Illumio Blog
November 3, 2016

The Morris Worm: A secret bot, a design flaw, and the crippling of the Internet


You can picture it in your mind. It’s 1988. Graduate student Robert Tappan Morris is sitting on the MIT campus, designing an undetectable bot in a late-night coding marathon. There was no malice behind his actions. Instead his intention was to exploit vulnerabilities in network security by creating a program that would copy itself and spread.

Morris Worm

Yet due to a design flaw, and perhaps a premature release, far more copies of the program were created, over-taxing computer systems and causing processing to buckle under the strain of unnecessary processing. While not the first reported computer virus, this unfortunate error would come to be known as the “Morris Worm.” 

This first widely known Internet malware had a lot in common with the recent DNS DDoS (Distributed Denial of Service) attack, which also used botnets to infect a lot of machines, and then—when given a command—attacked a common target.

Morris used exploits in Unix to spread the code from machine to machine. There’s some speculation he wanted to create a botnet, but he was just testing at a smaller scale. Unfortunately his creation had a mistake and escaped from his control. (If two worms met each other on the same machine, one would turn itself off; but one in seven times it would make itself immortal instead.) There were enough worms meeting each other (the Internet had only around 100,000 computers at the time) that the immortal worms made infected systems slow to a crawl.

By the following morning, the Internet had been taken down to its knees. Ultimately this action led to the trial and conviction of Morris under the newly implemented Computer Fraud and Abuse Act of 1986. The conviction was appealed but subsequently upheld. Morris was sentenced to three years of probation, 400 hours of community service, a fine of $10,050, and the costs of his supervision.

So while the act of launching this worm (the name shortened from tapeworm due to its parasitic tendencies) resulted in legal action against Morris, it also acted as an impetus for vendors and system administrators to fix their systems. One of the biggest outcomes was the creation, only weeks later, of CERT (Computer Emergency Response Team), an organization that has proved extremely influential in the management of cybersecurity.

Although convicted of a felony, Robert later became a professor of computer science at MIT and one of the co-founders of Y Combinator, Silicon Valley’s pre-eminent startup incubator program.

Topics: Adaptive Security, Illumio News

Share this post: