Computer Security Applications Conference, Annual (2003)
Las Vegas, Nevada
Dec. 8, 2003 to Dec. 12, 2003
Eugene H. Spafford , Purdue University CERIAS
On the evening of 2 November 1988, someone "infected" the Internet with a worm program. That program exploited flaws in utility programs in systems based on BSD-derived versions of UNIX. The flaws allowed the program to break into those machines and copy itself, thus infecting those systems. This program eventually spread to thousands of machines, and disrupted normal activities and Internet connectivity for many days. It was the first major network-wide attack on computer systems, and thus was a matter of considerable interest.<div></div> This paper provides a brief chronology of both the spread and eradication of the program, a presentation about how the program worked, and details of the aftermath. That is followed by discussion of some observations of what has happened in the years since that incident. The discussion supports the title of this paper - that the community has failed to learn from the past.
E. H. Spafford, "A Failure to Learn from the Past," Computer Security Applications Conference, Annual(ACSAC), Las Vegas, Nevada, 2003, pp. 217.