and had a signed follow up message. -- Scot E. Wilcoxon sewilco@DataPg.MN.ORG {amdahl|hpda}!bungia!datapg!sewilco Data Progress UNIX masts & rigging +1 612-825-2607 I'm just reversing entropy while waiting for the Big Crunch.
rodgers@cca.ucsf.edu (Rick Rodgers) (11/11/88)
In article <2311@datapg.MN.ORG> sewilco@datapg.MN.ORG (Scot E Wilcoxon) writes: >In article <1151@xn.LL.MIT.EDU> olsen@xn.ll.mit.edu (Jim Olsen) writes: >>>From the Sunday New York Times (page 1): >>>"[Robert Morris] quickly recognized that things had gone terribly wrong >>>and, they disclosed, he arranged for a friend to send out instructions >>>on eradicating the virus to the same computers plagued by the virus." >> >>Has anyone identified this alleged eradication message? > There was an article inside the Wall St. Journal several days ago which described this process, and named the friend. I still believe that delegating such a task is a major misjudgment. -- R. P. C. Rodgers, Statistical Mechanics of Biomolecules, Dept. of Pharm. Chem., University of California, San Francisco CA 94118 (415)476-8910 (ARPA: rodgers@cca.ucsf.edu, BITNET: rodgers@ucsfcca, UUCP: ...ucbvax.berkeley.edu!cca.ucsf.edu!rodgers)
chk@dretor.dciem.dnd.ca (C. Harald Koch) (11/16/88)
In article <1151@xn.LL.MIT.EDU> olsen@xn.ll.mit.edu (Jim Olsen) writes: >>From the Sunday New York Times (page 1): >>"[Robert Morris] quickly recognized that things had gone terribly wrong >>and, they disclosed, he arranged for a friend to send out instructions >>on eradicating the virus to the same computers plagued by the virus." > >Has anyone identified this alleged eradication message? I checked our >USENET logs at the time and found no such message. I only saw partial >reports and patches, later refined as the worm was more fully analyzed. > >Where did this "friend" supposedly post the message? First Message: % From: foo@bar.arpa % Newsgroups: comp.protocols.tcp-ip % Subject: (none) % Message-ID: <8811030834.AA10454@iris.brown.edu> % Date: 3 Nov 88 08:34:13 GMT % Sender: daemon@ucbvax.BERKELEY.EDU % Organization: The Internet % Lines: 19 % Posted: Thu Nov 3 03:34:13 1988 % % A Possible virus report: % % There may be a virus loose on the internet. % % Here is the gist of a message Igot: % % I'm sorry. % % Here are some steps to prevent further transmission: % % 1) don't run fingerd, or fix it to not overrun its stack when reading % arguments. % % 2) recompile sendmail w/o DEBUG defined % % 3) don't run rexecd % % Hope this helps, but more, I hope it is a hoax. % qui % Second Message: % From: sudduth@HARVARD.HARVARD.EDU % Newsgroups: comp.protocols.tcp-ip % Subject: tracking anonymous messages % Message-ID: <8811052259.AA21527@ucbvax.Berkeley.EDU> % Date: 5 Nov 88 21:32:25 GMT % Sender: daemon@ucbvax.BERKELEY.EDU % Organization: The Internet % Lines: 7 % Posted: Sat Nov 5 16:32:25 1988 % % % If anyone cares who sent the anonymous message from foo@bar.arpa through % isis.brown.edu, I did it. The machine influenza.harvard.edu is an % annex terminal server. At the time I didn't want to answer questions % about how I knew. % % Andy Sudduth % -- C. Harald Koch NTT Systems, Inc., Toronto, Ontario chk@zorac.dciem.dnd.ca, chk@gpu.utcs.toronto.edu, chk@chk.mef.unicus.com Note: some sites may still have zorac.dciem.dnd.ca as zorac.ARPA. "I give you my phone number. If you worry, call me. I'll make you happy."