Case study: Morris worm

Introduction

In November 1988, as a student of Computer Science from Cornell University, writes experimental program "Worm", which is able to self-replicate and spread over the Internet using flaws in UNIX programs for the exchange of electronic mail. In order to conceal his true identity, Morris is "injected" worms in the network using computers MIT. To his dismay, Morris was soon determined that neither his program is not perfect - multiplied nor spread is much greater than expected. Due to the resulting overload, many computers in the neighborhood are simply blocked or become "catatonic". When he saw what was happening, panic Morris called friends from Harvard, trying to find a solution. Soon they sent an anonymous message advising others how to disrupt the replication and propagation of worms through the network. Unfortunately, computer connections are at that point were already congested Morris's program, so that the message to the audience broke too late .

After twelve hours, the guys from Berkeley are managed independently of Morris, to make effective recipe that would spread the worm could stop. The situation began to normalize only a few days, after instructions for congested links have not been able to penetrate to the thousands of users who had already dropped out of the system. The focus of the public is gradually turning towards the one who is all cooked. Name Robert Morris appeared in the "New York Times" and before the investigation is completed . Morris was ultimately charged with "abuse and fraud using computers" and sentenced to three years of police supervision (with costs), 400 hours of community amenities and 10,000 dollar fine. The court, however, was gracious: Morris is for only one night their galloping "worm" from the system out to thousands of military, university and government computer, where the cost of "recovery" totaled 200 to 50,000 dollars per computer.

Architecture of the worm

Conferring to its inventor, Morris' worm it's not made for making any harm, but rather to device the extent of the Internet. Morris’ worm was discharged from MIT in order to conceal the point that the Kornel its creator. He has worked both as exhibited known weaknesses of Unix, sendmail, a finger-a, and rsh-and / rexec's, and weak passwords. As a result of reliance on the rsh (which is excluded in the non-confidential networks), repairs to sendmail, finger-in, widely used fail2ban-and alike software, and upgraded responsiveness of the risks of frail passwords, must not prosper in a well-organized systems .

Apparently unintentional result of code caused him to be more harmful: PC can be infested numerous times as it slowed and can become useless. This can create the effect of divergence shell and broke the PC. The primary body of the Morris’ worm is ready to stain DEC VAX engines, which runs 4BSD, and Sun-3 framework. Adaptable C "gathering snare" part of the worm was developed to hasten (download) the primary body, and not able to deal with different frameworks, stew them and makes them fringe casualties.

Error

Dangerous error that turned worms from benign to infectious mechanism was expanding. The worm is able to strike a new PC asking him if there is a copy of which was loaded. But only this would easily repel worms: all they could to launch a method that would be answered with "yes" after he was asked if the copy exist, and the worm will not be attacked. Protection of this is enthused by Michael Rabin's intonation, "Randomization". For recompense this option, the worm was made to copy even though the answer is YES one of seven times. The level of copying showed unnecessary, the worm range quickly, affecting some PCs numerous times. Rabin alleged that the Morris worm first need to examine the simulator .

The effect of worms

Estimated damage caused by the worm was between 100,000-10,000,000 dollars. It was reported about 6,000 UNIX infected Morris's worm, however, Morris's fellow Pol Graham said that the assessment made Approx method, so it is assumed that the 60,000 computers have been on the Internet and that the worm may have infested 10% of them. Some regional networks are disconnected from the Internet for a few days, so that the worm would not have entered into their systems.

Robert Morris was condemned to 3years of conditional imprisonment, 400 hours of public service, an adequate of 13.326 US dollars. Morris Worm is sometimes called the "Big Worm", because of its distressing influence on the Internet that time.

Conclusion and recommendation

When we talk about security is very important when we go in its implementation to consider all possible forms and types of threats that may endanger us. Taking these things into account it is important to understand how the network is essential for the protection of a system. For these reasons it is necessary to consider the network infrastructure from all aspects. Each company has specific needs and requirements when the network and communications in question and those needs and requirements must be consistent with that to ensure that there is no unauthorized access to the network. On the other it is necessary to provide the level of protection that is required, and not go a step further in the procedures and levels of protection, because how can you help the other hand, can slow down the productivity of a company if there are redundant procedures.

The 1988 attack is also known as the Morris Worm, created by Robert T. Morris. It was the first automated network security attack. Morris is the first individual to be imprisoned under the American Computer Fraud and Abuse Act of 1986. He was condemned to parole for 3 years with 400 hours of work and a fine of $ 10.500. The estimates of Interpol computer criminality are caused by the damage done immediately behind the drug and weapons trade. Anonymity is one of the fundamental features of computer crime.