Morris Worm (also known as the ‘great worm’ or ‘internet worm’) is the notorious computer worm which is believed to be one of the first to be distributed on the internet. It was designed by ‘Robert Thappan Morris’ and was released on ‘November 2nd 1988’, activated from a computer at MIT (Massachusets Institute of Technology). Morris, then a graduate student at Cornell University, wanted to see how quickly this vulnerability can spread, to check the size of the internet. For this, he designed Morris Worm, which can travel from computer to computer asking each of those computers to send a signal back to a control server, which would keep count. At that time, Morris Worm infected 10% internet and ended up with major damage, which was beyond the original expectation of Morris; Even his warning messages to system administrators was not enough to deal with this difficult situation.
Morris Worm used an ‘exploit’(a successful attack which takes advantage of a particular vulnerability in the targeted computing system) in sendmail to transmit a replica of itself. It was only able to affect DEC VAX machines, while a part of it was downloading its main body onto other systems. Morris Worm is the first known ‘Distributed Denial of Service (DDoS)’ cyber attack. In an era where the internet was kind of an academic community and a place for hobbyists, Morris worm infected tens of thousands of computers, disinfection costing hundreds or thousands of dollars per machine and even taking 72hours of world-class researchers from Purdue and Berkeley to halt it. This was a wake-up call of cybersecurity, significant in the creation of CERT-CC (CERT Coordination Center) for addressing internet threats so that the IT community could coordinate a response.
Even though there was huge public attention in this first event of its kind, media was confused due to lack of proper knowledge – some reporters were even asking questions about whether people can catch this computer infection. Because of Morris Worm, Carnegie Mellon University established the world’s first ‘Cyber Emergency Response Team’ (a group of experts that handles cybersecurity incidents. Also called as ‘Computer Emergency Readiness Team’ and ‘Computer Security Incident Response Team’ (CSIRT)), which has been now replicated in the federal governments, worldwide. In the end, even though not intending to destroy the internet, Morris got prosecuted under the then-formed Computer Fraud and Abuse Act due to Morris Worm’s widespread effects; he was sentenced to 3years probation, 400hours of community service and $10,000 fine.
To know more details, please read:
We all know that security attacks are enormously frequent in today’s cyber world. Though accidental, Morris Worm set the stage for all these crucial, devastating as well as widespread cyber vulnerabilities.
‘Belated Happy Birthday, Morris Worm!!’.