Page 040


Undergound. Go to Table of Contents.

   such accounts.

    

   12. It looks for an account that has access to SYSUAF.DAT.

  

   13. If a priv. account is found, the program is copied to that account

   and started. If no priv. account was found, it is copied to other

   accounts found on the random system.

  

   14. As soon as it finishes with a system, it picks another random

   system and repeats (forever).

  

   Response:

  

   1. The following program will block the worm. Extract the following

   code and execute it. It will use minimal resources. It creates a

   process named NETW_BLOCK which will prevent the worm from running.

  

   Editors note: This fix will work only with this version of the worm.

  

   Mutated worms will require modification of this code; however, this

   program should prevent the worm from running long enough to secure

   your system from the worms attacks.13

   ////////////////////////////////////////////////////////////////////////

 

                            ---

  

   McMahon's version of an anti-WANK program was also ready to go by late

   Monday, but he would face delays getting it out to NASA. Working inside

   NASA was a balancing act, a delicate ballet demanding exquisite

   choreography between getting the job done, following official procedures

   and avoiding steps which might tread on senior bureaucrats' toes. It was

   several days before NASA's anti-WANK program was officially released.

  

   DOE was not without its share of problems in launching the anti-WANK

   program and advisory across HEPNET. At 5.04 p.m. Pacific Coast Time on

   17 October, as Oberman put the final touches on the last paragraph of

   his final report on the worm, the floor beneath his feet began to

   shake. The building was trembling. Kevin Oberman was in the middle of

   the 1989 San Francisco earthquake.

  

   Measuring 7.1 on the Richter scale, the Loma Prieta earthquake ripped

   through the greater San Francisco area with savage speed. Inside the

   computer lab, Oberman braced himself for the worst. Once the shaking

   stopped and he ascertained the computer centre was still standing, he

   sat back down at his terminal. With the PA blaring warnings for all

   non-essential personnel to leave the building immediately, Oberman

   rushed off the last sentence of the report. He paused and then added a

   postscript saying that if the paragraph didn't make sense, it was

   because he was a little rattled by the large earthquake which had just

   hit Lawrence Livermore Labs. He pressed the key, sent out his final

   anti-WANK report and fled the building.

  

   Back on the east coast, the SPAN office continued to help people

   calling from NASA sites which had been hit. The list of sites which

   had reported worm-related problems grew steadily during the week.

   Official estimates on the scope of the WANK worm attack were vague,

   but trade journals such as Network World and Computerworld quoted the

   space agency as suffering only a small number of successful worm

   invasions, perhaps 60 VMS-based computers. SPAN security manager Ron

   Tencati estimated only 20 successful worm penetrations in the NASA