Morris Worm: Father of Computer Viruses

Almost 20 years ago to this very day, Robert Morris distributed the Morris Worm on the internet. The Morris Worm seems to have rather humble beginnings. According to Morris, the Job of the program was only to count how many computers were currently connected to the internet. What ensued was panic, as (according to the United States General Accounting Office) the worm caused about $10 million to $100 million in damages.

The worm's job was to only travel from computer to computer and record a statistic. It didn't destroy or alter any files, delete data, or corrupt computers and steal passwords. What it did do was slow down a computer drastically. Here's how it would work:

The Morris Worm spread to a computer at the University of Utah. It began to travel to other computers on that server, and then spread to any other computers it could. About 4 hours after the Worm was released, there are so many worms that not only can no new users enter the system, no processes can be started. The System Administrator kills the worms, but they come back. He subsequently shuts down the server and restarts it, only to find that the server is once again reinfected, this time with even more worms. How did this happen?

The main design flaw in Robert Morris' computer program was this: In order to actually bypass security and get into a computer, the worm has to manifest itself on that computer. The program would enter the computer, ask if a copy was already running, then leave and move on. Morris probably thought that since someone could falsely answer "Yes" and drive the worm away, he would implement a condition that would override the "Yes" and send the worm in 1 out of 7 times regardless if the answer was yes. This means that one computer could be infected multiple times even though the worm was already running. Apparently he underestimated this level of replication, as the worm spread at an extremely alarming rate.

An estimate is that at the time, about 60,000 computers were connected to the internet and the worm affected 6,000 of them.

Robert Morris was sentenced to 3 years of probation, 400 hours of community service, and fined a total of $10,000. Even so, he went on to fo-found his own company called Viaweb which he sold to Yahoo for $48 million, and later on recieved a Ph.D from Harvard as well as being appointed as a Professor at MIT.

A floppy version of the Morris Worm is on display at the Boston Museum of Science, and one website even has a .zip file available for download!

The Morris worm led to the formation of the Computer Emergency Response Team (CERT) (and probably many other organizations as well) to combat hackers, unauthorized access and the like. This was a true wake up call to the world that the internet was not 100% safe; it was time to buckle down and take serious measures to defend computers.

It really seems that the "worm" he released really did not have any bad intentions behind it, just an error that caused a small experiment to become one of the first (and most) widely publicized computer worms in history.

Sources:

http://en.wikipedia.org/wiki/Morris_worm

http://snowplow.org/tom/worm/worm.html

http://www.malwarecity.com/blog/the-nsa-versus-morris-100-million-in-damage-232.html