Misplaced Pages

#922077

54-536: Early research and development: Merging the networks and creating the Internet: Commercialization, privatization, broader access leads to the modern Internet: Examples of Internet services: The Morris worm or Internet worm of November 2, 1988 , is one of the oldest computer worms distributed via the Internet , and the first to gain significant mainstream media attention. It resulted in

108-554: A couple thousand" computers were affected. The Internet was partitioned for several days, as regional networks disconnected from the NSFNet backbone and from each other to prevent recontamination while cleaning their own networks. The Morris worm prompted DARPA to fund the establishment of the CERT/CC at Carnegie Mellon University , giving experts a central point for coordinating responses to network emergencies. Gene Spafford also created

162-509: A firm should always prefer higher values of θ {\displaystyle \theta } , even if it is not first in the selection order. Both the algorithmic and human ranking methods are of the form of F θ {\displaystyle {\mathcal {F}}_{\theta }} and differ by the accuracy parameters θ A , θ H {\displaystyle \theta _{A},\theta _{H}} . The algorithmic ranking output

216-534: A firm should prefers independent ranking methods given all else is equal. The intuition behind preference for weaker competition is that when a candidate is removed (hired by a different firm), the best remaining candidate is better in expectation when the removed candidate is chosen based on a less accurate ranking. Thus, a firm should always prefer that its competitors would be less accurate. These conditions are met for F θ {\displaystyle {\mathcal {F}}_{\theta }} that

270-508: A keyboard. It could take days to kill a worm like that, and sometimes weeks." The second ever computer worm was devised to be an anti-virus software. Named Reaper , it was created by Ray Tomlinson to replicate itself across the ARPANET and delete the experimental Creeper program (the first computer worm, 1971). On November 2, 1988, Robert Tappan Morris , a Cornell University computer science graduate student, unleashed what became known as

324-407: A large community bugs are discovered relativity fast. Like agricultural monocultures , algorithmic monocultures are not diverse, thus susceptible to correlated failures - a failure of many parts participating in the monoculture. In complete non-monocultures, where the outcome of all components are mutually independent thus un-correlated, the chance of catastrophic event (failure of all the parts in

378-451: A large number of vulnerabilities in the network. Any code designed to do more than spread the worm is typically referred to as the " payload ". Typical malicious payloads might delete files on a host system (e.g., the ExploreZip worm), encrypt files in a ransomware attack, or exfiltrate data such as confidential documents or passwords. Some worms may install a backdoor . This allows

432-519: A machine, then the majority of worms are unable to spread to it. If a vulnerability is disclosed before the security patch released by the vendor, a zero-day attack is possible. Users need to be wary of opening unexpected emails, and should not run attached files or programs, or visit web sites that are linked to such emails. However, as with the ILOVEYOU worm, and with the increased growth and efficiency of phishing attacks, it remains possible to trick

486-438: A monoculture whose correlated nature results in degraded overall quality of the decisions. Since monocultures form in areas of high-stakes decisions such as credit scoring and automated hiring, it is important to achieve optimal decision making. This scenario can be studied through the lens of mechanism design , in which agents are choosing between a set of algorithms, some of which return correlated outputs. The overall impact of

540-761: A noisy-ranking of the candidates, then each firm (in a random order) hires the first available candidate in their ranking. Each firm can choose to use either an independent human rankers or use a common algorithmic ranking. The ranking algorithm F θ {\displaystyle {\mathcal {F}}_{\theta }} is modeled as a noisy distribution above permutations of S {\displaystyle S} parametrized by an accuracy parameter θ > 0 {\displaystyle \theta >0} . In order for F θ {\displaystyle {\mathcal {F}}_{\theta }} to make sense it should satisfy these conditions: These conditions state that

594-596: A simulator first". During the Morris appeal process, the US court of appeals estimated the cost of removing the virus from each installation was in the range of $ 200–$ 53,000. Possibly based on these numbers, Stoll, a systems administrator known for discovering and subsequently tracking the hacker Markus Hess three years earlier, estimated for the US Government Accountability Office that the total economic impact

