Father Christmas (computer worm)

Last updated
Father Christmas
Other namesHI.COM VMS worm
Original author(s) Unknown
Initial releaseDecember 22, 1988
Platform VAX/VMS
Type Computer worm, malware

The Father Christmas worm, also known as the HI.COM VMS worm, was a computer worm that used the DECnet to attack VAX/VMS systems. It was released in December 1988. The aim of this worm was to send a Christmas greeting from "Father Christmas" from the affected system.

Contents

History

At around 17:00 EST on December 22, 1988, a worm was detected on the Space Physics Analysis Network (SPAN). This was a NASA network on the DECnet Internet with many connections to other networks such as HEPnet. The majority of the computers on SPAN were VAX computers running the VAX/VMS operating system. [1] The worm originated from a computer on the DECnet in Switzerland by a person using the multi-user login name PHSOLIDE. [2] The infection was thought to have spread to more than 6,000 computer nodes. [3]

On December 23, an email went out to warn SPAN centre managers that a worm had been released onto SPAN. [4] The purpose of the worm was to create a file entitled "Hi.com" prior to December 24. At half past midnight on that day, it was designed to send out a message from Father Christmas to all users on the local rights database for each network. It exclusively targeted VAX/VMS systems, [4] but it did not perform any other actions than sending that message. One recommended strategy to prevent infection at the time was to create an empty "Hi.com" file which would stop the worm from being able to create a new version of the same file. [5] It was subsequently estimated that only 2% of infected devices launched the worm. [6]

The Father Christmas worm had the effect of strengthening security measures on SPAN and the DECnet Internet. This was demonstrated on January 13, 1989, when a nearly identical worm was released into the Easynet intranet. The network manager was able to quickly prevent the spread of the worm because of the exposure of the Father Christmas worm from the previous month. [7]

See also

Notes

  1. Green & Sissons (1989): p. 2
  2. Green & Sissons (1989): p. 5
  3. Green & Sissons (1989): p. 1
  4. 1 2 Nazario (2004): p. 41
  5. Nazario (2004): p. 42
  6. Green & Sissons (1989): p. 7
  7. Green & Sissons (1989): p. 8

Related Research Articles

<span class="mw-page-title-main">Computer worm</span> Self-replicating malware program

A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It will use this machine as a host to scan and infect other computers. When these new worm-invaded computers are controlled, the worm will continue to scan and infect other computers using these computers as hosts, and this behaviour will continue. Computer worms use recursive methods to copy themselves without host programs and distribute themselves based on exploiting the advantages of exponential growth, thus controlling and infecting more and more computers in a short time. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.

<span class="mw-page-title-main">Digital Equipment Corporation</span> U.S. computer manufacturer 1957–1998

Digital Equipment Corporation, using the trademark Digital, was a major American company in the computer industry from the 1960s to the 1990s. The company was co-founded by Ken Olsen and Harlan Anderson in 1957. Olsen was president until he was forced to resign in 1992, after the company had gone into precipitous decline.

<span class="mw-page-title-main">OpenVMS</span> Computer operating system

OpenVMS, often referred to as just VMS, is a multi-user, multiprocessing and virtual memory-based operating system. It is designed to support time-sharing, batch processing, transaction processing and workstation applications. Customers using OpenVMS include banks and financial services, hospitals and healthcare, telecommunications operators, network information services, and industrial manufacturers. During the 1990s and 2000s, there were approximately half a million VMS systems in operation worldwide.

DECnet is a suite of network protocols created by Digital Equipment Corporation. Originally released in 1975 in order to connect two PDP-11 minicomputers, it evolved into one of the first peer-to-peer network architectures, thus transforming DEC into a networking powerhouse in the 1980s. Initially built with three layers, it later (1982) evolved into a seven-layer OSI-compliant networking protocol.

<span class="mw-page-title-main">Timeline of computer viruses and worms</span> Computer malware timeline

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

<span class="mw-page-title-main">Ultrix</span> Series of discontinued Unix operating systems by DEC

Ultrix is the brand name of Digital Equipment Corporation's (DEC) discontinued native Unix operating systems for the PDP-11, VAX, MicroVAX and DECstations.

<span class="mw-page-title-main">RSTS/E</span> Computer operating system

RSTS is a multi-user time-sharing operating system developed by Digital Equipment Corporation for the PDP-11 series of 16-bit minicomputers. The first version of RSTS was implemented in 1970 by DEC software engineers that developed the TSS-8 time-sharing operating system for the PDP-8. The last version of RSTS was released in September 1992. RSTS-11 and RSTS/E are usually referred to just as "RSTS" and this article will generally use the shorter form. RSTS-11 supports the BASIC programming language, an extended version called BASIC-PLUS, developed under contract by Evans Griffiths & Hart of Boston. Starting with RSTS/E version 5B, DEC added support for additional programming languages by emulating the execution environment of the RT-11 and RSX-11 operating systems.

