|The 1988 Internet Worm|
|SE 8 Web|
The 1988 Internet Worm was the first major worldwide computer security incident where malware (software that is malicious) propagated throughout the internet. This worm infected Unix servers, taking advantage of different types of vulnerability in installed code such as Sendmail and finger. The lessons from that incident are still valid and, surprisingly perhaps, the vulnerabilities identified that allowed the worm to cause such problems are still present in some modern software.
The perpetrator of the 1988 Internet worm (Robert Morris, a graduate student at Cornell University) meant no harm but was experimenting with what was possible. He is now a respected computer science researcher. Security authorities no longer accept such an excuse so you should not attempt any such security 'experiments'.
Use in teachingI supplement the book chapters on critical systems with discussions on other topics, including security. This case study shows how worms can propagate by taking advantage of security vulnerabilities and how availability and security are closely related topics.
The incident was documented in a paper in Communications of the ACM, 'The Internet Worm: Crisis and Aftermath'. by Gene Spafford. (Comm ACM, 32 (6), June 1989 - accessible to ACM Digital Library members).