This week in 1988, Cornell graduate student Robert Tappan Morris unleashed his eponymous worm upon the Internet. The wave of infections grew to 10% of the entire Internet within 24 hours, causing astronomically expensive damage for the time. However, the pioneering Morris worm malware wasn’t made with malice, says an FBI retrospective on the “programming error.” It was designed to gauge the size of the Internet, resulting in a classic case of unintended consequences.
Morris worm dissection
Known to be something of a prankster, Morris must have felt some foreboding about releasing his ‘innocent’ program into the wild. Evidence of this comes from his release method. “He released it by hacking into an MIT computer from his Cornell terminal in Ithaca, New York,” according to the FBI.
The Morris worm was written in C and targeted BSD UNIX systems, like VAX and Sun-3 machines. Specifically, the FBI writes, it “exploited a backdoor in the Internet’s electronic mail system and a bug in the ‘finger’ program that identified network users.” In contrast to computer viruses, the worm Morris had devised had no need of a host program, but could self-replicate and spread autonomously.
Thankfully, the Morris worm wasn’t written to cause damage to files. Due to those unintended consequences, though, it precipitated massive slowdowns, and messaging delays and system crashes were common symptoms. It became a computer news sensation in the worst possible way. Just to get rid of the worm in a timely fashion, some institutions ended up wiping complete systems and unplugging networks for as long as a week.
Among the Morris worm's casualties were prestigious institutions such as Berkeley, Harvard, Princeton, Stanford, Johns Hopkins, NASA, and the Lawrence Livermore National Laboratory.
Whodunit?
Experts worked hard to find a fix, and while they did so, the question of who was behind the worm came to the fore. Understandably, whoever created and unleashed this worm needed to feel some consequences, and thus, the FBI was brought in.
Apparently, Morris sought to anonymously explain and apologize for the worm, but an inadvertent slip of his initials by a friend landed Morris in it.
FBI interviews and computer file analysis would subsequently confirm Morris was the culprit. He was indicted under the rather freshly inked Computer Fraud and Abuse Act of 1986. After a court appearance for his misdemeanors in 1989, Morris ended up not with jail time, but with a fine, probation, and 400 hours of community service to complete.
Computer worms have been around longer than the World Wide Web
Back in November 1988, the Internet bore little resemblance to what it is today. For example, the World Wide Web (WWW) wasn’t even a thing. Though the WWW would soon form the core experience for the first tide of surfers in the 90s.
At the time, the Internet’s backbone was the NSFNET, the recent successor to ARPANET. Its purpose was mostly to expand the prior backbone’s reach beyond military and defense institutions, and it more broadly embraced academia. While we are here, it is worth mentioning that NSFNET was decommissioned in 1995, and succeeded by the commercial Internet, which emerged in the 1990s off the back of private ISPs and commercial backbones.
So, when we talk about 10% of the Internet being paralyzed by the Morris Worm, contemporary estimates are that about 6,000 of the approximately 60,000 connected systems were infected and impacted. Moreover, when we highlighted the potentially massive costs of this first worm propagating, estimates range from $100,000 to millions of dollars.
Computer worms have remained a scary phenomenon in recent times. For example, we reported on the first-generation AI worm, the Morris II generative AI worm, last year.
Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.