Abstract
On the evening of 2 November 1988, someone infected the Internet with a worm program. That program exploited flaws in utility programs based on BSD-derived versions of UNIX. The flaws allowed the program to break into those machhines and copy itself, thus infecting those systems. Thi sprogram eventually spread to thousands of machines , and disrupted normal activities and Internet connectivity for many days.
This report gives a detailed description of the components of the worm program-data and functions. It is based on a study of two completely independent reverse-compilations of the worm and a version disassembled to VAX assembly language. Almost no source code is given in the paper because of current concerns about the state of the "immune system" of Internet hosts, but the description should be detailed enough to allow the reader to understand the behavior of the program.
The paper contains a review of the securty flaws exploited by the worm program, and gives some recommendations on how to eliminate or mitigate their future use. The report also includes and analysis of the coding style and methods used by the author(s) of the worm , and draw some conclusions about his abilities and intent.
