The Interet Virus of '88 Paper

By Jon Rochlis and Mark Eichin

In early November 1988 the Internet, a collection of networks consisting of 60,000 host computers implementing the TCP/IP protocol suite, was attacked by a virus, a program which broke into computers on the network and which spread from one machine to another. This paper is a detailed analysis of the virus program itself, as well as the reactions of the besieged Internet community. We discuss the structure of the actual program, as well as the strategies and ideas the virus used to reproduce itself. We present the chronology of events as seen by our team at MIT, one of a handful of groups around the country working to take apart the virus, in an attempt to discover its secrets and to learn the network's vulnerabilities. Finally, we describe the lessons that this incident has taught the Internet community and topics for future consideration and resolution.

The paper is available in html and postscript. It has been published and reprinted several times:

"With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988" in Proceedings of the IEEE Symposium on Research In Security and Privacy, 1989, with M. Eichin.

"With Microscope and Tweezers: The Worm from MIT's Perspective", in Communications of the ACM, June 1989, 32(6), with M. Eichin. Also reprinted in Bit magazine, Japan, Denning, Peter J., Computers Under Attack: Intruders, Worms, and Viruses, ACM Press, New York, 1990 and Hoffman, Lance J. Rouge Programs: Viruses, Worms and Trojan Horses, Van Nostrand Reinhold, New York, 1990.