Friday, December 2, 2022
HomeCyber SecurityThe CHRISTMA EXEC community worm – 35 years and counting! – Bare...

The CHRISTMA EXEC community worm – 35 years and counting! – Bare Safety


Neglect Sergeant Pepper and his Lonely Hearts Membership Band, who taught the band to play a mere 20 years in the past at this time.

December 2022 sees the thirty fifth anniversary of the primary main self-spreading laptop virus – the notorious CHRISTMA EXEC worm that quickly crushed the most important mainframe networks of the day…

… not by any intentionally coded side-effects equivalent to file scrambling or information deletion, however just by leeching an excessive amount of community bandwidth for its personal unauthorised function.

As a decoy to disguise the truth that it learn within the Eighties IBM equivalents of your e-mail handle e-book (NAMES) and your known-hosts file (NETLOG) with a view to discover as many new recipients of the malware as doable to ship itself to, the malware displayed this:


                *               
                *               
               ***              
              *****             
             *******            
            *********           
          *************                A
             *******            
           ***********                VERY
         ***************        
       *******************           HAPPY
           ***********          
         ***************            CHRISTMAS
       *******************      
     ***********************         AND MY
         ***************        
       *******************         BEST WISHES
     ***********************    
   ***************************     FOR THE NEXT
             ******             
             ******                    YEAR
             ******

Should you’re questioning why the virus is broadly often known as CHRISTMA EXEC, reasonably than by the total phrase CHRISTMAS

…that’s as a result of filenames had been restricted to eight characters, which might be adopted by an area and what we might at this time name an “extension” of EXEC with a view to flip them into scripts that might be run immediately by the person – executed, in technical jargon.

The virus itself was written in IBM’s highly effective text-based scripting language REXX (the resoundingly named Restructured Prolonged Executor), so a non-programmer trying on the message would most likely recognise it as “program code”, and due to this fact are inclined to ignore it as unimportant and irrelevant, for all that it’d look attention-grabbing.

Besides that the writer of the virus discovered a cheerful option to embed an tutorial lure proper into the code itself, which begins with a comment (as within the C language, textual content between /* and */ in REXX packages is handled as a remark and ignored when the file will get used)…


/*********************/
/*    LET THIS EXEC  */
/*                   */
/*        RUN        */
/*                   */
/*        AND        */
/*                   */
/*       ENJOY       */
/*                   */
/*     YOURSELF!     */
/*********************/

…after which provides the next cheery recommendation to non-techies:


/*  looking this file isn't any enjoyable in any respect
       simply kind CHRISTMAS from cms     */

CMS is brief for Conversational Monitor System, a command immediate surroundings on high of IBM’s venerable VM/370 working system and its many variants, which provided particular person customers a real-time digital machine that behaved like a pc all of their very own, with its personal disk area for storing private information and packages.

Handily, the person didn’t must be taught to depart the ultimate -S off the phrase CHRISTMAS, as a result of CMS would mechanically ignore any further characters and hunt for CHRISTMA EXEC, which was the very script program that the person had simply obtained with out anticipating it or asking for it.

As said above, the code did certainly show the Christmas Tree ASCII artwork – or, extra exactly, EBCDIC artwork, on condition that IBM famously had its personal character encoding system often known as Prolonged Binary Coded Decimal Interchange Code (pronounced ebb-si-dick).

Nevertheless it additionally trawled by way of your NAMES and NETLOG information, which listed different customers and computer systems you often contacted, and copied itself to all of them, in order that for each person who innocently typed CHRISTMAS on the command immediate…

…a sea of copies of the virus (20? 50? 200?) can be distributed, doubtlessly worldwide, and if any of these recipients (20? 50? 200?) innocently typed CHRISTMAS on the command immediate…

…a sea of copies of the virus can be distributed, and so forth, and so forth.

Shades of the longer term

As we mentioned in this week’s podcast, the place we mentioned this seminal worm:

[This is j]ust like trendy macro malware that claims to the person, “Hey, macros are disabled, however to your ‘further security’ it’s worthwhile to flip them again on… why not click on the button? It’s a lot simpler that method.”

35 years in the past, malware writers had already discovered that when you ask customers properly to do one thing that’s not in any respect of their curiosity, a few of them, probably lots of them, will do it.

We additionally remarked that:

[The Christmas Tree worm] ought to have been a warning shot throughout all our bows, however I feel it was felt to be a bit of little bit of a flash within the pan.

Till a 12 months later – then got here the Web Worm, which after all attacked Unix methods and unfold far and vast.

And by then I feel all of us realised, “Uh-oh, this viruses-and-worms scene might prove fairly troublesome.”

If solely we’d been fallacious, eh?



Featured picture of IBM 3279 terminal because of person Shieldforyoureyes by way of Wikimedia.


RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments