[8385] in bugtraq
10th anniversary of the Internet Worm
daemon@ATHENA.MIT.EDU (Gregory Newby)
Tue Nov 3 22:02:22 1998
Date: Mon, 2 Nov 1998 22:33:51 -0500
Reply-To: Gregory Newby <gbnewby@ILS.UNC.EDU>
From: Gregory Newby <gbnewby@ILS.UNC.EDU>
To: BUGTRAQ@NETSPACE.ORG
Lest we forget, today was the 10th anniversary of the
Internet Worm, released by Robert Tappan Morris, Jr.
An article about it appears at http://www.msnbc.com/news/209745.asp
Morris was the first person to be tried under the Computer
Fraud and Abuse Act of 1986. His trial took place in Syracuse,
NY (an hour or so north of Cornell University). He was sentenced
to 3 years of probation and also paid a fine and did some
community service. (Kevin Mitnick should be so lucky!)
Morris' worm exploited three known but un-patched security
holes:
- a hole in sendmail
- a hole in finger
- the use of .rhosts files
Estimates at the time were that around 6000 computers were
infected. Because the Internet (and Usenet) was virtually
useless during the few days the Worm was active, people
working to eradicate the worm used BITNET mailing lists
to communicate.
One of the major outcomes of the Internet Worm was the
formation of CERT. At first, CERT was a non-profit affiliated
with Carnegie Mellon University. Later, CERT was semi-privatized
and became a multi-tiered membership organization.
-- gbn