| Title: | -={ H A C K E R S }=- |
| Notice: | Write locked - see NOTED::HACKERS |
| Moderator: | DIEHRD::MORRIS |
| Created: | Thu Feb 20 1986 |
| Last Modified: | Mon Aug 03 1992 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 680 |
| Total number of notes: | 5456 |
Note #142 refers to a WORM program. Here's a discussion from another note file about a different type of WORM program. <_Jym_> ================================================================================ VAXWRK""::SYS$NOTES:VMSNOTES.NOT;1 ORION::ALEX VAX/VMS and more... 2-JUL-1985 08:26 Note 1113.0 WORM?? 7 responses -------------------------------------------------------------------------------- Hi there, I'm wondering if this is actually the right place to ask this question. I'm writing to inquire if anybody knows about a program called "the worm" or "WORM". What this program is suppose to do is to be able to cause great havoc to an Operating System by removing areas of the O.S. without leaving a trace of it being there. As I am new in the area of Internals, I am most interested in uncovering how it is done, as a matter of interest. I would be most grateful if anyone is willing to direct me to the right person or persons who might be able to help. Thanks, Alex ================================================================================ SPNAKR::RDF VAX/VMS and more... 2-JUL-1985 09:47 Note 1113.1 WORM?? 1 of 7 -------------------------------------------------------------------------------- Hmmmm. Haven't heard of "worm", but rumors and legends of software like this have been around for years. The best one (I thought) was the infamous "cookie monster" which supposedly propogated itself around the engineering net. At some unexpected moment the prompt "cookie?" would appear on your terminal and if you didn't type in "cookie" it would delete loads of files in your directory. I wonder if any of these hacker horror stories are true? Rick ** As far as being able to wreck great havoc on the OS and not leave a trace... Anyone with privs can destroy this O/S, and it doesn't take that much in the way of smarts to do it in a subtle manner. The hows are probably best not mentioned here. You might want to talk to the people developing the VMS security kernel in LTN, they could give you specifics. ================================================================================ SUMMIT::GRIFFIN VAX/VMS and more... 2-JUL-1985 10:21 Note 1113.2 WORM?? 2 of 7 -------------------------------------------------------------------------------- There was a less destructive program called Worm at Xerox PARC a number of years back. It was more of an experiment in distributed computing than a prank. It did, however, seek computing resources on a network and attempt to consume them (or apply them - I forget). I don't recall who the author was. - dave ================================================================================ SMAUG::PORTER VAX/VMS and more... 2-JUL-1985 16:44 Note 1113.3 WORM?? 3 of 7 -------------------------------------------------------------------------------- Hi there, I'd like to know how to make highly dangerous and destructive weapons. Purely for my own interest, of course. Anyone care to tell me how? dave :-) ================================================================================ UTRTSC::LUBBERS VAX/VMS and more... 3-JUL-1985 08:04 Note 1113.4 WORM?? 4 of 7 -------------------------------------------------------------------------------- RE .3 This should NOT be discussed in the NOTES. But if you really want to know, ask around in Lebanon. ================================================================================ ELMER::HILDUM VAX/VMS and more... 3-JUL-1985 08:56 Note 1113.5 WORM?? 5 of 7 -------------------------------------------------------------------------------- Scientific American some months back had an article in the mathematical section on programs such as this (right now the title escapes me, but it is the section Gardener used to write). Be warned, one location (a school) was able to remove one of these programs only by bulk erasing every disk they had. (This might prove rather painful here.) ================================================================================ SPEEDY::BRETT VAX/VMS and more... 3-JUL-1985 08:19 Note 1113.6 WORM?? 6 of 7 -------------------------------------------------------------------------------- Lets see, a "trojan horse" is a program that looks good to run (eg: GREAT_GAME.EXE) but does something special (as well as being a great game) when run by somebody with privileges. I believe a "worm" is a program that is an iterative "trojan horse". When run, it looks for somewhere even more privileged to put itself, and puts itself there. The idea is that this slowly silently works its way up the privilege scale until it gets what it wants. There is PLENTY of literature available on this - including our own VMS System Security Manual, sitting up there on your shelf. Read section 5.4.3.3! /Bevin ================================================================================ FAMOUS::KITTELL VAX/VMS and more... 7-JUL-1985 14:20 Note 1113.7 WORM?? 7 of 7 -------------------------------------------------------------------------------- The "worm" you seek was indeed an exercise in applied distributed computation at PARC. It was designed to do no harm, but simply attempted to put to use every idle CPU cycle within a network. Unfortunately, it was able to uncover some pathological interactions between operating systems and the network services. The worm was able to do actual work, from test programs to a real-time animation system. See the "Communications of the ACM", March 1982, Vol 25, Number 3 for a report by Shoch and Hupp of PARC. The report credits John Brunner with developing the notion in his novel "The Shockwave Rider". The fictional worm described there sounds more insidious than the real one at PARC, and is probably the one you've heard about. Let's hope it stays fictitious. Of course, if it doesn't and the Easynet is beset with killer worms, we know who was asking about them... Richard
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 146.1 | KOBAL::COWAN | Mon Aug 05 1985 23:06 | 28 | ||
Hasn't there been both legend and science fiction about such things for years? I remember hearing about a book on this subject. This particular worm was called "P1" and infested OS/360 by getting onto a distribution tape. A few years back, some friends wrote a "cookie" program that exploited a mis-feature of Unix. Once you have write access to a terminal, you have write access to it as long as the file is opened for writing, even after you log out. Writing to someone's terminal can be obnoxious, but you aren't doing real damage. Writing to the terminal is not the same as writing to standard input (aka SYS$INPUT). We had a port selector gizmo that randomly associated terminal across campus with terminal lines. Therefore, you could start up cookie on your local terminal, log off, and someone else would get the messages. What caused the most trouble was when some computing center administrative type logged in and saw "I want a cookie" appearing occasionally. This administrative type didn't realize the technical triviality of the hack, and really hit the ceiling. He thought someone had "broken security". [I always have had a certain amount of contempt for people who don't know the limits of their understanding. If this administrative type had simply wandered into his Unix guru's office, he would have found out in 2 seconds what was happening.] Now that I think of it, I'm not sure why I took this opportunity to flame a bit. Ah well. Cheers! KC | |||||
| 146.2 | SERPNT::GULDENSCHUH | Tue Aug 06 1985 02:10 | 10 | ||
Seems that I remember a little command file on the Enet a few years ago that brought down a large portion of the net. It wasn't intended to be harmful, but a bug in the (VMS) command procedure and some of the systems not having a diskquota on the DECnet account let it fill the system disk to capacity. If I remember correctly, it took turning off many circuits to kill it off. /s/ Chuck | |||||
| 146.3 | EDSVAX::CRESSEY | Tue Aug 06 1985 12:44 | 3 | ||
No person knows the limits of his or her understanding.
