kids encyclopedia robot

Morris worm facts for kids

Kids Encyclopedia Facts
Quick facts for kids
Morris worm
Original author(s) Robert Tappan Morris
Initial release 8:30 pm November 2, 1988
Written in C
Operating system 4BSD
Platform VAX, Sun-3 BBN C70 NOC, BBN C30IMP
Type Computer worm, Malware

The Morris worm, also known as the Internet worm of November 2, 1988, was one of the very first computer worms to spread widely across the early Internet. It was the first time a computer program like this gained a lot of attention in the news. This worm caused big problems for many computers connected to the Internet back in 1988. Its creation led to the first legal action in the US under a law about computer misuse.

How the Morris Worm Worked

Morris Worm
A floppy disk holding the code for the Morris Worm, at the Computer History Museum.

The worm was created by Robert Tappan Morris, a student at Cornell University. He launched it on November 2, 1988, from a network at the Massachusetts Institute of Technology (MIT). Some people believe he did this to see if it was possible to create such a program. He also hoped that launching it from MIT would make people think someone else created it, not him.

The Morris worm found and used several weak spots in computer systems. These weak spots included:

  • A flaw in a program called sendmail, which helps computers send emails.
  • A problem in a network service called finger, which lets you look up information about users.
  • A way to log into computers without needing a password, if they were set up that way using tools like Remote Shell (rsh).

The worm also tried to guess easy passwords. It looked for common words or simple patterns, like using the username itself as the password. Over time, these weak spots were fixed, and people learned to use stronger passwords.

Morris said he did not want the worm to cause damage. He just wanted to show how weak many computer networks were at the time. However, a part of his code made the worm more harmful than he planned. The worm was supposed to check if a computer was already infected. But Morris thought some computer managers might trick the worm into thinking a computer was clean when it wasn't. So, he programmed the worm to copy itself about 14% of the time, even if the computer was already infected.

This meant a computer could get infected many times over. Each new infection made the computer run slower and slower, sometimes to the point of being unusable. This was similar to a fork bomb, which can crash a computer by making too many copies of itself.

The main part of the worm could infect specific types of computers. These were DEC VAX machines running 4BSD, and Sun-3 systems. A smaller part of the worm, written in C, could run on other systems. This smaller part would download the main worm parts, also slowing down those other computers.

Why It Spread So Fast

By telling the worm to copy itself even if a computer was already infected, Morris accidentally turned it into a powerful digital attack. This random copying made the worm spread much faster than intended. It infected some computers many times over. This caused a huge slowdown, making computers unusable. One expert later said Morris "should have tried it on a simulator first" to see how it would behave.

What Happened After the Worm

Impact on Computers

Cleaning up the Morris worm was very expensive. During the legal process, experts estimated it cost anywhere from $200 to $53,000 to remove the worm from each affected computer. One expert, Clifford Stoll, who helped fight the worm, estimated the total cost was between $100,000 and $10,000,000. He said that about two thousand computers were infected within 15 hours. These machines became useless until they were cleaned. Removing the worm often took two days.

It is often reported that around 6,000 major computers running Unix were infected. Some people believe this number came from a guess that 10% of the Internet's 60,000 computers were affected. Stoll, however, thought "only a couple thousand" computers were truly affected.

The Internet itself was split into pieces for several days. Regional networks disconnected from the main NSFNet backbone. They also disconnected from each other. This was done to prevent re-infection while they cleaned their own networks.

Lessons Learned

The Morris worm showed how important computer security was. It led to the creation of the CERT/CC at Carnegie Mellon University. This group gives experts a central place to work together during network emergencies. Another expert, Gene Spafford, also created a mailing list called Phage to help coordinate responses.

Robert Tappan Morris, the worm's creator, faced legal consequences for releasing it. He was found responsible for violating a US law about computer fraud and abuse. After appeals, he was given three years of supervision, had to do 400 hours of community service, and paid a fine of $10,050, plus other costs.

The Morris worm is sometimes called the "Great Worm." This name comes from the powerful "Great Worms" in Tolkien's stories. The Morris worm had a huge impact on the early Internet. It caused a lot of downtime and made people think much more about how to keep the Internet safe and reliable.

See also

  • Buffer overflow
  • Timeline of computer viruses and worms
kids search engine
Morris worm Facts for Kids. Kiddle Encyclopedia.