際際滷

際際滷Share a Scribd company logo

IBM Christmas card attach: CS571

Download as PPTX, PDF
Gauri Pulekar
Gauri Pulekar

The document summarizes the history and details of the Christmas Tree worm, one of the earliest computer worms. It spread via email in 1987 by sending itself as a Christmas greeting card. Though intended as a harmless Christmas tree screen display, it overloaded networks by replicating to every email contact. This unintentionally denied service and brought down the IBM and BITNET networks for a period. Countermeasures involved manually purging the worm from network queues. It highlighted worms as a new computer security threat and sparked debate on how to classify such self-replicating programs.

1 of 26
Download to read offline
IBM Christmas Card Gauri Pulekar CS 528 Spring 2015
Season Of Joy And Gifts
History of the Christmas Card Malware
Christmas 1999 WM97/Melissa-AG virus infected Microsoft word documents, spreading via email Subject line: Message from <username> Message: This document is very Important and you've GOT to read this !!!. Payload trigger on December 25th
Attempt to format the C: drive on the next reboot. Insert randomly colored blocks in the current Word document
Christmas 2000 W32/Navidad virus spread via email, masquerading as an electronic Christmas card. Mysterious blue eye icons in the Windows system tray Mouse over the eyes
Christmas 2000 W32/Music email-aware worm Message: "Hi, just testing email using Merry Christmas music file, you'll like it. Worm attached as a file called music.com, music.exe or music.zip.
Plays the first few bars of the song "We wish you a Merry Christmas Displays a cartoon of Santa Claus with the caption "Music is playing, turn on your speaker if you have one" or "There is error in your sound system, music can't be heard."
Christmas 2001 Maldal virus spread via email using a seasonal electronic greeting card called Christmas.exe. Picture: Santa Claus on skis accompanied by a prancing reindeer Message: "From the heart, Happy new year!".
IBM Christmas Card The Beginning Of the Story
IBM Christmas Card: Facts When: 09th December 1987 Name: Christmas Tree Exec Place of Origin: Germany Significance: Worms were first noticed as a potential computer security threat Effect: It brought down both the world-wide IBM network and BITNET Source Language: REXX
Behavior E-mail Christmas card Subject line "Let this exec run and enjoy yourself!. Included executable code. Claimed to draw a Christmas tree on the display. The user had to execute the program by typing christma or christmas.
Displayed an ASCII Christmas tree.
A comment inside the source code: browsing this file is no fun at all just type CHRISTMAS from cms Sent a copy to everyone on the user's address lists.
Working Read the files: NAMES: Collection of information about other users with whom you communicate NETLOG: File transfer log Mailed itself to every email address Approximate number exceeded 1,000 People trusted it, because it was coming from a regular correspondent
The Name: CHRISTMA EXEC IBM VM systems originally required file names to be formatted as 8 characters + space + 8 characters IBM required REXX script files to have a file type of "EXEC
Source of the Christmas card A student at the University of Clausthal in West Germany REXX scripting language: a shell script-like language for IBMs VM/CMS system Found by December 21 Barred from using his/her system. The damage was unintentional and that the program was written to send Christmas greetings to my friends.
Damage Done Worm itself wasnt malicious Exponential growth patterns Clogged servers, communication paths, spool directories Unintentional denial of service attack
Damage Done EARNet: The European Research and Education Networking Association (TERENA) BITNET: BITNET was an university computer network founded in 1981s at the City University of New York (CUNY) and Yale University Destroyed by December 14th
Damage Done IBM's VNet electronic mail network International computer networking system deployed in the mid-1970s. Developed inside IBM Provided the main email and file-transfer backbone for the company December 15th Paralyzed on 17th December Brought to a standstill two days later, only getting rid of the worm by shutting down the network. In 1990, Christmas Tree resurfaced after being posted to Usenet. IBM was forced to shut down its 350,000-terminal network
Countermeasures Taken Programmer at Cornell University had written a simple program Examined the network queues every five minutes and delete any files called Christma Exec; Purged about 300 copies in four and a half hours. Other operators did the same, writing and passing around ad- hoc program to eliminate copies of the worm.
Countermeasures Taken Such simple tools could only sample the queues every few seconds and purge what they found Worm could still sneak through to a limited degree. In Israel, one programmer wrote a program anti-Christma Christma, Examined users netlog to determine whether they had been victimized If yes, the new Christma would retrieve any copies of the original that had not yet been read by the addressee and then send itself onward to the same set of targets used by the original Christma.
Debate: Trojan or Worm Trojan: Appear to be useful, but will do damage once installed Required the user to download and run the attachment to make it replicate Worm: Virus Encyclopedia refers to it as a worm. Worms move from one computer to another regardless of any human action
References Burger, Ralf (1988). Computer viruses - a high tech disease. Abacus/Data Becker GmbH. p. 276. ISBN 1-55755-043-3. Capek, P.G.; Chess, D.M.; White, S.R.; Fedeli, A. (2003). "Merry Christma: An Early Network Worm". Security & Privacy 1 (5): 26 34. doi:10.1109/MSECP.2003.1236232. Martin, Will (March 4, 1988). "Re: BITNET Security". Security Digest (Mailing list). Archived from the original on September 25, 2006. Retrieved October 30, 2008. Patterson, Ross (December 21, 1987). "Re: IBM Christmas Virus". RISKS Digest (Mailing list). Retrieved October 30, 2008. "Viruses for the "Exotic" Platforms". VX Heaven. Archived from the original on August 6, 2013. Retrieved October 30, 2008. Otto Stolz. VIRUS-L Digest, Volume 5, Issue 178, "Re: CHRISTMA: The "Card"! (CVP)". 1992.11.12
Time to Discuss! Trojan ? ? Worm
Thank You

