ВУЗ:
Составители:
Рубрика:
65
Aeronautics Space Administration, as well as some military scientific centres and
labs .
Network worm has struck 6,200 machines that formed 7,3% computers to
network, and has shown, that UNIX not okay too. Amongst damaged were NASA,
LosAlamos National Lab, exploratory centre VMS USA, California Technology
Institute, and Wisconsin University (200 from 300 systems). Spread on networks
ApraNet, MilNet, Science Internet, NSF Net it practically has removed these network
from building. According to «Wall Street Journal, virus has infiltrated networks in
Europe and Australia, where there were also registered events of blocking the
computers.
Here are some recalls of the event participants:
Symptom: hundreds or thousands of jobs start running on a Unix system
bringing response to zero.
Systems attacked: Unix systems, 4.3BSD Unix & variants (e.g.: SUNs) any
sendmail compiled with debug has this problem. This virus is spreading very quickly
over the Milnet. Within the past 4 hours, it has hit >10 sites across the country, both
Arpanet and Milnet sites. Well over 50 sites have been hit. Most of these are «major»
sites and gateways.
Method: Someone has written a program that uses a hole in SMTP Sendmail
utility. This utility c an send a message into another program.
Apparently what the attacker did was this: he or she connected to sendmail (i.e.,
telnet victim.machine 25), issued the appropriate debug command, and had a small С
program compiled. (We have it. Big deal.) This program took as an argument a host
number, and copied two programs – one ending in VAX.OS and the other ending in
SunOS – and tried to load and execute them. In those cases where the load and
execution succeeded, the worm did two things (at least): spawn a lot of shells that did
nothing but clog the process table and burn CPU cycles; look in two places – the
password file and the internet services file – for other sites it could connect to (this is
hearsay, but I don't doubt it for a minute). It used both individual .host files (which it
found using the password file), and any other remote hosts it could locate which it
had a chance of connecting to. It may have done more; one of our machines had a
changed superuser password, but because of other factors we're not sure this worm
did it.
All of Vaxen and some of Suns here were infected with the virus. The virus
forks repeated copies of itself as it tries to spread itself, and the load averages on the
infected machines skyrocketed: in fact, it got to the point that some of the machines
ran out of swap space and kernel table entries, preventing login to even see what was
going on!
The virus also «cleans» up after itself. If you reboot an infected machine (or it
crashes), the /tmp directory is normally cleaned up on reboot. The other incriminating
files were already deleted by the virus itself.
4 November the author of the virus – Morris – come to FBI headquarters in
Washington on his own. FBI has imposed a prohibition on all material relating to the
Morris virus.
Страницы
- « первая
- ‹ предыдущая
- …
- 64
- 65
- 66
- 67
- 68
- …
- следующая ›
- последняя »
