237:. The only separation between the networks was a prearranged division of network addresses (DECnet "Areas"). Thus, the worm, by picking a random target address, could affect all infected networks equally. The worm code included 100 common VAX usernames that were hard-coded into its source code. In addition to its political message, the worm contained several features of an apparently playful nature. The words "wank" and "wanked" are slang terms used in many countries to refer to
148:| | |/ / / \ \ \/ /\ \/ / / ______ \ | | \ \| | | |\ \ / \_\ /__\ /____/ /______\ \____| |__\ | |____| |_\ \_/ \___________________________________________________/ \ / \ Your System Has Been Officially WANKed / \_____________________________________________/ You talk of times of peace for all, and then prepare for war.
241:. In addition, the worm contained "over sixty" randomizable messages that it would display to users, including "Vote anarchist" and "The FBI is watching YOU". The worm was also programmed to trick users into believing that files were being deleted by displaying a file deletion dialogue that could not be aborted, though no files were actually erased by the worm.
265:
A second version of WANK, called OILZ, was released on
October 22, 1989. Unlike the previous version of WANK, this version was designed to actually damage the computers it infected, rather than only falsely claim to do so, and would alter the passwords of infected computers. Like the previous version
147:
W O R M S A G A I N S T N U C L E A R K I L L E R S _______________________________________________________________ \__ ____________ _____ ________ ____ ____ __ _____/ \ \ \ /\ / / / /\ \ | \ \ | | | | / / / \ \ \ / \ / / / /__\ \ | |\ \ |
191:
The worm propagated through the network pseudo-randomly from one system to the other by using an algorithm which converted the victim machine's system time into a candidate target node address (composed of a DECnet Area and Node number) and subsequently attempted to exploit weakly secured accounts
130:
Approximately two weeks later, a modified version of the worm called OILZ attacked other systems. The original version, WANK, had bugs preventing access to accounts with no password. In OILZ, some of the problems of the first worm were corrected, allowing penetration of unpassworded accounts and
204:
U.S. nuclear-powered vessels from docking at its harbours, thus further fueling the speculation inside NASA that the worm attack was related to the anti-nuclear protest. The line "You talk of times of peace for all, and then prepare for war" is drawn from the lyrics of the
213:". Midnight Oil is an Australian rock band known for political activism and opposition to both nuclear power and nuclear weapons. The process name of the second version of the worm to be detected was "oilz", an Australian shorthand term for the band.
139:
The WANK worm had a distinct political message attached; it was the first major worm to have a political message. WANK in this context stands for Worms
Against Nuclear Killers. The following message appeared on an infected computer's screen:
249:
R. Kevin
Oberman (from DOE) and John McMahon (from NASA) wrote separate versions of an anti-WANK procedure and deployed them into their respective networks. It exploited the fact that before infecting a system, WANK would check for
201:
274:. WANK_SHOT was then provided to the system administrators of affected networks to be installed onto their computers. It still took weeks for the worm to be completely erased from the network.
254:, that is a copy of its own, in the process table. If one was found, the worm would destroy itself. When anti-WANK was run on a non-infected system, it would create a process named
679:- Written by one of the Digital Equipment Corporation investigators; disputes the WANK worm had any political motivation but was rather a play on the British meaning of the word
514:
402:
707:
258:
and just sit there. anti-WANK only worked against the earlier version of the worm, though, because the process name of the worm in a later version was changed to
676:
730:
267:
266:
of WANK, this program would utilise the RIGHTSLIST database to find new computers to infect. The program WANK_SHOT was designed by
Bernard Perrow of the
648:
presented by
Suelette Dreyfus at the Internet Crime conference held in Melbourne, 16–17 February 1998, by the Australian Institute of Criminology
346:
270:
to rename RIGHTLIST and replace it with a dummy database. This would cause WANK to go after the dummy, which could be designed with a hidden
192:
such as SYSTEM and DECNET that had password identical to the usernames. The worm did not attack computers within DECnet area 48, which was
524:
700:
645:
178:
376:
809:
283:
173:
spacecraft. At the time, there were protests by anti-nuclear groups regarding the use of the plutonium-based power modules in
621:
491:
356:
589:
653:
885:
735:
693:
197:
81:
578:
819:
814:
116:
112:
380:
108:
131:
altering passwords. The code indicated that the worms evolved over time and was not written by a single person.
794:
393:
92:
36:
547:
311:
464:
880:
849:
844:
222:
784:
604:
779:
221:
DECnet networks affected included those operated by the NASA Space
Physics Analysis Network (SPAN), the
362:
839:
421:
169:
799:
55:
632:
824:
120:
617:
442:
352:
434:
210:
43:
834:
196:. A comment inside the worm source code at the point of this branch logic indicated that
422:"Beyond preliminary analysis of the WANK and OILZ worms: a case study of malicious code"
756:
124:
874:
438:
164:
77:
60:
397:
238:
206:
829:
789:
761:
348:
Underground: Tales of
Hacking, Madness, and Obsession on the Electronic Frontier
193:
804:
271:
446:
107:-based hackers, the first to be created by an Australian or Australians. The
661:
185:
104:
771:
685:
637:
84:
48:
854:
748:
680:
226:
156:
88:
611:
516:
Computer
Hackers: Juvenile Delinquents or International Saboteurs?
