The Interet Virus of '88 Paper
In early November 1988 the Internet, a collection
of networks consisting of 60,000 host computers implementing the
TCP/IP protocol suite, was attacked by a virus, a program which broke
into computers on the network and which spread from one machine to
another. This paper is a detailed analysis of the virus program
itself, as well as the reactions of the besieged Internet community.
We discuss the structure of the actual program, as well as the
strategies and ideas the virus used to reproduce itself. We present
the chronology of events as seen by our team at MIT, one of a handful
of groups around the country working to take apart the virus, in an
attempt to discover its secrets and to learn the network's
vulnerabilities. Finally, we describe the lessons that this incident
has taught the Internet community and topics for future consideration
and resolution.
The paper is available in
html
and
postscript.
It has been published and reprinted several times:
- "With Microscope and Tweezers: An Analysis of the Internet Virus of
November 1988" in Proceedings of
the IEEE Symposium on Research In Security and Privacy, 1989, with M.
Eichin.
- "With Microscope and Tweezers: The Worm from MIT's Perspective", in
Communications of the ACM, June 1989, 32(6), with M. Eichin.
Also reprinted in Bit magazine, Japan, Denning, Peter J.,
Computers Under Attack: Intruders, Worms, and Viruses, ACM Press, New
York, 1990 and Hoffman, Lance J.
Rouge Programs: Viruses, Worms and Trojan Horses, Van Nostrand
Reinhold, New York, 1990.