jon@ATHENA.MIT.EDU (Jon Rochlis) (02/15/89)
The MIT paper on the Internet virus of last Novemember, "With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988", is now available via anonymous ftp from either bitsy.mit.edu (18.72.0.3) or athena-dist.mit.edu (18.71.0.38) in the pub/virus directory as mit.PS (and mit.PS.Z). A version of this paper will be presented at the 1989 IEEE Symposium on Research in Security and Privacy. -- Jon Abstract: In early November 1988 the Internet, a collection of networks consisting of 60,000 host computers implementing the TCP/IP protocol suite, was attacked by a virus, a program which broke into computers on the network and which spread from one machine to another. This paper is a detailed analysis of the virus program itself, as well as the reactions of the besieged Internet community. We discuss the structure of the actual program, as well as the strategies the virus used to reproduce itself. We present the chronology of events as seen by our team at MIT, one of a handful of groups around the country working to take apart the virus, in an attempt to discover its secrets and to learn the network's vulnerabilities. We describe the lessons that this incident has taught the Internet community and topics for future consideration and resolution. A detailed routine by routine description of the virus program including the contents of its built in dictionary is provided.