234:
230:
160:
689:
605:
Advisory from Virus Test Center, University of
Hamburg, Germany
188:
spilled would cause widespread death to residents of
Florida.
177:. The protesters contended that if this shuttle blew up as
586:
Carnegie Mellon University Software Engineering Institute
268:
French National Institute of Nuclear and Particle Physics
127:
may have been involved, but this has never been proven.
419:
Longstaff, Thomas A.; Schultz, E. Eugene (1993-02-01).
677:"Hacktivism and Politically Motivated Computer Crime"
579:"CERT Advisory CA-1989-04 WANK Worm On SPAN Network"
770:
747:
54:
42:
32:
24:
646:"Juvenile Delinquents or International Saboteurs?"
420:
403:WikiLeaks: Inside Julian Assange's War on Secrecy
610:Dreyfus, Suelette; Assange, Julian (June 1997).
494:. The New York Times Company. The New York Times
345:Dreyfus, Suelette; Assange, Julian (June 1997).
548:"Malicious Life Podcast: The WANK Worm Part 2"
312:"Malicious Life Podcast: The WANK Worm Part 1"
701:
340:
338:
336:
334:
332:
305:
303:
301:
299:
103:The worm is believed to have been created by
8:
492:"Groups Protest Use of Plutonium on Galileo"
19:
708:
694:
686:
18:
513:Dreyfus, Suelette (16–17 February 1998).
384:, 10 April 2010. Retrieved 17 March 2014.
295:
155:The worm coincidentally appeared on a
458:
456:
7:
414:
412:
111:thought the worm was created by two
20:WANK (Worms Against Nuclear Killers)
654:"The history of worm like programs"
521:Australian Institute of Criminology
198:New Zealand was a nuclear-free zone
490:Broad, William (10 October 1989).
14:
163:days before the launch of a NASA
284:Father Christmas (computer worm)
225:'s High Energy Physics Network (
592:from the original on 2000-12-18
377:"International man of mystery,"
182:did three years earlier in 1986
652:Darby, Tom; Schmidt, Charles.
1:
519:. Internet Crime Conference.
245:Anti-WANK, OILZ and WANK_SHOT
631:Norman, James (2003-05-25).
439:10.1016/0167-4048(93)90013-U
523:. Melbourne. Archived from
87:computers in 1989 over the
902:
616:. Random House Australia.
351:. Random House Australia.
721:
381:The Sydney Morning Herald
109:Australian Federal Police
658:The Morris Internet Worm
546:Levi, Ran; Pinkas, Noa.
427:Computers & Security
93:DIGITAL Command Language
37:DIGITAL Command Language
310:Levi, Ran; Salem, Eli.
223:US Department of Energy
91:. They were written in
465:"When NASA got WANKed"
316:Malicious Life Podcast
16:DEC VMS computer worm
886:Hacking in the 1980s
716:Hacking in the 1980s
633:"Hack to the future"
256:NETW_(random number)
252:NETW_(random number)
159:network operated by
800:Christmas Tree EXEC
577:Oberman, R. Kevin.
115:who used the names
21:
825:Lamer Exterminator
471:. RealClearScience
202:recently forbidden
200:. New Zealand had
868:
867:
742:
741:
211:Blossom and Blood
153:
152:
135:Political message
66:
65:
893:
810:Father Christmas
724:
723:
710:
703:
696:
687:
673:
671:
669:
660:. Archived from
642:
627:
601:
599:
597:
583:
564:
563:
561:
559:
543:
537:
536:
534:
532:
510:
504:
503:
501:
499:
487:
481:
480:
478:
476:
469:RealClearScience
460:
451:
450:
424:
416:
407:
391:
385:
373:
367:
366:
361:. Archived from
342:
327:
326:
324:
322:
307:
261:
257:
253:
143:
142:
44:Operating system
22:
901:
900:
896:
895:
894:
892:
891:
890:
871:
870:
869:
864:
766:
743:
717:
714:
667:
665:
651:
630:
624:
609:
595:
593:
581:
576:
573:
568:
567:
557:
555:
545:
544:
540:
530:
528:
512:
511:
507:
497:
495:
489:
488:
484:
474:
472:
463:Pomeroy, Ross.
462:
461:
454:
418:
417:
410:
392:
388:
375:Bernard Lagan,
374:
370:
359:
344:
343:
330:
320:
318:
309:
308:
297:
292:
280:
259:
255:
251:
247:
219:
149:
137:
101:
25:Initial release
17:
12:
11:
5:
899:
897:
889:
888:
883:
881:Computer worms
873:
872:
866:
865:
863:
862:
857:
852:
847:
842:
837:
832:
827:
822:
817:
812:
807:
802:
797:
792:
787:
782:
776:
774:
768:
767:
765:
764:
759:
753:
751:
745:
744:
740:
739:
733:
728:
727:← —
722:
719:
718:
715:
713:
712:
705:
698:
690:
684:
683:
674:
649:
643:
628:
622:
607:
602:
572:
571:External links
569:
566:
565:
538:
505:
482:
452:
408:
386:
368:
365:on 8 May 2004.
