HOME HISTORY EFFECT TOUR LESSONS BIBLIOGRAPHY
The Infect Routine
This routine is used by the Worm to infect target machines with copies of itself. It runs 3 of the 4 attack routines. (The other one is run by the attack_user routine.) Infect is actually quite simple. It has few tasks:
| The routine first checks to be sure that it hasn't just been asked to infect the machine that the Worm is currently running on.
|
|
| Infect then makes sure that the host it is asked to infect is not marked as immune from previous attempts to reach it.
|
|
| The routine then makes sure that the address it was given to infect actually exists. It might not, since some of the attacks to local networks involve randomly choosing an address that fits the netmask.
|
|
| Finally, the infect routine decides that its target is legitimate, and begins the assault.
|
|
| First if calls other_sleep with an argument of 1, then it attempts its attack routines. In order of preference, the attacks are:
|
- try_rsh
- try_fingerd
- try_sendmail
If either of the first two techniques succeed, the routine sendWorm is called which sends a set of object files to the target machine, including the program l1.c, which then opens a connection to the original Worm, allowing the Worm to create a duplicate process in the new machine, which begins its life as before.
In the case of try_sendmail succeeding, the necessary child process would be pulled in by the infected computer, starting the infection again.
Otherwise infect marks the site as "immune" to its attempts, and reports its failure to the doit routine.
Return to the main Worm page.