Content Frame
[Skip Breadcrumb Navigation]
Home arrow Student Resources arrow Case studies arrow Internet worm

Internet worm
 

The perpetrator of the 1988 Internet worm (Robert Morris, a graduate student at Cornell University) meant no harm but was experimenting with what was possible. He is now a respected computer science researcher.

Security authorities no longer accept such an excuse so you should not attempt any such security 'experiments'.

Description

The 1988 Internet Worm was the first major worldwide computer security incident where malware (software that is malicious) propagated throughout the internet. This worm infected Unix servers, taking advantage of different types of vulnerability in installed code such as Sendmail and finger. The lessons from that incident are still valid and, surprisingly perhaps, the vulnerabilities identified that allowed the worm to cause such problems are still present in some modern software.

Use in teaching

Ian Sommerville supplements the book chapters on critical systems with discussions on other topics, including security. This case study shows how worms can propagate by taking advantage of security vulnerabilities and how availability and security are closely related topics.

Related chapters

Chapter 3: Dependability
Chapter 9: Dependable systems specification

Supporting documents

The incident was documented in a paper in Communications of the ACM, 'The Internet Worm: Crisis and Aftermath'. by Gene Spafford. (Comm ACM, 32 (6), June 1989 - accessible to ACM Digital Library members).

Overview of the Internet Worm

The above Powerpoint presentation gives an overview of the security incident. A PDF version is also available to download.

Incident analysis

This is a detailed analysis of the 1988 Internet Worm incident by researchers at MIT. It was the basis for a published paper on the incident in Communications of the ACM in July 1989.

The Internet archive of the message first reporting the incident.

Messages generated as system managers discussed how to handle the worm.

A more recent major security incident occurred in 2001 when the 'Code Red' worm struck a large number of Internet servers. This exploited a similar vulnerability (no array bound checking in C resulting in buffer overflow) to that exploited by the original worm. This is a link to the description of the problem in Communciations of the ACM.

The Code Red Worm




Copyright © 1995-2006 Pearson Education. All rights reserved.
 Legal and Privacy Notice 		Pearson Education

[Return to the Top of this Page]