SECTION 10

#1732852532923

648-477: A virus, the virus automatically resides in memory and waits to be triggered. There are also some worms that are combined with backdoor programs or Trojan horses , such as " Code Red ". Contagiousness Worms are more infectious than traditional viruses. They not only infect local computers, but also all servers and clients on the network based on the local computer. Worms can easily spread through shared folders , e-mails , malicious web pages, and servers with

702-529: A world without algorithmic ranking is higher). The main theorem proved by Kleinberg of this model is that for any θ H {\displaystyle \theta _{H}} and any noisy ranking family F θ {\displaystyle {\mathcal {F}}_{\theta }} that satisfy these conditions: there exists a θ A > θ H {\displaystyle \theta _{A}>\theta _{H}} such that both firms prefer using

756-448: A worm is not limited by the host program, worms can take advantage of various operating system vulnerabilities to carry out active attacks. For example, the " Nimda " virus exploits vulnerabilities to attack. Complexity Some worms are combined with web page scripts, and are hidden in HTML pages using VBScript , ActiveX and other technologies. When a user accesses a webpage containing

810-412: A worm with that tough a head or that long a tail!" "Then the answer dawned on him, and he almost laughed. Fluckner had resorted to one of the oldest tricks in the store and turned loose in the continental net a self-perpetuating tapeworm, probably headed by a denunciation group "borrowed" from a major corporation, which would shunt itself from one nexus to another every time his credit-code was punched into

864-571: Is a monoculture, since a majority of the overall number of workstations connected to the Internet are running versions of the Microsoft Windows operating system, many of which are vulnerable to the same attacks. Large monocultures can also arise from software libraries , for example the Log4Shell exploit in the popular Log4j library estimated to affect hundreds of millions of devices. The concept

918-417: Is corotated - it always outputs the same permutation. In contrast, a human ranked premutation is drawn from F θ H {\displaystyle {\mathcal {F}}_{\theta _{H}}} independently for each of firms. For s 1 , s 2 ∈ { A , H } {\displaystyle s_{1},s_{2}\in \{A,H\}} strategies of

972-456: Is increased spread of algorithmic bias . In the light of increased usage of machine learning there is a growing awareness of the biases introduced by algorithms. The nature of monocultures exacerbate this problem since it makes the bias systemic and spreading unfair decisions. Monocultures may lead to Braess's like paradoxes in which introducing a "better option" (such as a more accurate algorithm) leads to suboptimal monocultural convergence -

1026-491: Is significant when discussing computer security and viruses , the main threat is exposure to security vulnerabilities. Since monocultures are not diverse, any vulnerability found exists in all the individual members of the monoculture increasing the risk of exploitation. An example to that is exploit Wednesday in which after Windows security patches are released there is an increase exploitation events on not updated machines. Clifford Stoll wrote in 1989 after dealing with

1080-541: The Ethernet principles on their network of Xerox Alto computers. Similarly, the Nachi family of worms tried to download and install patches from Microsoft's website to fix vulnerabilities in the host system by exploiting those same vulnerabilities. In practice, although this may have made these systems more secure, it generated considerable network traffic, rebooted the machine in the course of patching it, and did its work without

1134-551: The Morris worm , disrupting many computers then on the Internet, guessed at the time to be one tenth of all those connected. During the Morris appeal process, the U.S. Court of Appeals estimated the cost of removing the worm from each installation at between $ 200 and $ 53,000; this work prompted the formation of the CERT Coordination Center and Phage mailing list. Morris himself became the first person tried and convicted under

SECTION 20

#1732852532923

1188-526: The Morris worm : A computer virus is specialized: a virus that works on an IBM PC cannot do anything to a Macintosh or a Unix computer. Similarly, the Arpanet virus could only strike at systems running Berkeley Unix . Computers running other operating systems—like AT&T Unix , VMS , or DOS —were totally immune. Diversity, then, works against viruses. If all the systems on the Arpanet ran Berkeley Unix,

1242-454: The 1986 Computer Fraud and Abuse Act . Conficker , a computer worm discovered in 2008 that primarily targeted Microsoft Windows operating systems, is a worm that employs three different spreading strategies: local probing, neighborhood probing, and global probing. This worm was considered a hybrid epidemic and affected millions of computers. The term "hybrid epidemic" is used because of the three separate methods it employed to spread, which

1296-538: The Internet randomly, looking for vulnerable hosts to infect. In addition, machine learning techniques can be used to detect new worms, by analyzing the behavior of the suspected computer. A helpful worm or anti-worm is a worm designed to do something that its author feels is helpful, though not necessarily with the permission of the executing computer's owner. Beginning with the first research into worms at Xerox PARC , there have been attempts to create useful worms. Those worms allowed John Shoch and Jon Hupp to test

1350-410: The Internet. The name was derived from the "Great Worms" of Tolkien : Scatha and Glaurung . Computer worm Many worms are designed only to spread, and do not attempt to change the systems they pass through. However, as the Morris worm and Mydoom showed, even these "payload-free" worms can cause major disruption by increasing network traffic and other unintended effects. The term "worm"

1404-571: The Phage mailing list to coordinate a response to the emergency. Morris was tried and convicted of violating United States Code Title   18 ( 18 U.S.C.   § 1030 ), the Computer Fraud and Abuse Act , in United States v. Morris . After appeals, he was sentenced to three years' probation, 400 hours of community service, and a fine of US$ 10,050 (equivalent to $ 22,000 in 2023) plus

1458-405: The brilliant project')". The worm exploited several vulnerabilities of targeted systems, including: The worm exploited weak passwords . Morris's exploits became generally obsolete due to decommissioning rsh (normally disabled on untrusted networks), fixes to sendmail and finger, widespread network filtering, and improved awareness of weak passwords. Though Morris said that he did not intend for

1512-463: The computer to be remotely controlled by the worm author as a " zombie ". Networks of such machines are often referred to as botnets and are very commonly used for a range of malicious purposes, including sending spam or performing DoS attacks. Some special worms attack industrial systems in a targeted manner. Stuxnet was primarily transmitted through LANs and infected thumb-drives, as its targets were never connected to untrusted networks, like

1566-407: The computer to report a false positive . Instead, he programmed the worm to copy itself 14% of the time, regardless of the status of infection on the computer. This resulted in a computer potentially being infected multiple times, with each additional infection slowing the machine down to unusability. This had the same effect as a fork bomb , and crashed the computer several times. The main body of

1620-436: The consent of the computer's owner or user. Regardless of their payload or their writers' intentions, security experts regard all worms as malware . Another example of this approach is Roku OS patching a bug allowing for Roku OS to be rooted via an update to their screensaver channels, which the screensaver would attempt to connect to the telnet and patch the device. One study proposed the first computer worm that operates on

1674-415: The correlated algorithm is a dominant strategy , thus converging to monoculture that leads suboptimal social welfare. In this scenario we will consider two firms and a group S {\displaystyle S} of n {\displaystyle n} candidate with hidden utilities of x i {\displaystyle x_{i}} . For hiring process - each firm will produce

Morris worm - Misplaced Pages Continue

1728-410: The correlated nature of algorithmic monocultures degrades total social welfare. Even though algorithmic rankings are more accurate. The first condition on F θ {\displaystyle {\mathcal {F}}_{\theta }} (Preference for the first position) is equivalent to a preference of firms to have independent ranking (in our setting - non algorithmic). This means that

1782-401: The costs of his supervision. The total fine ran to $ 13,326, which included a $ 10,000 fine, $ 50 special assessment, and $ 3,276 cost of probation oversight. The Morris worm has sometimes been referred to as the "Great Worm," due to the devastating effect it had on the Internet at that time, both in overall system downtime and in psychological impact on the perception of security and reliability of

1836-517: The decision making is measured by social welfare . This section demonstrates the concern of suboptimal monoculture convergence using automated hiring as a case study. Hiring is the process of ranking a group of candidates and hiring the top-valued. In recent years automated hiring (automatically ranking candidates based on their interaction with an AI powered system) became popular. As shown by Kleinberg , under some assumptions, suboptimal automated hiring monocultures naturally form, namely, choosing

1890-508: The embedded programmable logic controllers of industrial machines. Although these systems operate independently from the network, if the operator inserts a virus-infected drive into the system's USB interface, the virus will be able to gain control of the system without any other operational requirements or prompts. Worms spread by exploiting vulnerabilities in operating systems. Vendors with security problems supply regular security updates (see " Patch Tuesday "), and if these are installed to

1944-551: The end-user into running malicious code. Anti-virus and anti-spyware software are helpful, but must be kept up-to-date with new pattern files at least every few days. The use of a firewall is also recommended. Users can minimize the threat posed by worms by keeping their computers' operating system and other software up to date, avoiding opening unrecognized or unexpected emails and running firewall and antivirus software. Mitigation techniques include: Infections can sometimes be detected by their behavior - typically scanning

1998-414: The event of a successful attack. With the global trend of increased usage and reliance on computerized systems, some vendors supply solutions that are used throughout the industry (such as Microsoft Windows ) - this forms algorithmic monocultures. Monocultures form naturally since they utilize economies of scale , it is cheaper to manufacture and distribute a single solution. Furthermore, by being used by

2052-542: The first felony conviction in the US under the 1986 Computer Fraud and Abuse Act . It was written by a graduate student at Cornell University , Robert Tappan Morris , and launched on 8:30 p.m. November 2, 1988, from the Massachusetts Institute of Technology network. The worm's creator, Robert Tappan Morris , is the son of cryptographer Robert Morris , who worked at the NSA . A friend of Morris said that he created

2106-555: The first and second firm, Social welfare W s 1 , s 2 {\displaystyle W_{s_{1},s_{2}}} is defied as the sum of utilities of the hired candidates. The Braess's like paradox in this framework is suboptimal monocultures converges. That is, using the algorithmic ranking is dominant strategy thus converging toward monoculture yet it yields suboptimal welfare W A , A < W H , H {\displaystyle W_{A,A}<W_{H,H}} (welfare in

2160-623: The internet. This virus can destroy the core production control computer software used by chemical, power generation and power transmission companies in various countries around the world - in Stuxnet's case, Iran, Indonesia and India were hardest hit - it was used to "issue orders" to other equipment in the factory, and to hide those commands from being detected. Stuxnet used multiple vulnerabilities and four different zero-day exploits (e.g.: [1] ) in Windows systems and Siemens SIMATICWinCC systems to attack

2214-459: The monoculture) is the multiplication of each component failure probability (exponentially decreasing). On the other end, perfect monocultures are completely correlated, thus have a single point of failure. This means that the chance of a catastrophic event is constant - the failure probably of the single component. Since operating systems are used in almost every workstation they form monocultures. For example Dan Geer has argued that Microsoft

Morris worm - Misplaced Pages Continue

2268-433: The performance of massive scale ephemeral artworks. It turns the infected computers into nodes that contribute to the artwork. Monoculture (computer science) In computer science , a monoculture is a community of computers that all run identical software. All the computer systems in the community thus have the same vulnerabilities, and, like agricultural monocultures , are subject to catastrophic failure in

2322-504: The same deficiencies exploited by the Blaster worm , Welchia infected computers and automatically began downloading Microsoft security updates for Windows without the users' consent. Welchia automatically reboots the computers it infects after installing the updates. One of these updates was the patch that fixed the exploit. Other examples of helpful worms are "Den_Zuko", "Cheeze", "CodeGreen", and "Millenium". Art worms support artists in

2376-519: The second layer of the OSI model (Data link Layer), utilizing topology information such as Content-addressable memory (CAM) tables and Spanning Tree information stored in switches to propagate and probe for vulnerable nodes until the enterprise network is covered. Anti-worms have been used to combat the effects of the Code Red , Blaster , and Santy worms. Welchia is an example of a helpful worm. Utilizing

2430-407: The sherd algorithmic ranking even though the social welfare is higher when both use the human evaluators. In other words - regardless of the accuracy of the human rankers there exists a more accurate algorithm whose introduction leads to suboptimal monoculture convergence. The implications of this theorem is that under these conditions, firms will choose to use the algorithmic ranking even though that

2484-583: The virus would have disabled all fifty thousand of them. Instead, it infected only a couple thousand. Biological viruses are just as specialized: we can't catch the flu from dogs. Bureaucrats and managers will forever urge us to standardize on a single type of system: "Let's only use Sun workstations" or "Only buy IBM systems." Yet somehow our communities of computers are a diverse population—with Data General machines sitting next to Digital Vaxes ; IBMs connected to Sonys . Like our neighborhoods, electronic communities thrive through diversity. Another main concern

2538-412: The virus would have disabled all fifty thousand of them." It is usually reported that around 6,000 major UNIX machines were infected by the Morris worm. Graham claimed, "I was there when this statistic was cooked up, and this was the recipe: someone guessed that there were about 60,000 computers attached to the Internet, and that the worm might have infected ten percent of them". Stoll estimated that "only

2592-403: The worm can infect only DEC VAX machines running 4 BSD , alongside Sun-3 systems. A portable C "grappling hook" component of the worm was used to download the main body parts, and the grappling hook runs on other systems, loading them down and making them peripheral victims. By instructing the worm to replicate itself regardless of a computer's reported infection status, Morris transformed

2646-428: The worm from a potentially harmless intellectual and computing exercise into a viral denial-of-service attack . Morris's inclusion of the rate of copy within the worm was inspired by Michael Rabin 's mantra of randomization . The resulting level of replication proved excessive, with the worm spreading rapidly, infecting some computers several times. Rabin would eventually comment that Morris "should have tried it on

2700-479: The worm simply to see if it could be done, and released it from the Massachusetts Institute of Technology (MIT) in the hope of suggesting that its creator studied there, instead of Cornell. Clifford Stoll , author of The Cuckoo’s Egg , wrote that "Rumors have it that [Morris] worked with a friend or two at Harvard's computing department (Harvard student Paul Graham sent him mail asking for 'Any news on

2754-429: The worm to be actively destructive, instead seeking to merely highlight the weaknesses present in many networks of the time, a consequence of Morris's coding resulted in the worm being more damaging and spreadable than originally planned. It was initially programmed to check each computer to determine if the infection was already present, but Morris believed that some system administrators might counter this by instructing

SECTION 50

#1732852532923

2808-428: Was between $ 100,000 and $ 10,000,000. Stoll helped fight the worm, writing in 1989 that "I surveyed the network, and found that two thousand computers were infected within fifteen hours. These machines were dead in the water—useless until disinfected. And removing the virus often took two days." Stoll commented that the worm showed the danger of monoculture , because "If all the systems on the ARPANET ran Berkeley Unix ,

2862-489: Was discovered through code analysis. Independence Computer viruses generally require a host program. The virus writes its own code into the host program. When the program runs, the written virus program is executed first, causing infection and damage. A worm does not need a host program, as it is an independent program or code chunk. Therefore, it is not restricted by the host program , but can run independently and actively carry out attacks. Exploit attacks Because

2916-463: Was first used in this sense in John Brunner 's 1975 novel, The Shockwave Rider . In the novel, Nichlas Haflinger designs and sets off a data-gathering worm in an act of revenge against the powerful men who run a national electronic information web that induces mass conformity. "You have the biggest-ever worm loose in the net, and it automatically sabotages any attempt to monitor it. There's never been

#922077