Jon A. Rochlis
Abstract
The actions taken by a group of computer scientists at MIT during the worm invasion represents a study of human response to a crisis. The authors also relate the experiences and reactions of other groups throughout the country, especially in terms of how they interacted with the MIT team.
- 1 Castro, L., et al. Post mortem of 3 November ARPANET/MILNET attack. National Computer Security Center, Ft. Meade, Md., November 1988.]]Google Scholar
- 2 Computer whiz puts virus in computers. Boston Herald (Nov. 5, 1988), 1.]]Google Scholar
- 3 Markoff, J. "Author of computer 'virus' is son of U.S. electronic security expert." New York Times {Nov. 5, 1988), A1.]]Google Scholar
- 4 Markoff, J. Computer snarl: A "back door" ajar. New York Times (Nov. 7, 1988), B10.]]Google Scholar
- 5 Markoff, J. U.S. is moving to restrict access to facts about computer virus. New York Times (Nov. 11, 1988), A28.]]Google Scholar
- 6 Neumann, P.G. ed. Forum of risks to the public in cornputers and related systems. 7, 69. ACM Committee on Computers and Public Policy, November 3, 1988.]]Google Scholar
- 7 Postel, J.B. Simple mail transfer protocol. Request Fo~ Comments NIC/RFC 821. Network Working Group, USC ISI, August 1982.]] Google ScholarDigital Library
- 8 Spafford, E.H. The internet worm program: An analy,;is. ACM SIGCOM 19 (Jan. 1989).]] Google ScholarDigital Library
Index Terms
- With microscope and tweezers: the worm from MIT's perspective
Recommendations
WORM vs. WORM: preliminary study of an active counter-attack mechanism
WORM '04: Proceedings of the 2004 ACM workshop on Rapid malcodeSelf-propagating computer worms have been terrorizing the Internet for the last several years. With the increasing density, inter-connectivity and bandwidth of the Internet combined with security measures that inadequately scale, worms will continue to ...
Worm virulence estimation for the containment of local worm outbreak
A worm-infected host scanning globally may not cause any new infection in its underlying local network before it is detected and quarantined by a worm detector. To defend this type of scanning hosts, a number of worm scanner detection methods such as ...
Reviews
S. P. Saraswat
This paper describes a succession of events leading to the discovery and subsequent neutralization of a computer virus at MIT. This virus, known as the Internet virus, originated at Cornell and infected many Internet sites, including MIT, Stanford, and the Rand Corporation, in a short time during October–November 1988. In the initial phases of the attack, several suspicious network messages received at the MIT Media Lab were ignored, but when these messages were repeated on Project Athena computers, the presence of a virus was suspected and action taken to prevent its spread to other sites. Telecommunications experts at MIT contacted other Internet sites to determine the nature of the virus and later decoded the virus to understand its functioning. This cooperation among the users, in the form of an “old boy” network, was very useful in neutralizing the virus. As general points of interest for network security, the paper emphasizes the importance of host-level defenses against network viruses, constant logging of network messages, and a policy of least privilege for access to the network. Although the paper is descriptive and at times difficult to read due to cryptic messages, it is well organized and addresses an issue of great topical interest in an increasingly interconnected global computer environment. MIT's experience will be extremely helpful to telecommunications managers elsewhere in determining appropriate network security policies.
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.
Comments