Security threats Toolkit

The Internet worm comes of age

Tags:
First,
History,
Worm,
Blaster

Munir Kotadia ZDNet Australia

Published: 03 Nov 2004 09:48 GMT

At around midnight on November 2, 1988 the Morris worm, which was written by a 23-year-old Cornell Universtiy student called Robert Tappan Morris, was released on the then-embryonic Internet.

Within hours the worm's 99 lines of code overloaded thousands of Unix-based VAX and Sun systems and forced administrators to disconnect their computers from the network to try and stop the worm from spreading.

The Morris worm was part of a research project and was not designed to cause damage but it was programmed to self-replicate. Unfortunately the code contained a bug that allowed the worm to infect a single machine multiple times, which resulted in thousands of computers grinding to a halt.

Morris was convicted for his "research" but did not go to prison. He received a suspended sentence with community service and fined 10,000.

Security experts say that 16 years ago the Internet was still a closed system being used by Universities and the military for research purposes. Once it was opened to the public - and became known as the World Wide Web -- attitudes to security had to change.

Sean Richmond, senior technology consultant at Sophos Australia, said that since Morris, there have been fundamental changes in the way networks and computers communicate with each other and that will continue to evolve over the next 16 years.

"At that time, commands such as 'remote login', 'remote shell' and 'remote copy' were commonly used. The idea was that if you were logged into one machine you could access another system and it wouldn't even ask you for a login password. There was a level of trust," said Richmond.

Matt Dircks, vice president and product manager at network management specialists NetIQ, told ZDNet UK sister site ZDNet Australia that the biggest difference is the impact a network worm has on the general population.

When Morris hit in 1988 academics would have lost some of their research but when something like Blaster or Sasser starts spreading on the modern Internet it affects banks, government departments and even stops kids from researching their school work from home, said Dircks.

"The stakes have gone up because the impact of the worm has changed in scope and in depth. The impact on people's daily lives is much more pronounced," said Dircks.

Sophos's Richmond told ZDNet UK sister site ZDNet Australia that malware is unlikely to go away over the next 16 years but it should have less impact as software companies develop their applications with security in mind - rather than as an afterthought.

Also, he said that the next generation Internet will run on IPv6, which is a communications protocol that lays the foundation for a far more secure and safe online commercial environment.

"Security is being designed in the next TCP/IP version (IPV6), so the IP address will contain a knowledge and expectation of security. The current version IPv4 was built with a much more open world in mind. Security was not part of the initial design.

"In 16 years' time the potential for something to spread widely and rapidly across everything will be diminished just by the underlying security," said Richmond.

However, NetIQ's Dircks said that IPv6 is a very long term project and because it will require so much hardware to be replaced it will be a very slow upgrade cycle.

"Part of the solution is to build security into the architecture. But there are systems that are 30 or 40 years old still running and the companies using them will not get rid of them -- because they still work.

"We are always going to have a heterogeneous world and without painting a picture of doom, gloom and apocalypse, the problems are not going away," said Dircks.

Munir Kotadia reported from Sydney for ZDNet Australia. For more ZDNet Australia stories, click here.