|
RIP #06
10 января 1998 |
|
virus Morris - about the virus Morris.
(C) IE Moiseenkov Skiped by Werewolves
Absolutely precise sequence of events is currently
almost impossible to recover because, firstly, in
while most attacks were all primarily interested in fast
containment and removal of viruses, but not in the detailed
recording of facts [B1]; and, secondly, because the virus
rapidly blocked attacked computer networks, resulting in
interrupted communication between users. The specialists of
the older generation say that the message held in nets during a
virus attack, very similar messages about enemy combatants,
received on communication in World War II. In any case, these
messages can feel the utter helplessness that prevailed during
the viral attacks in different network nodes, to estimate the
opportunity users to understand what is going on and draw
conclusions about the system requirements to assist in such
situations. So, on Nov. 2, 1988, Wednesday. 17:00 virus
detected at Cornell University (New York). 21:00 The virus was
found in the systems Stanford University and the firm Rand
Corporation (California) 22:00 Virus hit system at Berkeley.
23:00 virus experts discovered the Department of Mathematics at
Princeton University (New Jersey).
First, all found a virus thought it was just another incident
that relates only to their system. No of course could not
imagine what extent will the epidemic within a few hours.
Nevertheless, administrators attack the system will send
messages about the incident. 23:28 In an e-mail VIRUS_L was
the first message about the virus. It is reported that attacked
universities in the Davis and San Diego Lawrence Livermore
Laboratory name and the Research Center of NASA (all in
California) Entry of the virus is identified as an SMTP Attack
all of 4.3 BSD and Sun 3.X. It is noted that the virus
distributed through TELNETD, FTPD, FINGER, RSHD and SMTP.
23:45 The virus was found in a research lab ballistics.
Gradually it became clear that the same clinical signs of the
virus are watching users located in different parts of country.
Given the coincidence of events in time, it was concluded that
the national computer system attacked by the same virus that
spreads through the network, since otherwise the spread can not
be explained by the speed with which virus appeared in
different parts of the United States, unless, of course, do not
assume that everything that happens the result of a pre-planned
and well-prepared action of some criminal gang, which has
access to all national systems. Life administrators American
systems after the fact, as they say, ceased to be
bezinteresnoy! For users and system administrators attacked
nodes network behavior of the virus has been incomprehensible.
In some systems directory / usr / tmp files appeared unusual,
and in magazines files of several utilities have appeared
strange messages. Most notable, however, was that more and more
increased loading systems, which led eventually to the
exhaustion of any free space allocated for swapping or overflow
the system process table - in any case it meant locking system.
As the name network, in which the virus was detected, its
immediately dubbed the virus Milnet / Arpanet. Soon, however,
revealed that the virus from the Arpanet successfully migrated
to the network Science Internet - and he immediately gets the
name "virus Internet ". But after a Cornell University expressed
indirectly proved by the assumption that the virus has probably
developed within its walls, the virus finally gets one of the
most common, thanks to the efforts of the press, the name - the
virus Cornell / Arpanet.
Occurred on November 3, Thursday ...
1:00 Reports of infection of a 15-node network Arpanet. 2:00
infected with a virus system, Harvard University
(Massachusetts). 3:30 The virus was found at the Center for MIT
Institute. 3:46 In the message, which took place in the e-mail
RISKS clarifies that the attacking system UNIX - 4.3 BSD - and
similar s Sun, running on VAX computers and computer firm DEC
Sun. It is also reported that the virus is spread through holes
in security tools available Sendmail e-mail within these
systems. 04: 00 Because the network is overloaded, the spread
of the virus is slowed down, by this time have been infected
for more than 1000 network nodes. 05: 15 Carnegie Mellon
University in Pittsburgh (Pennsylvania) of the 100 computers
connected to the Arpanet, out of order 80. 8:00 Report of the
virus from Center for Astrophysics Smithonian. Subsequently,
there were several versions of how exactly and by whom virus
was detected. The first is that the virus was discovered on the
night of 2 / 3 November 1988 one of the scientists Lawrence
Livermore Laboratory. Lawrence. Referring to your home terminal
to the computing system lab he noticed an unusual increase in
the intensity of her boot. Suspecting something was wrong, the
employee reported it to the operator on duty and he (obviously
guided instruction), immediately disconnect the system from the
network Science Internet, through which the virus spreads.
Specialists Livermore Laboratory could really alone of the
first to detect the virus. The fact that this laboratory,
conduct studies on the SDI program and the development of new
types of nuclear weapons in May 1988 had already been
confronted with a virus, then, appear to have been taken
further precautions and increased vigilance.
Immediately about the incident was reported to the
Communications Department of Defense (Defence Communication
Agency; DCA), which manages the network Arpanet. At three
o'clock in the morning on virus attacks has learned leadership
DoD. However, despite the efficiency of the notice, to localize
the virus in the network was no longer possible. According to
the second version of the notice of the appearance of the virus
has been sent an unknown person via a computer network,
together with instructions for its destruction. But the network
was overloaded and too many data centers do not immediately
receive the signal. When, finally, message noticed it was too
late.
To be continued ...
Other articles:
Similar articles:
В этот день... 7 May