ILOVEYOU, sometimes referred to as Love Bug or Love Letter for you, was a computer worm that infected over ten million Windows personal computers on and after 5 May 2000. It started spreading as an email message with the subject line "ILOVEYOU" and the attachment "LOVE-LETTER-FOR-YOU.TXT.vbs." At the time, Windows computers often hid the latter file extension by default because it is an extension for a file type that Windows knows, leading unwitting users to think it was a normal text file. Opening the attachment activates the Visual Basic script. First, the worm inflicts damage on the local machine, overwriting random files, then, it copies itself to all addresses in the Windows Address Book used by Microsoft Outlook, allowing it to spread much faster than any other previous email worm.

Local Area Transport (LAT) is a non-routable networking technology developed by Digital Equipment Corporation to provide connection between the DECserver terminal servers and Digital's VAX and Alpha and MIPS host computers via Ethernet, giving communication between those hosts and serial devices such as video terminals and printers. The protocol itself was designed in such a manner as to maximize packet efficiency over Ethernet by bundling multiple characters from multiple ports into a single packet for Ethernet transport.

Mail-11 was the native email transport protocol used by Digital Equipment Corporation's VMS operating system, and supported by several other DEC operating systems such as Ultrix.

Upering is a mass-mailing computer worm. It was isolated in Tacoma, Washington, in the United States, from several submissions from America Online members. As of late 2005, it is listed on the WildList, and has been since 2003.

Wank may refer to:

Defensive computing is a form of practice for computer users to help reduce the risk of computing problems, by avoiding dangerous computing practices. The primary goal of this method of computing is to be able to anticipate and prepare for potentially problematic situations prior to their occurrence, despite any adverse conditions of a computer system or any mistakes made by other users. This can be achieved through adherence to a variety of general guidelines, as well as the practice of specific computing techniques.

A clustered file system (CFS) is a file system which is shared by being simultaneously mounted on multiple servers. There are several approaches to clustering, most of which do not employ a clustered file system. Clustered file systems can provide features like location-independent addressing and redundancy which improve reliability or reduce the complexity of the other parts of the cluster. Parallel file systems are a type of clustered file system that spread data across multiple storage nodes, usually for redundancy or performance.

The WANK Worm and the OILZ Worm were computer worms that attacked DEC VMS computers in 1989 over the DECnet. They were written in DIGITAL Command Language.

<span class="mw-page-title-main">Storm botnet</span> Computer botnet

The Storm botnet or Storm worm botnet was a remotely controlled network of "zombie" computers that had been linked by the Storm Worm, a Trojan horse spread through e-mail spam. At its height in September 2007, the Storm botnet was running on anywhere from 1 million to 50 million computer systems, and accounted for 8% of all malware on Microsoft Windows computers. It was first identified around January 2007, having been distributed by email with subjects such as "230 dead as storm batters Europe," giving it its well-known name. The botnet began to decline in late 2007, and by mid-2008 had been reduced to infecting about 85,000 computers, far less than it had infected a year earlier.

BITNET was a co-operative U.S. university computer network founded in 1981 by Ira Fuchs at the City University of New York (CUNY) and Greydon Freeman at Yale University. The first network link was between CUNY and Yale.

<span class="mw-page-title-main">Computer virus</span> Computer program that modifies other programs to replicate itself and spread

A computer virus is a type of malware that, when executed, replicates itself by modifying other computer programs and inserting its own code into those programs. If this replication succeeds, the affected areas are then said to be "infected" with a computer virus, a metaphor derived from biological viruses.

A VMScluster, originally known as a VAXcluster, is a computer cluster involving a group of computers running the OpenVMS operating system. Whereas tightly coupled multiprocessor systems run a single copy of the operating system, a VMScluster is loosely coupled: each machine runs its own copy of OpenVMS, but the disk storage, lock manager, and security domain are all cluster-wide, providing a single system image abstraction. Machines can join or leave a VMScluster without affecting the rest of the cluster. For enhanced availability, VMSclusters support the use of dual-ported disks connected to two machines or storage controllers simultaneously.

Remote Spooling Communications Subsystem or RSCS is a subsystem of IBM's VM/370 operating system which accepts files transmitted to it from local or remote system and users and transmits them to destination local or remote users and systems. RSCS also transmits commands and messages among users and systems.

References

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.