On November 2nd 1988, the Internet was a very different place than we know it today. Yet on that day, it was about to experience something for the first time that we now see all too frequently. A major malware attack.
Robert Tappan Morris, sitting in front of a computer as the Massachusetts Institute of Technology, launched his malware creation onto the Internet. Later dubbed the Morris Worm, it was the first example of malware that self-replicated itself across the Internet, infecting computers along the way.
A computer worm is a type of malware that can, unlike a computer virus, copy and spread itself from computer to computer without the need for a “host” (an otherwise legitimate file or program.) It simply self-replicates by itself, meaning computer worms can potentially travel faster than any other type of malware.
And the Morris Worm certainly travelled fast. Within 24 hours it had infected 6,000 computers around the world. Considering the Internet was comprised of only 60,000 computers in 1988, that was 10% of the Internet the worm had managed to infect.
Unlike malware we see today, the Morris Worm wasn’t particularly malicious. It didn’t destroy files, promote spammy adverts, spy on users or encrypt their documents and demand a ransom. In fact the entire worm consisted of a mere 99 lines of code. Most of the damage the worm did was slow down computers it infected, since the worm would harness their power to help spread itself to even more computers.
This slowed down infected computers to the point they would simply crash. The effects of the worm reverberated all across the Internet, with frantic emails being exchanged between organisations announcing they were “under attack”.
The worm spread between computers using three different methods; methods we still see being used today. The first two methods exploited vulnerabilities in the Unix software that most computers ran (this was before the days when Microsoft Windows dominated the operating system market!) The third would try to gain access to computer networks by checking if the administrator password was a commonly used password.
Not only was this the first malware attack that used the Internet to proliferate the malware, it was also the first malware attack to gain substantial media attention. And later, it would be the first time the person responsible for the attack would be convicted of their crime.
Sponsored Content. Continued below...
The Morris Worm changed the Internet forever, and put an increased emphasis on computer security. For the first time in the Internet’s history, it was demonstrated that nefarious software could travel between computers at lightning speed, causing unprecedented destruction along the way.
And considering that the Morris Worm wasn’t even intended to be particularly malicious, it served as a warning shot and a proof of concept. With more and more computers connecting to the planet’s largest network – and our dependency on the Internet increasing ever so slightly – serious and significant attention needed to be dedicated to ensuring that not only was the Internet working, but it was also safe and secure.
Only days after the Morris Worm infected thousands of computers and subsequently cleaned up, the Computer Emergency Response Team Coordination Center (CERT/CC) was established to try and pre-emptively help organisations keep their software secure and respond to existing cyber-attacks.
The U.S. General Accounting Office estimated that between $100,000 and $10 million was lost due to the internet inaccessibility that resulted from the Morris Worm infections.
As for Robert Tappan Morris himself, he had always maintained – dubiously, some claim – that his worm was an experiment gone awry, and that he had no idea the work would travel so far or cause so much disruption. Whatever the truth behind it motivation, he was ultimately convicted, given a $10,000 fine, three years’ probation and 400 hours of community service.