Chuvash State University p>
Economic faculty p>
Report p>
COMPUTER VIRUSES p>
Author: p>
student of EC-13-98 p>
Eugene Ivanov p>
Cheboxary - 2001 p>
CONTENTS p>
A bit of history 3 p>
What is a computer virus? 4 p>
Who writes computer viruses? 5 p>
To whose advantage computer viruses are written? 6 p>
A legal notice. Penal Code of Russian Federation 7 p>
Synopsis 8 p>
SOURCES 9 p>
Appendix 10 p>
A bit of history p>
2 November 1988 Robert Morris younger (Robert Morris), graduate studentof informatics faculty of Cornwall University (USA) infected a great amountof computers, connected to Internet network. This network unites machinesof university centres, private companies and governmental agents, including
National Aeronautics Space Administration, as well as some militaryscientific centres and labs.
Network worm has struck 6200 machines that formed 7,3% computers tonetwork, and has shown, that UNIX not okay too. Amongst damaged were NASA,
LosAlamos National Lab, exploratory centre VMS USA, California Technology
Institute, and Wisconsin University (200 from 300 systems). Spread onnetworks ApraNet, MilNet, Science Internet, NSF Net it practically hasremoved these network from building. According to "Wall Street Journal",virus has infiltrated networks in Europe and Australia, where there werealso registered events of blocking the computers.
Here are some recalls of the event participants:
Symptom: hundreds or thousands of jobs start running on a Unix systembringing response to zero.
Systems attacked: Unix systems, 4.3BSD Unix & variants (eg: SUNs) anysendmail compiled with debug has this problem. This virus is spreading veryquickly over the Milnet. Within the past 4 hours, it has hit> 10 sitesacross the country, both Arpanet and Milnet sites. Well over 50 sites havebeen hit. Most of these are "major" sites and gateways.
Method: Someone has written a program that uses a hole in SMTP Sendmailutility. This utility can send a message into another program.
Apparently what the attacker did was this: he or she connected tosendmail (ie, telnet victim.machine 25), issued the appropriate debugcommand, and had a small C program compiled. (We have it. Big deal.) Thisprogram took as an argument a host number, and copied two programs - oneending in VAX.OS and the other ending in SunOS - and tried to load andexecute them. In those cases where the load and execution succeeded, theworm did two things (at least): spawn a lot of shells that did nothing butclog the process table and burn CPU cycles; look in two places - thepassword file and the internet services file - for other sites it couldconnect to (this is hearsay, but I don't doubt it for a minute). It usedboth individual. host files (which it found using the password file), andany other remote hosts it could locate which it had a chance of connectingto. It may have done more; one of our machines had a changed superuserpassword, but because of other factors we're not sure this worm did it.
All of Vaxen and some of Suns here were infected with the virus. Thevirus forks repeated copies of itself as it tries to spread itself, and theload averages on the infected machines skyrocketed. In fact, it got to thepoint that some of the machines ran out of swap space and kernel tableentries, preventing login to even see what was going on!
The virus also "cleans" up after itself. If you reboot an infectedmachine (or it crashes), the/tmp directory is normally cleaned up onreboot. The other incriminating files were already deleted by the virusitself.
4 November the author of the virus - Morris - come to FBI headquarters in
Washington on his own. FBI has imposed a prohibition on all materialrelating to the Morris virus.
22 January 1989 a court of jurors has acknowledged Morris guilty. Ifdenunciatory verdict had been approved without modification, Morris wouldhave been sentenced to 5 years of prison and 250 000 dollars of fine.
However Morris 'attorney Thomas G