More Related Content

IBM Christmas card attach: CS571

  • 1. IBM Christmas Card Gauri Pulekar CS 528 Spring 2015
  • 2. Season Of Joy And Gifts
  • 4. Christmas 1999 WM97/Melissa-AG virus infected Microsoft word documents, spreading via email Subject line: Message from <username> Message: This document is very Important and you've GOT to read this !!!. Payload trigger on December 25th
  • 5. Attempt to format the C: drive on the next reboot. Insert randomly colored blocks in the current Word document
  • 6. Christmas 2000 W32/Navidad virus spread via email, masquerading as an electronic Christmas card. Mysterious blue eye icons in the Windows system tray Mouse over the eyes
  • 7. Christmas 2000 W32/Music email-aware worm Message: "Hi, just testing email using Merry Christmas music file, you'll like it. Worm attached as a file called music.com, music.exe or music.zip.
  • 8. Plays the first few bars of the song "We wish you a Merry Christmas Displays a cartoon of Santa Claus with the caption "Music is playing, turn on your speaker if you have one" or "There is error in your sound system, music can't be heard."
  • 9. Christmas 2001 Maldal virus spread via email using a seasonal electronic greeting card called Christmas.exe. Picture: Santa Claus on skis accompanied by a prancing reindeer Message: "From the heart, Happy new year!".
  • 11. IBM Christmas Card: Facts When: 09th December 1987 Name: Christmas Tree Exec Place of Origin: Germany Significance: Worms were first noticed as a potential computer security threat Effect: It brought down both the world-wide IBM network and BITNET Source Language: REXX
  • 12. Behavior E-mail Christmas card Subject line "Let this exec run and enjoy yourself!. Included executable code. Claimed to draw a Christmas tree on the display. The user had to execute the program by typing christma or christmas.
  • 13. Displayed an ASCII Christmas tree.
  • 14. A comment inside the source code: browsing this file is no fun at all just type CHRISTMAS from cms Sent a copy to everyone on the user's address lists.
  • 15. Working Read the files: NAMES: Collection of information about other users with whom you communicate NETLOG: File transfer log Mailed itself to every email address Approximate number exceeded 1,000 People trusted it, because it was coming from a regular correspondent
  • 16. The Name: CHRISTMA EXEC IBM VM systems originally required file names to be formatted as 8 characters + space + 8 characters IBM required REXX script files to have a file type of "EXEC
  • 17. Source of the Christmas card A student at the University of Clausthal in West Germany REXX scripting language: a shell script-like language for IBMs VM/CMS system Found by December 21 Barred from using his/her system. The damage was unintentional and that the program was written to send Christmas greetings to my friends.
  • 18. Damage Done Worm itself wasnt malicious Exponential growth patterns Clogged servers, communication paths, spool directories Unintentional denial of service attack
  • 19. Damage Done EARNet: The European Research and Education Networking Association (TERENA) BITNET: BITNET was an university computer network founded in 1981s at the City University of New York (CUNY) and Yale University Destroyed by December 14th
  • 20. Damage Done IBM's VNet electronic mail network International computer networking system deployed in the mid-1970s. Developed inside IBM Provided the main email and file-transfer backbone for the company December 15th Paralyzed on 17th December Brought to a standstill two days later, only getting rid of the worm by shutting down the network. In 1990, Christmas Tree resurfaced after being posted to Usenet. IBM was forced to shut down its 350,000-terminal network
  • 21. Countermeasures Taken Programmer at Cornell University had written a simple program Examined the network queues every five minutes and delete any files called Christma Exec; Purged about 300 copies in four and a half hours. Other operators did the same, writing and passing around ad- hoc program to eliminate copies of the worm.
  • 22. Countermeasures Taken Such simple tools could only sample the queues every few seconds and purge what they found Worm could still sneak through to a limited degree. In Israel, one programmer wrote a program anti-Christma Christma, Examined users netlog to determine whether they had been victimized If yes, the new Christma would retrieve any copies of the original that had not yet been read by the addressee and then send itself onward to the same set of targets used by the original Christma.
  • 23. Debate: Trojan or Worm Trojan: Appear to be useful, but will do damage once installed Required the user to download and run the attachment to make it replicate Worm: Virus Encyclopedia refers to it as a worm. Worms move from one computer to another regardless of any human action
  • 24. References Burger, Ralf (1988). Computer viruses - a high tech disease. Abacus/Data Becker GmbH. p. 276. ISBN 1-55755-043-3. Capek, P.G.; Chess, D.M.; White, S.R.; Fedeli, A. (2003). "Merry Christma: An Early Network Worm". Security & Privacy 1 (5): 26 34. doi:10.1109/MSECP.2003.1236232. Martin, Will (March 4, 1988). "Re: BITNET Security". Security Digest (Mailing list). Archived from the original on September 25, 2006. Retrieved October 30, 2008. Patterson, Ross (December 21, 1987). "Re: IBM Christmas Virus". RISKS Digest (Mailing list). Retrieved October 30, 2008. "Viruses for the "Exotic" Platforms". VX Heaven. Archived from the original on August 6, 2013. Retrieved October 30, 2008. Otto Stolz. VIRUS-L Digest, Volume 5, Issue 178, "Re: CHRISTMA: The "Card"! (CVP)". 1992.11.12