[TUHS] Happy birthday, Morris Worm!
Erik E. Fair
fair-tuhs at netbsd.org
Thu Nov 16 11:05:34 AEST 2017
Unless I'm mistaken, the Morris worm was the first such incident to make the front page of the New York Times (in an article by now-retired John Markoff):
http://www.nytimes.com/1988/11/04/us/virus-in-military-computers-disrupts-systems-nationwide.html
So I'm not surprised that other reporters started poking around. No one thought to call Apple (at least, not that anyone told me about), but given the limited nature (and understanding) of the Internet at the time, and its characterization by Markoff as "military", this is not too surprising. My group was a little worried about an AppleTalk-based virus getting loose in the Apple Engineering Network ... and that sort-of did happen, not very long after:
http://virus.wikidot.com/wdef
Fortunately, WDEF had a bug which limited its spread to promiscuous media exchange (floppies) - AppleShare volumes didn't have the resource it attempted to infect (a "desktop database"), and thus if your computer had WDEF, the first attempt to mount an AppleShare volume would crash your system - at that time, most Macs didn't have MMUs and didn't run real operating systems like Unix ... and we inside Apple used AppleShare extensively. Also easy to clean out: just rebuild the "desktop database" (hold down Option key when mounting disk volumes, IIRC).
I'm also pretty sure that the Morris worm was the impetus for the formation of the Computer Emergency Response Team (CERT) at CMU Software Engineering Institute (SEI):
https://en.wikipedia.org/wiki/Computer_emergency_response_team
It looks like Wikipedia agrees with me.
Tom Duff gave a related talk & paper at Summer USENIX 1989 that was most
interesting, "Experience with Viruses on UNIX Systems":
https://www.usenix.org/legacy/publications/compsystems/1989/spr_duff.pdf
I especially liked the bit in which Tom's virus infected a multi-level secured UNIX system that Doug McIlroy and Jim Reeds were developing which they didn't spot until they turned on all their protections ... and programs started crashing all over the place.
Erik
More information about the TUHS
mailing list