Path: utzoo!utgpu!attcan!uunet!pyrdc!pyrnj!rutgers!mailrus!purdue!spaf From: spaf@cs.purdue.edu (Gene Spafford) Newsgroups: news.sysadmin Subject: Re: The virus Summary: NO! DOn't post it! Message-ID: <5330@medusa.cs.purdue.edu> Date: 7 Nov 88 06:29:05 GMT References: <5311@medusa.cs.purdue.edu> <2072@ddsw1.MCS.COM> <241@ispi.UUCP> <11581@bellcore.bellcore.com> Sender: news@cs.purdue.EDU Reply-To: spaf@cs.purdue.edu (Gene Spafford) Organization: Department of Computer Science, Purdue University Lines: 31 In article <11581@bellcore.bellcore.com> karn@jupiter.UUCP (Phil R. Karn) writes: >It sure would be nice if Morris (or someone at Cornell with access to his >files) were to release the complete, original source for the object portion >of the virus. Good heavens, no! At least, it shouldn't be widely published! The virus, as is, needs only a few small changes and it could be sent out again to infect all those systems that don't have all the necessary patches in place. Plus, there are other "backdoors" (known and not yet known) into systems that could be added in. The result could be a real mess if someone else decides to try a "better" version of the worm. (Note -- it's a worm, not a virus, since it can replicate itself and does not hide itself inside other code.) What we really want is a list of all the things in the worm that take advantage of security holes, and advice on how to plug them. I'm working on getting a disassembled version of the virus so I can do exactly that, and I will post the list here and in various other places when I have it. If someone at Cornell wants to aid me in this, fine, but I really, really think we should not publish the code in any way....providing it to trusted individuals with a promise not to spread it is fine (I wouldn't mind Phil getting a copy, for instance, or Rick Adams, etc., but I wouldn't want others to get it...and I won't name names, although 3 or 4 spring instantly to mind). We want to know what holes to plug, not provide a power drill to vandals. -- Gene Spafford NSF/Purdue/U of Florida Software Engineering Research Center, Dept. of Computer Sciences, Purdue University, W. Lafayette IN 47907-2004 Internet: spaf@cs.purdue.edu uucp: ...!{decwrl,gatech,ucbvax}!purdue!spaf