Today in Geek History: The Morris Worm
On November 2, 1988, one of the first computer worms was released via the Internet. Created by Robert Tappan Morris, a student at MIT, it was intended to measure the size of the Internet. However, the worm exploited vulnerabilities in various e-mail clients and weak passwords, infected computers multiple times, and slowed machines to the point of being unusable.
Quoth the Wiki:
It is usually reported that around 6,000 major UNIX machines were infected by the Morris worm. Paul Graham has claimed that
“I was there when this statistic was cooked up, and this was the recipe: someone guessed that there were about 60,000 computers attached to the Internet, and that the worm might have infected ten percent of them.”
The U.S. GAO put the cost of the damage at $10M–100M.
The Morris worm prompted DARPA to fund the establishment of the CERT/CC at Carnegie Mellon University to give experts a central point for coordinating responses to network emergencies.Gene Spafford also created the Phage mailing list to coordinate a response to the emergency.
Robert Morris was tried and convicted of violating the 1986 Computer Fraud and Abuse Act. After appeals he was sentenced to three years probation, 400 hours of community service, and a fine of $10,000.
The Morris worm has sometimes been referred to as the “Great Worm”, because of the devastating effect it had on the Internet at that time, both in overall system downtime and in psychological impact on the perception of security and reliability of the Internet. The name was derived from the “Great Worms” of Tolkien: Scatha and Glaurung.
Consider this a friendly reminder to update your anti-virus software!