Proceedings of the 2nd IFIP international conference on Computer security: a global challenge
Communications of the ACM
The “worm” programs—early experience with a distributed computation
Communications of the ACM
Password security: a case history
Communications of the ACM
Shockwave Rider
Communications of the ACM
With microscope and tweezers: the worm from MIT's perspective
Communications of the ACM
UNIX password security—ten years later
CRYPTO '89 Proceedings on Advances in cryptology
Security management--“hey! How do you steer this thing?”
ACM SIGSAC Review
An introduction to intrusion detection
Crossroads - Special issue on computer security
Secure Internet programming
A New Stack Buffer Overflow Hacking Defense Technique with Memory Address Confirmation
ICISC '01 Proceedings of the 4th International Conference Seoul on Information Security and Cryptology
A Self-Deploying Election Service for Active Networks
COORDINATION '99 Proceedings of the Third International Conference on Coordination Languages and Models
RAD: A Compile-Time Solution to Buffer Overflow Attacks
ICDCS '01 Proceedings of the The 21st International Conference on Distributed Computing Systems
An evolutionary approach to synthetic biology: zen in the art of creating life
Advances in evolutionary computing
A framework for testing security mechanisms for program-based attacks
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
The limits of global scanning worm detectors in the presence of background noise
Proceedings of the 2005 ACM workshop on Rapid malcode
Effective identification of source code authors using byte-level information
Proceedings of the 28th international conference on Software engineering
A framework for security requirements engineering
Proceedings of the 2006 international workshop on Software engineering for secure systems
Fighting cybercrime: a review and the Taiwan experience
Decision Support Systems - Special issue: Intelligence and security informatics
Polaris: virus-safe computing for Windows XP
Communications of the ACM - Privacy and security in highly dynamic systems
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Examining the significance of high-level programming features in source code author classification
Journal of Systems and Software
Detecting worm variants using machine learning
CoNEXT '07 Proceedings of the 2007 ACM CoNEXT conference
The Quest for Multi-headed Worms
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Proceedings of the 15th ACM conference on Computer and communications security
Accelerating the Propagation of Active Worms by Employing Multiple Target Discovery Techniques
NPC '08 Proceedings of the IFIP International Conference on Network and Parallel Computing
Exploiting a buffer overflow using metasploit framework
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Biologically inspired defenses against computer viruses
IJCAI'95 Proceedings of the 14th international joint conference on Artificial intelligence - Volume 1
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Computer viruses as artificial life
Artificial Life
Fighting cybercrime: a review and the Taiwan experience
Decision Support Systems - Special issue: Intelligence and security informatics
Data Privacy in Tuple Space Based Mobile Agent Systems
Electronic Notes in Theoretical Computer Science (ENTCS)
Defending against the propagation of active worms
The Journal of Supercomputing
Accurate buffer overflow detection via abstract payload execution
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Low-level software security: attacks and defenses
Foundations of security analysis and design IV
On the evolution of adversary models in security protocols: or know your friend and foe alike
Proceedings of the 13th international conference on Security protocols
Modeling the propagation of Peer-to-Peer worms
Future Generation Computer Systems
Ethical guidelines for computer security researchers: "Be reasonable"
FC'10 Proceedings of the 14th international conference on Financial cryptograpy and data security
ValueGuard: protection of native applications against data-only buffer overflows
ICISS'10 Proceedings of the 6th international conference on Information systems security
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
RIPE: runtime intrusion prevention evaluator
Proceedings of the 27th Annual Computer Security Applications Conference
ICISS'05 Proceedings of the First international conference on Information Systems Security
Network system and world wide web security
Computer Communications
An orchestration approach for unwanted Internet traffic identification
Computer Networks: The International Journal of Computer and Telecommunications Networking
An historical examination of open source releases and their vulnerabilities
Proceedings of the 2012 ACM conference on Computer and communications security
There is safety in numbers: preventing control-flow hijacking by duplication
NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
HeapSentry: kernel-assisted protection against heap overflows
DIMVA'13 Proceedings of the 10th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Hi-index | 0.03 |
On the evening of 2 November 1988, someone infected the Internet with a worm program. That program exploited flaws in utility programs in systems based on BSD-derived versions of UNIX. The flaws allowed the program to break into those machines and copy itself, thus infecting those systems. This program eventually spread to thousands of machines, and disrupted normal activities and Internet connectivity for many days.This report gives a detailed description of the components of the worm program---data and functions. It is based on study of two completely independent reverse-compilations of the worm and a version disassembled to VAX assembly language. Almost no source code is given in the paper because of current concerns about the state of the "immune system" of Internet hosts, but the description should be detailed enough to allow the reader to understand the behavior of the program.The paper contains a review of the security flaws exploited by the worm program, and gives some recommendations on how to eliminate or mitigate their future use. The report also includes an analysis of the coding style and methods used by the author(s) of the worm, and draws some conclusions about his abilities and intent.