readx;

Chapter 248 Spread

Edward received a copy of the worm sample within the first moment. Pen ~ Fun ~ Pavilion www.biquge.info Church

Of course, he had no access to the worm's source code, only a binary executable version.

However, this does not mean that he reverse-engineered and studied the code, only that it was much more difficult, and fortunately it was a job that they were dealing with a lot.

Because the process name of the worm is "tree", the name of the worm in the official documentation is called "tree".

As soon as Edward got his hands on the copy, he began to analyze it.

After converting the binary file to assembly language, he found it extremely difficult to read the source code this time. The code of the tree worm is very long and has a chaotic structure, and often after reading the previous piece of code, he has to jump to the back for a long distance to continue reading, and then after reading a dozen lines, he has to go back to the front.

He had to look back and forth like a dance, while he kept recording the true functionality of the code, guessing what the code was trying to accomplish and what it was trying to do to attack the SPAN network.

At the same time, he also referred the worm's alert to the SPAN Network's Emergency Response Security Center, alerting his peers to the dangers of the worm, as he exploited people's knee-jerk reactions of panic when they were in trouble.

When people encounter uncontrollable emergencies, they usually lose their original calmness and rationality, at this time the brain will refuse to think, if there is a stimulus from the outside world, he will involuntarily follow the instructions of the outside world.

This simple principle is often used by fraud syndicates to commit fraud, and it is the simplest and most effective method of fraud in the field of crime, although the manifestations are very varied, but the essence is the same.

However, it seems that this is the first time it has appeared on the Internet. (《》7*

Everyone has very important files and data in their computers, and once these data are lost, it will cause unbearable consequences, so when you turn on your computer and see that the monitor is swiping line by line, and your files are being deleted one by one, you will immediately fall into a panic.

When they see the small line of text at the bottom of the display, they immediately follow the text without thinking, even if someone realizes that their password may have been stolen, but what could be more important than saving the files on the disk?

Edward was deeply touched by this, and he had also learned about this situation from many system administrators, so he concluded that the worm was very harmful.

Unfortunately, this alert from Edward came too late.

By the time the SPAN Cyber Security Center elsewhere saw his alert, their phones had already been blown up. Even the Cyber Security Center's own computers have been found to be infected with the worm.

NASA was the first stop, followed by similar infections reported by the U.S. Department of Energy, and several other scientific institutions have sporadic similar occurrences, and the rate is increasing rapidly.

The Tree worm immediately attracted a great deal of attention from the SPAN Cyber Security Emergency Response Center, who were shocked to learn of the speed of the worm's spread and infection efficiency.

An emergency team called "Anti-Tree" was immediately formed, consisting of a number of security experts, including SPAN cybersecurity experts from across the country, as well as computer security engineers at DEC.

Although Edward can only be regarded as a network administrator strictly speaking, not a formal security officer, but because he is familiar with the VMS system, and his research in the field of VMS system viruses is quite profound, and he often publishes some of the latest research results in this area on internal forums, so this time he was also recruited into the group by the group leader Theodore. (《》7*

The problem of worm infestation is getting worse, and system administrators from all over the country are constantly calling the anti-tree team to report the latest developments.

The launch mission at the airbase was temporarily canceled, and it is not yet possible to give an exact time when it will be launched.

The postponement was met with an outcry from some scientists, who had waited too long for the launch because of the Prospector's rocket, which had been delayed at the last minute.

However, this could not be helped, many of NASA's major computers are currently completely at a standstill, and more and more worms are being produced to overwhelm the computers and become slower and slower, and the computer experts in the security team still have no effective solutions.

"Edward, how is the worm analysis going? Did you find anything? A bald, middle-aged man with round lenses walked into Edward's office. He was none other than Theodore, who had been appointed as the leader of the anti-tree group.

This unfortunate errand made the top of his already bare head even smoother.

There was no one else here besides him and Edward. The rest of the group is doing research in their own places, communicating through regular conference calls.

Edward was sitting in front of the computer, staring wide-eyed at the dense assembly code in the monitor, constantly adjusting the upper and lower positions of the code with the keyboard in order to find the corresponding number of lines to read.

"This worm's code is simply terrible!" Edward exclaimed, "It's like holding a plate of Italian noodles, and when I pick one up and think it looks like this, I find that it still has a big ball attached to the tail!" This author must have done it on purpose, and he encrypted the code to prevent it from being cracked. At present, the only thing that is certain is that this worm has a strong learning function, after it collects everyone's accounts and passwords, it will continue to try to attack computers that have not been cracked, and even make analogous guesses according to the rules of these password accounts, so as to infect more computers...... It's so embarrassing, it's the first time I've encountered such a powerful hybrid worm. ”

When Theodore heard the news, his face was even more unsightly. NASA officials kept calling and urging them to get the matter out of the way. Because since the outbreak of worms, they have almost entered a state of information vacuum, and all work has to be done manually.

They had to be anxious, NASA had stored too much important and valuable information in the SPAN computer, and although this information had not yet been classified as confidential, the information contained was extremely precious, and millions of hours of work had been spent collecting and analyzing it.

Every extra second, another computer may be infected.

The system administrators of some uninfected SPAN nodes were very alarmed by this, and in order not to be infected by other computers on the network, they disconnected the nodes from the network, because there were many computers connected to the network below them.

For example, the system administrators at the Jet Lab in California, for example, were frightened by the worm, which has more than 6,000 employees and a strong connection to the California Institute of Technology, and had to disconnect from the Internet in order to avoid being implicated.

While this may result in missing out on the worm patch released by the SPAN Cybersecurity team, that will wait until the patch is available.

Theodore held a group conference call to speed up the analysis and cracking of worms through communication.

However, to his disappointment, the other members did not find anything useful about it at all.

They may be good at operating computer software or solving some simple algorithm problems, but few people have in-depth research on the security issues of VMS systems.

This is because VMS systems rarely have security issues, and the SPAN Network Center Office rarely recruits computer engineers who are well-versed in VMS security issues.

Even Edward was not a regular employee, but was brought in by Theodore to help.

So, Edward's discovery is the main discovery.

However, Todd, another engineer who is very familiar with the DEC protocol, ended up providing a piece of information that was not very certain.

He is good at protocol analysis, so he cares more about how well the worm sends and receives packets.

He monitored that the Tree Worm would send messages at random times, and analyzed the packets of messages he had intercepted, revealing that the messages were fragments of some classified NASA data. So, he speculated, the Tree worm might be stealing NASA's confidential information

Everyone was shocked when they heard the news!

In other words, this worm is not like a virus or worm of previous computers, but a prank made by some genius hacker kid to show his talent, this is a kind of worm that steals confidential information!

Theodore had to report this information to the leadership of the Goddard National Space Data Center.

At the time of their call, the Tree Worm was spreading outward at a very rapid rate. Worms have spread beyond NASA's network, and computers in the High Energy Physics Network (HEP) are beginning to see worm spread.

U.S. Department of Energy, U.S. Department of Defense, Federal Bureau of Investigation, Department of Education...... These important nodes on the SPAN network have been compromised one after another.

There is even more confidential information in these institutions, some of which is even highly classified status.

For example, the U.S. Department of Energy has two groups of people, one of them is relatively public, they only conduct civilian energy research, and the other part of the people are very good, and the usual research is how to better manufacture and use nuclear energy products such as atomic bombs and hydrogen bombs.

It's not just a NASA thing anymore.