Search

Legendary Hacks #1: the Morris worm

Morris, the first computer worm

What is a computer worm?

A computer worm is a type of malicious software, edited in such a way that it propagates and executes itself at the same time. The worm attacks reproduce and spread without the help of a cybercriminal since one of its main functions is to duplicate itself autonomously.

A very dangerous type of malware, it infiltrates devices by exploiting security holes undetected by administrators to discreetly damage or destroy the device.

Originally, the first worms created were not intended to cause any damage but simply to have fun to point out computer flaws or to show off their skills.

Unfortunately, over the years, hackers have come to realize the potential of this malware and how dangerous it is. The Morris worm was the first computer worm to spread worldwide and cause damage.

The “Morris” worm

On November 2, 1988, Robert Tappan Morris was 23 years old when he decided to test his worm and put his malware into action. As a student at Cornell University, he did not launch his virus from his school but from a computer at MIT, a world-renowned technology institute.

The Morris worm begins to spread from device to device, eventually affecting thousands of machines worldwide. It is quickly considered the first large-scale computer infection. Other worms had been created before, but they were of minimal importance compared to the one written by Robert Tappan Morris.

The Morris worm, originally designed to be harmless, works as follows. The worm duplicates itself from one device to another by exploiting common security holes in the operating systems installed on the devices. Initially designed to study the scope of the Internet and the connections between devices, the operation took a completely different turn when coding errors were detected.

Indeed, several code errors in the program made the worm dangerous causing various damages accidentally. Failures, connection problems… were detected on about 6000 machines. A relatively important ratio since at the time there were only 60 000 machines connected to the Internet worldwide. These were not personal computers but devices of companies, universities, or government agencies. Today, the number of devices connected to the Internet is estimated at 20 billion (computers, smartphones, watches, household appliances, game consoles…).

Moreover, the device could be infected several times by the virus, and each additional process affected the machine by slowing it down or making it unusable. The overload of activity on the affected devices caused system crashes, which was an unforeseen consequence by its publisher.

The beginning of a new era?

A high-profile case

In addition to being the first computer worm, it forever marks the digital age and cyber-attacks.

Highlighting the damage that can be done in the computer world, Robert Tappan Morris is the first cybercriminal to be convicted under the Computer Fraud and Abuse Act of 1986. This law prohibits all intrusive behavior in a device without prior authorization.

Initially fined between $10 million and $100 million, Robert Tappan Morris was given three years’ probation and a $10,000 fine.

The trial was covered by the media and was followed worldwide, highlighting a danger that was still unknown at the time: malware.

Sudden awareness

The case occurred in 1988 when the possibility of vulnerabilities in one’s computer was still unknown.  Few companies and individuals knew the dangers of the Internet and the importance of protecting their data.

Thanks to the media coverage of this case, companies and universities have understood that investing in data protection and learning about the dangers of malware is essential.

Today, computer worms are still being published and attacking large companies. However, their degree of danger has evolved. The ILOVEYOU worm is an example. Spread in the 2000s throughout the world, it caused damage estimated at several billion dollars.

Incident Response Hotline

Facing cyber incidents right now?

Contact our 24/7/365 world wide service incident response hotline.

CSIRT