Morris Worm Outbreak Marks 25th Anniversary

By Peter Bernstein November 04, 2013

Let me preface this with the observation that the old saying “Time flies when you are having fun” may not be applicable in this instance.  That said, for those of us of a certain age and/or who have a passion for Internet history, November 2 is an important date. As noted in the headline, this year the date marked the 25th anniversary of the Morris Worm.

“What is that?” For those unfamiliar, the Morris Worm was the first well-publicized computer virus that not only hit the Internet, but crippled it significantly. It derives its name from then Cornell University student Robert Tappan Morris, who wrote it. 

Picture of Professor Robert Tappan Morris courtesy MIT

And, while he subsequently was convicted of computer fraud and has thoroughly rehabilitated his reputation as a respected associate professor of computer science at MIT, at 6 p.m. on Nov. 2, 1988, he launched his worm, which disabled approximately 10 percent of all Internet-connected systems at the time. What is amazing considering how far we have come is that the 10 percent number was roughly about 60,000 machines. These were primarily in academic settings and were mostly comprised of Sun 3 systems and Digital VAX computers running BSD Unix—two big names in computing that are no longer with us.

The Morris Worm was not built with malicious intent, but more as an experiment that unfortunately exceeded expectations in its ability to self-replicate. It exploited known weaknesses in common utilities including sendmail, which is email routing software, and Finger, a tool that showed which users were logged on to the network, and for several days brought the Internet to a crawl. It actually crashed many infected machines, and caused the U.S. Department of Defense to unplug from their Internet gateways. It caused the kind of panic in the Internet world that Orson Welles’ famous “Halloween War of the Worlds” caused 75 years ago.

Over the years, Morris has said his intent was not to cause damage but was rather to try to size the Internet. He might not even be so infamous if not for the fact that this little intellectual adventure became a major what we now would classify as a Denial of Service (DoS) attack, were it not for a minor issue with the spreading mechanism. 

The worm could have determined whether to invade a new computer by asking if there was already a copy running. A simple “yes” when asked would have ended the spread of the virus. Morris, smart fellow that he was, directed the worm to copy itself even if the response is "yes", one out of seven times. Without this knowledge on an appropriate counter-measure, replication literally went viral, including infecting the same machines multiple times. Morris remarked, in what really is very applicable to events of our times, that he "should have tried it on a simulator first."

I remember writing about all of this at the time and making fun of the fact that those who had the capability to remediate the problem could not communicate with each other, which is why it took many days to restore the Internet to its natural state. The reason was most of the experts communicated via email and did not have an address book with the telephone numbers of their colleagues. My point back then was that the Internet, while interesting for communicating, was not a compelling a tool as picking up the phone and that would likely be the case for a very long time. Let’s just say I do not make those kinds of predictions any more.

On this anniversary, the question as to whether we learned anything from the exposure and damage of the Morris Worm is relevant. Many in our industry who look at the history say that because the Internet community was so small at the time it took many years for the incident to go from being mildly interesting to being a cause of alarm, particularly for commercial entities and the mass market. In terms of investments in security solutions they have a point, and it did take a series of major hacks in the 1990s to create the anti-virus, anti-malware, firewall, VPN, encryption, etc. environment of today. Ironically it is an environment now being termed unsuitable to meet the sophistication, frequency and malevolence of today’s attacks.   

It is safe to say that what we have learned is that even what might be seen as “ethical hacking” has significant unintended -- as well as intended -- consequences. It is also fair to say that information security has gone from a minor concern of enterprises and government to the very top of the threat list. As a result of identity theft, the recent headlines, crashes of our own personal computers and increasingly our mobile devices, we, too, have become sensitized to the need for protection. 

I would say that a celebration is in order to honor this anniversary, but it is not one where congratulations are in order. Maybe it would just be a good day to make sure all of you protective software is up-to-date.  

Related Articles

Consumer Privacy in the Digital Era: Three Trends to Watch

By: Special Guest    1/18/2018

Digital advertising has exploded in recent years, with the latest eMarketer data forecasting $83 billion in revenue this year and continued growth on …

Read More

CES 2018: Terabit Fiber - Closer Than We Think

By: Doug Mohney    1/17/2018

One of the biggest challenges for 5G and last mile 10 Gig deployments is not raw data speeds, but middle mile and core networks. The wireless industry…

Read More

10 Benefits of Drone-Based Asset Inspections

By: Frank Segarra    1/15/2018

Although a new and emerging technology, (which is still evolving), in early 2018, most companies are not aware of the possible benefits they can achie…

Read More

VR Could Change Entertainment Forever

By: Special Guest    1/11/2018

VR could change everything from how we play video games to how we interact with our friends and family. VR has the power to change how we consume all …

Read More

Making Connections - The Value of Data Correlation

By: Special Guest    1/5/2018

The app economy is upon us, and businesses of all stripes are moving to address it. In this age of digital transformation, businesses rely on applicat…

Read More