On the Adaptive Real-Time Detection of Fast-Propagating Network Worms
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Hi-index | 0.00 |
On the evening of 2 November 1988, someone "infected"the Internet with a worm program. That program exploitedflaws in utility programs in systems based on BSD-derivedversions of UNIX. The flaws allowed the program to breakinto those machines and copy itself, thus infecting those systems.This program eventually spread to thousands of machines,and disrupted normal activities and Internet connectivityfor many days. It was the first major network-wideattack on computer systems, and thus was a matter of considerableinterest.This paper provides a brief chronology of both the spreadand eradication of the program, a presentation about howthe program worked, and details of the aftermath. That isfollowed by discussion of some observations of what hashappened in the years since that incident. The discussionsupports the title of this paper - that the community hasfailed to learn from the past.