Dave
| |||||
| 146.4 | SHOGUN::BLUEJAY | Tue Aug 06 1985 16:32 | 5 | ||
There are just those who THINK they know the limits of thier understanding. Those are the dangerous ones. - Bluejay Adametz, CFII (no charge for philosophy) | |||||
| 146.5 | SNOV10::QUODLING | Wed Aug 07 1985 01:27 | 4 | ||
And, of course, those that think they know the limits of other people's understanding. These are usually called managers and are usually wrong. Q | |||||
| 146.6 | TOOLS::COWAN | Fri Aug 09 1985 20:22 | 10 | ||
Ok, ok. I had forgotten that the limits of ones understanding is a famous point of departure for philosophers. What I really meant was that this system administrator got bent out of shape becuase he assumed someone had "broken security" on the system, when in fact it was just some ordinary vanilla user program. Think we can find a better notesfile to discuss the limits of ones understanding? :-) KC | |||||
| 146.7 | EDSVAX::CRESSEY | Sat Aug 10 1985 11:20 | 5 | ||
Sure.
I guess I should have indicated this before >>> :-)
Dave
| |||||
| 146.8 | VAXUUM::DYER | Wed Oct 02 1985 17:51 | 70 | ||
Reply #0 continued . . .
<_Jym_>
================================================================================
VAXWRK::WRKD$:[NOTES]VMSNOTES.NOT;1
BEANO::WELSH VAX/VMS and more... 2-SEP-1985 18:13
Note 1113.8 WORM?? 8 of 10
--------------------------------------------------------------------------------
John Brunner's network was several decades in the future and literally
controlled every aspect of human life. That meant that through the network
you could do anything at all, provided you could get privilege. The trick,
having obtained some privilege, was to capitalise on that to get still
more privileges in other parts of the net, and to cover your tracks as you
went.
In the case of the worm, the program would propagate itself around the net
and actually tidy itself up behind (remove all traces of itself in the nodes
it had previously inhabited). This behaviour was precisley analogous to a
grazing animal moving on... at a potential speed of many nodes per second!
Starting in New York at time t, the worm might next be in Tokyo, Alaska,
Argentina and the Congo, * but not in New York any more *, at time t + say
10 seconds (one day the network will be FASTER :-).
Further, it would actually fight back. If the authorities attempted to
destroy the worm's files and images, they would propagate new images which
would destroy the attacking ones and also attempt to outflank the attackers
and do massive damage to the databases of the authorities in question.
In such a way the "tapeworm" would become more and more like a living creature.
It may or may not convince you, but it certainly lends a lot of interest to
the study of networks!
--Tom
================================================================================
VAXWRK::WRKD$:[NOTES]VMSNOTES.NOT;1
MORGAN::SCHMIDT VAX/VMS and more... 3-SEP-1985 17:27
Note 1113.9 WORM?? 9 of 10
--------------------------------------------------------------------------------
Another (fictional) worm:
THE ADOLESCENCE OF P1 ---- Softcover science fiction,
now out of print
<Unremembered TV title> -- An adaptation of 'P1' done
by public television as part
of an on-going kid-series
The Scientific American column:
COMPUTER RECREATIONS ----- Highly enjoyable monthly reading.
Atlant
================================================================================
VAXWRK::WRKD$:[NOTES]VMSNOTES.NOT;1
RANI::LEICHTERJ VAX/VMS and more... 3-SEP-1985 21:28
Note 1113.10 WORM?? 10 of 10
--------------------------------------------------------------------------------
The Adolescence of P1 is back in print, I guess as the result of the recent
wave of interest in hacking. A fun book if you were an OS/360 hacker; not much
to be said for it, otherwise - mediocre writing, clearly the one book the
auther just HAD to write.
-- Jerry
| |||||