[8385] in bugtraq

home help back first fref pref prev next nref lref last post

10th anniversary of the Internet Worm

daemon@ATHENA.MIT.EDU (Gregory Newby)
Tue Nov 3 22:02:22 1998

Date: 	Mon, 2 Nov 1998 22:33:51 -0500
Reply-To: Gregory Newby <gbnewby@ILS.UNC.EDU>
From: Gregory Newby <gbnewby@ILS.UNC.EDU>
To: BUGTRAQ@NETSPACE.ORG

Lest we forget, today was the 10th anniversary of the
Internet Worm, released by Robert Tappan Morris, Jr.

An article about it appears at http://www.msnbc.com/news/209745.asp

Morris was the first person to be tried under the Computer
Fraud and Abuse Act of 1986.  His trial took place in Syracuse,
NY (an hour or so north of Cornell University).  He was sentenced
to 3 years of probation and also paid a fine and did some
community service.  (Kevin Mitnick should be so lucky!)

Morris' worm exploited three known but un-patched security
holes:

        - a hole in sendmail
        - a hole in finger
        - the use of .rhosts files

Estimates at the time were that around 6000 computers were
infected.  Because the Internet (and Usenet) was virtually
useless during the few days the Worm was active, people
working to eradicate the worm used BITNET mailing lists
to communicate.

One of the major outcomes of the Internet Worm was the
formation of CERT.  At first, CERT was a non-profit affiliated
with Carnegie Mellon University.  Later, CERT was semi-privatized
and became a multi-tiered membership organization.

  -- gbn

home help back first fref pref prev next nref lref last post