Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Internet worm source code

From: spaf () cs purdue edu (Gene Spafford)
Date: Mon, 17 Oct 1994 00:05:39 -0500

Robert wrote:


Gene Spafford's written quite a good paper on the worm;
I'm pretty sure it's available at ftp.cert.org. It contains
partial decompiled versions of the original src code.


Thanks.  Most people seem to consider it the canonical reference.

In the directory ftp://coast.cs.purdue.edu/pub/doc/morris_worm one may
find:

  1) My original tech report on the Worm, which was reprinted in
     ACM Computer Communication Review.  This is the paper to which
     Robert refers.
  2) My follow-up tech report, later presented at the ESEC conference.
  3) Eichin & Rochlis's IEEE paper on the worm ("With Microscope and
     Tweezers")
  4) The full-length tech report version of the Eichin & Rochlis paper
  5) Donn Seely's paper on the worm
  6) The written decision of the US Court of Appeals on Morris's
     appeal of his conviction.
  7) A paper on the worm written by Bob Page, then at the Univ of
     Lowell.
  8) A short FAQ.
  9) Text of the GAO report on the Morris incident.
 10) A copy of RFC 1135 on the Worm incident.
 11) copies of the news article posted by Keith Bostic with the
     BSD fixes to sendmail

Unfortunately, I don't have a copy of the Cornell Commission report
on-line.  We will add one or more of the copies of the source code
that have been indicated in previous mail to this list.  And, if I can
locate my copy of the traffic on the mailing list I started for Worm
response (phage), I'll include that.  I think it is on a backup tape
somewhere....

I've seen the actual Worm source code.  I've also seen parts of 3 or 4
different decompilations.  Most of the decompilations are close, but
they don't have some of the "ifdef'd" code of the original, nor do
they have the comments (obviously).  The comments in the original code
strongly suggested that Robert intended it to behave the way it did --
no accidents involved.  I do not know if Cornell ever intends to
release the actual code.

If anyone knows of any other on-line resources relating to this (or
anything else related to security) that we do not have on
coast.cs.purdue.edu, please drop a line about it to
security-archive () coast cs purdue edu and we'll add it in.

If anyone has questions about the Worm or the papers or the archive,
I'll be happy to try to answer them in private e-mail.  Further
discussion of the Worm is a bit off the topic of the list.

Cheers,
--spaf
Previous By Date Next
Previous By Thread Next

Current thread: