A computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need to attach...
Digital Equipment Corporation was a major American company in the computer industry and a leading vendor of computer systems, software and peripherals from the 1960s to the 1990s...
OpenVMS , previously known as VAX-11/VMS, VAX/VMS or VMS, is a computer server operating system that runs on VAX, Alpha and Itanium-based families of computers. Contrary to what its name suggests, OpenVMS is not open source software; however, the source listings are available for purchase...
DECnet is a suite of network protocols created by Digital Equipment Corporation, originally released in 1975 in order to connect two PDP-11 minicomputers. It evolved into one of the first peer-to-peer network architectures, thus transforming DEC into a networking powerhouse in the 1980s...
DCL, the DIGITAL Command Language, is the standard command languageadopted by most of the operating systems that were sold by the former Digital Equipment Corporation...
.
Origin
The worm is believed to have been created by Melbourne
Melbourne
Melbourne is the capital and most populous city in the state of Victoria, and the second most populous city in Australia. The Melbourne City Centre is the hub of the greater metropolitan area and the Census statistical division—of which "Melbourne" is the common name. As of June 2009, the greater...
-based hackers, the first to be created by an Australian or Australians. The federal police of Melbourne thought the worm was created by two hackers
Hacker (computer security)
In computer security and everyday language, a hacker is someone who breaks into computers and computer networks. Hackers may be motivated by a multitude of reasons, including profit, protest, or because of the challenge...
who used the names Electron and Phoenix. They were believed to be mentored in Australia by Julian Assange
Julian Assange
Julian Paul Assange is an Australian publisher, journalist, writer, computer programmer and Internet activist. He is the editor in chief of WikiLeaks, a whistleblower website and conduit for worldwide news leaks with the stated purpose of creating open governments.WikiLeaks has published material...
going under the name Mendax.
Political message
The WANK worm had a distinct political message attached, and it was the first major worm to have a political message. WANK
Wank
Wank may refer to:* WANK , a computer worm that attacked DEC VAX/VMS systems through DECnet in 1989* WANK , a radio station licensed to Lafayette, Florida, United States...
in this context stands for Worms Against Nuclear Killers. The following message appeared on infected computer's screen:
W O R M S A G A I N S T N U C L E A R K I L L E R S
_______________________________________________________________
\__ ____________ _____ ________ ____ ____ __ _____/
\ \ \ /\ / / / /\ \ | \ \ | | | | / / /
\ \ \ / \ / / / /__\ \ | |\ \ | | | |/ / /
\ \ \/ /\ \/ / / ______ \ | | \ \| | | |\ \ /
\_\ /__\ /____/ /______\ \____| |__\ | |____| |_\ \_/
\___________________________________________________/
\ /
\ Your System Has Been Officially WANKed /
\_____________________________________________/
You talk of times of peace for all, and then prepare for war.
The worm coincidentally appeared on a DECnet computer network shared between NASA and the US Department of Energy days before the launch of a NASA space shuttle carrying the Galileo spacecraft. At the time, there were protests outside the Kennedy Space Center in Florida by anti-nuclear groups regarding the use of the Plutonium-based power modules in Galileo. The protesters contended that if this shuttle blew up "like Challenger did", that the Plutonium spilled would cause widespread death to residents of Florida.
The worm propagated through the network pseudo-randomly from one system to the other by using an algorithm which converted the victim machine's system time into a candidate target node address (composed of a DECnet Area and Node number) and subsequently attempted to exploit weakly secured accounts such as SYSTEM and DECNET that had password identical to the usernames. The worm did not attack computers within DECnet area 48, which was New Zealand
New Zealand
New Zealand is an island country in the south-western Pacific Ocean comprising two main landmasses and numerous smaller islands. The country is situated some east of Australia across the Tasman Sea, and roughly south of the Pacific island nations of New Caledonia, Fiji, and Tonga...
. A comment inside the worm source code at the point of this branch logic indicated that New Zealand was a nuclear free zone. New Zealand had recently forbidden U.S. nuclear-powered vessels from docking at its harbors, thus further fueling the speculation inside NASA that the worm attack was related to the anti-nuclear protest. The line "You talk of times of peace for all, and then prepare for war" is drawn from the lyrics of the Midnight Oil song Blossom and Blood; Midnight Oil
Midnight Oil
Midnight Oil , were an Australian rock band from Sydney originally performing as Farm from 1972 with drummer Rob Hirst, bass guitarist Andrew James and keyboard player/lead guitarist Jim Moginie...
are an Australian rock band known for their political activism and opposition to both nuclear power and nuclear weapons. The process name of the second version of the worm to be detected was "oilz", an Australian shorthand term for the band.
Playful nature
The DECnet network affected was jointly operated between the NASA Space Physics Analysis Network (SPAN) and the Department of Energy's High Energy Physics Network (HEPnet). The only separation between the networks was a pre-arranged division of network addresses (DECnet "Areas"). Thus, the worm, by picking a random target address, could affect both networks equally. The worm code included 100 common VAX usernames that were hard-coded into its source code. In addition to its political message, the worm contained several features of an apparently playful nature. The words "wank" and "wanked" are slang terms used in many countries to refer to masturbation
Masturbation
Masturbation refers to sexual stimulation of a person's own genitals, usually to the point of orgasm. The stimulation can be performed manually, by use of objects or tools, or by some combination of these methods. Masturbation is a common form of autoeroticism...
. In addition, the worm contained "over sixty" randomisable messages that it would display to users, including "Vote anarchist" and "The FBI is watching YOU". The worm was also programmed to trick users into believing that files were being deleted by displaying a file deletion dialogue that could not be aborted, though no files were actually erased by the worm.
anti-WANK and WANK_SHOT
R. Kevin Oberman (from DOE) and John McMahon (from NASA) wrote separate versions of an anti-WANK procedure and deployed them into their respective networks. It exploited the fact that before infecting a system, WANK would check for "NETW_(random number)", that is a copy of its own, in the process table. If one was found, the worm would destroy itself. When anti-WANK was run on a non-infected system, it would create a process named "NETW_(random number)" and just sit there. anti-WANK only worked against the earlier version of the worm though, because the process name of the worm in a later version was changed to "OILZ".
Bernard Perrot of Institut de Physique Nucleaire in Orsay wrote a second program.
The worm was trained to go after the RIGHTSLIST database, the list of all the people who have accounts on the computer.
By renaming the database and putting a dummy database in its place, the worm would, in theory, go after the dummy, which could be designed with a hidden bomb. Ron Tencati, the SPAN Security Manager, obtained a copy of the French manager’s worm-killing program and gave it to McMahon, who tested it. It was then distributed to system administrators of both networks to be installed onto their computers. It still took weeks for the worm to be completely erased from the network.
Hacktivism and Politically Motivated Computer Crime, written by one of the Digital Equipment Corporation investigators, disputes the WANK worm had any political motivation but was rather a play on the British meaning of the word "wank"
Wank
Wank may refer to:* WANK , a computer worm that attacked DEC VAX/VMS systems through DECnet in 1989* WANK , a radio station licensed to Lafayette, Florida, United States...
.
The source of this article is wikipedia, the free encyclopedia. The text of this article is licensed under the GFDL.
