Page 1470 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1470

In November 1988, a young computer science student named
                  Robert Tappan Morris brought the fledgling internet to its knees

                  with a few lines of computer code. He released a malicious worm
                  he claimed to have created as an experiment onto the internet. It
                  spread quickly and crashed a large number of systems.

                  This worm spread by exploiting four specific security holes in the
                  Unix operating system.

                  Sendmail Debug Mode Then-current versions of the popular
                  Sendmail software package used to route electronic mail messages
                  across the internet contained a security vulnerability. This

                  vulnerability allowed the worm to spread itself by sending a
                  specially crafted email message that contained the worm’s code to
                  the Sendmail program on a remote system. When the remote
                  system processed the message, it became infected.

                  Password Attack The worm also used a dictionary attack to
                  attempt to gain access to remote systems by utilizing the username

                  and password of a valid system user (see “Dictionary Attacks” later
                  in this chapter).

                  Finger Vulnerability Finger, a popular internet utility, allowed
                  users to determine who was logged on to a remote system. Then-
                  current versions of the Finger software contained a buffer-overflow
                  vulnerability that allowed the worm to spread (see “Buffer
                  Overflows” later in this chapter). The Finger program has since

                  been removed from most internet-connected systems.

                  Trust Relationships After the worm infected a system, it
                  analyzed any existing trust relationships with other systems on the
                  network and attempted to spread itself to those systems through
                  the trusted path.

                  This multipronged approach made the internet worm extremely
                  dangerous. Fortunately, the (then-small) computer security

                  community quickly put together a crack team of investigators who
                  disarmed the worm and patched the affected systems. Their efforts
                  were facilitated by several inefficient routines in the worm’s code
                  that limited the rate of its spread.
   1465   1466   1467   1468   1469   1470   1471   1472   1473   1474   1475