|
|
|
A computer virus infects other programs. A variant of the virus is a program that spreads from computer to computer, spawning copies of itself on each one.
Definition 22–13. A computer worm is a program that copies itself from one computer to another.
Research into computer worms began in the mid-1970s. Schoch and Hupp [889] developed distributed programs to do computer animations, broadcast messages, and perform other computations. These programs probed workstations. If the workstation was idle, the worm copied a segment onto the system. The segment was given data to process and communicated with the worm's controller. When any activity other than the segment's began on the workstation, the segment shut down.
|
EXAMPLE: On November 2, 1988, a program targeting Berkeley and Sun UNIX-based computers entered the Internet; within hours, it had rendered several thousand computers unusable [322, 323, 845, 900, 901, 952, 953, 974]. Among other techniques, this program used a virus-like attack to spread: it inserted some instructions into a running process on the target machine and arranged for those instructions to be executed. To recover, these machines had to be disconnected from the network and rebooted, and several critical programs had to be changed and recompiled to prevent reinfection. Worse, the only way to determine if the program had suffered other malicious side effects (such as deletion of files) was to disassemble it. Fortunately, the only purpose of this virus turned out to be self-propagation. Infected sites were extremely lucky that the worm[5] did not infect a system program with a virus designed to delete files and did not attempt to damage attacked systems. |
[5] We use the conventional terminology of calling this program a "computer worm" because its dominant method of propagation was from computer system to computer system. Others, notably Eichin and Rochlis [322], have labeled it a "computer virus."
Since then, there have been several incidents involving worms. The Father Christmas worm was interesting because it was a form of macro worm.
|
EXAMPLE: Slightly before the Internet worm, an electronic "Christmas card" passed around several IBM-based networks. This card was an electronic letter instructing the recipient to save the message and run it as a program. The program drew a Christmas tree (complete with blinking lights) and printed "Merry Christmas!" It then checked the recipient's list of previously received mail and the recipient's address book to create a new list of e-mail addresses. It then sent copies of itself to all these addresses. The worm quickly overwhelmed the IBM networks and forced the networks and systems to be shut down [422]. This worm had the characteristics of a macro worm. It was written in a high-level job control language, which the IBM systems interpreted. Like the Melissa virus, which was written in the Visual Basic programming language, the Father Christmas worm was never directly executed—but its effects (spreading from system to system) were just as serious. |
|
|
|
| Top |