This week in 1988, Cornell graduate student Robert Tappan Morris unleashed his eponymous worm upon the Internet. The wave of infections grew to 10% of the entire Internet within 24 hours, causing astronomically expensive damage for the time. However, the pioneering Morris worm malware wasn’t made with malice, says an FBI retrospective on the “programming error.” It was designed to gauge the size of the Internet, resulting in a classic case of unintended consequences.
Morris worm dissection
Known to be something of a prankster, Morris must have felt some foreboding about releasing his ‘innocent’ program into the wild. Evidence of this comes from his release method. “He released it by hacking into an MIT computer from his Cornell terminal in Ithaca, New York,” according to the FBI.
The Morris worm was written in C and targeted BSD UNIX systems, like VAX and Sun-3 machines. Specifically, the FBI writes, it “exploited a backdoor in the Internet’s electronic mail system and a bug in the ‘finger’ program that identified network users.” In contrast to computer viruses, the worm Morris had devised had no need of a host program, but could self-replicate and spread autonomously.
Thankfully, the Morris worm wasn’t written to cause damage to files. Due to those unintended consequences, though, it precipitated massive slowdowns, and messaging delays and system crashes were common symptoms. It became a computer news sensation in the worst possible way. Just to get rid of the worm in a timely fashion, some institutions ended up wiping complete systems and unplugging networks for as long as a week.
Among the Morris worm's casualties were prestigious institutions such as Berkeley, Harvard, Princeton, Stanford, Johns Hopkins, NASA, and the Lawrence Livermore National Laboratory.
Morris worm isolated safely on a floppy. Sorry, the resolution is low. (Image credit: Go Card USA
Whodunit?
Experts worked hard to find a fix, and while they did so, the question of who was behind the worm came to the fore. Understandably, whoever created and unleashed this worm needed to feel some consequences, and thus, the FBI was brought in.
Apparently, Morris sought to anonymously explain and apologize for the worm, but an inadvertent slip of his initials by a friend landed Morris in it.
... continue reading