357:
328:
294:
293:
291:
288:
287:
286:
279:
276:
246:
243:
218:
217:Playful nature
215:
151:
150:
146:
136:
133:
125:Julian Assange
100:
97:
80:that attacked
78:computer worms
64:
63:
58:
52:
51:
46:
40:
39:
34:
30:
29:
26:
15:
13:
10:
9:
6:
4:
3:
2:
898:
887:
884:
882:
879:
878:
876:
861:
858:
856:
853:
851:
848:
846:
843:
841:
838:
836:
833:
831:
828:
826:
823:
821:
818:
816:
813:
811:
808:
806:
803:
801:
798:
796:
793:
791:
788:
786:
783:
781:
778:
777:
775:
773:
769:
763:
760:
758:
755:
754:
752:
750:
746:
738: →
737:
734:
732:
729:
726:
725:
720:
711:
706:
704:
699:
697:
692:
691:
688:
682:
678:
675:
664:on 2002-05-10
663:
659:
655:
650:
647:
644:
640:
639:
634:
629:
625:
619:
615:
614:
608:
606:
603:
591:
587:
580:
575:
574:
570:
553:
549:
542:
539:
527:on 2009-10-09
526:
522:
518:
517:
509:
506:
493:
486:
483:
470:
466:
459:
457:
453:
448:
444:
440:
436:
432:
428:
423:
415:
413:
409:
406:(2011) p. 42.
405:
404:
399:
395:
390:
387:
383:
382:
378:
372:
369:
364:
360:
354:
350:
349:
341:
339:
337:
335:
333:
329:
317:
313:
306:
304:
302:
300:
296:
289:
285:
282:
281:
277:
275:
273:
269:
263:
244:
242:
240:
236:
232:
228:
224:
216:
214:
212:
208:
203:
199:
195:
189:
187:
183:
181:
176:
172:
171:
167:carrying the
166:
165:Space Shuttle
162:
158:
145:
144:
141:
134:
132:
128:
126:
122:
118:
114:
110:
106:
98:
96:
94:
90:
86:
83:
79:
75:
71:
62:
61:Computer worm
59:
57:
53:
50:
47:
45:
41:
38:
35:
31:
27:
23:
859:
757:The Analyzer
668:14 September
666:. Retrieved
662:the original
657:
636:
612:
596:14 September
594:. Retrieved
585:
556:. Retrieved
554:. Cybereason
551:
541:
531:10 September
529:. Retrieved
525:the original
520:
515:
508:
496:. Retrieved
485:
473:. Retrieved
468:
433:(1): 61–77.
430:
426:
401:
398:Luke Harding
389:
379:
371:
363:the original
347:
319:. Retrieved
315:
264:
248:
239:masturbation
220:
207:Midnight Oil
190:
179:
174:
168:
154:
138:
129:
102:
73:
69:
67:
830:Morris worm
790:Byte Bandit
762:Markus Hess
749:Individuals
613:Underground
394:David Leigh
194:New Zealand
875:Categories
805:Elk Cloner
623:1863305955
552:Cybereason
358:1863305955
290:References
272:logic bomb
180:Challenger
33:Written in
860:WANK Worm
835:Ping-Pong
820:Jerusalem
815:Ghostball
447:0167-4048
186:plutonium
105:Melbourne
74:OILZ Worm
70:WANK Worm
731:Timeline
590:Archived
278:See also
117:Electron
72:and the
795:Cascade
772:Malware
638:The Age
558:20 June
498:20 June
475:20 June
321:20 June
175:Galileo
170:Galileo
121:Phoenix
113:hackers
855:Virdem
850:Stoned
845:Scores
681:"wank"
620:
445:
355:
233:, and
227:HEPnet
209:song "
184:, the
157:DECnet
99:Origin
89:DECnet
785:Brain
736:1990s
582:(PDF)
235:Riken
76:were
780:1260
670:2019
618:ISBN
598:2019
560:2022
533:2020
500:2022
477:2022
443:ISSN
396:and
353:ISBN
323:2022
260:OILZ
231:CERN
161:NASA
119:and
68:The
56:Type
28:1989
840:SCA
435:doi
229:),
85:VMS
82:DEC
49:VMS
877::
656:.
635:.
588:.
584:.
550:.
467:.
455:^
441:.
431:12
429:.
425:.
411:^
400:,
331:^
314:.
298:^
262:.
123:.
95:.
709:e
702:t
695:v
672:.
641:.
626:.
600:.
562:.
535:.
502:.
479:.
449:.
437::
325:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.