'A Tour of the Worm' is available for ftp

Donn Seeley donn at wasatch.UUCP
Sat Dec 10 17:40:11 AEST 1988 

A first draft of this paper was finished by November 17 and has seen
wide circulation.  After receiving a number of helpful review comments
over the last few weeks, I made some changes and a final draft is now
available for anonymous FTP.  To retrieve this paper:

	$ ftp cs.utah.edu
	Name (cs.utah.edu:someone): anonymous
	331 Guest login ok, send ident as password.
	Password: anything
	230 Guest login ok, access restrictions apply.
	ftp> cd pub
	250 CWD command successful.
	ftp> get tour.n
	200 PORT command successful.
	150 Opening ASCII mode data connection for tour.n (70870 bytes).
	226 Transfer complete.
	local: tour.n remote: tour.n
	73134 bytes received in 1.1 seconds (67 Kbytes/s)
	ftp> get tour.crt
	200 PORT command successful.
	150 Opening ASCII mode data connection for tour.crt (77843 bytes).
	226 Transfer complete.
	local: tour.crt remote: tour.crt
	79545 bytes received in 1.2 seconds (67 Kbytes/s)
	ftp> quit
	221 Goodbye.
	$

The file 'tour.n' should be formatted with 'troff -me'.  For people who
don't have 'troff' or the '-me' macro package, the file 'tour.crt' is a
pre-formatted version of the document which can be viewed on an
ordinary terminal (it's just 'tour.n' run through 'nroff -me').

Why might you be interested in this paper?  The paper is written at a
moderate level of detail and is intended for an audience of ordinary
Unix users who want to know what the worm did but don't want to read
code listings.  The paper contains a concise chronology of the
infection and a phase-by-phase analysis of the activities of the worm.
My connection with the worm episode:  I was a member of the decompiling
team at Berkeley on November 3, and subsequently spent a substantial
amount of time finishing the decompilation, analyzing the code and
furnishing comments.  I put in a number of long nights on this and I
hope other people can benefit from it.

I will make a presentation based on this paper at the upcoming winter
Usenix conference, and a copy of the paper may appear in the proceedings.

Donn Seeley    University of Utah CS Dept    donn at cs.utah.edu
40 46' 6"N 111 50' 34"W    (801) 581-5668    utah-cs!donn

More information about the Comp.unix.wizards mailing list