Robert Morris worm

The Robert Morris worm is widely acknowledged as the first computer worm to be distributed across the Internet and the first computer virus to receive mainstream media attention.

Designed by Cornell graduate student Robert Tappan Morris, Jr., the Morris worm was released Nov. 2, 1988, from the MIT campus to disguise its point of origin. The 99-line program was reportedly an experiment Morris created to measure the size of the ARPANET.

The program would run undetected on an infected system, recorded a statistic and searched for other Internet-connected systems on which it could replicate. However, a number of bugs and design flaws caused the program to target system vulnerabilities (namely the sendmail and finger implementations in Unix-based systems) and create more copies of itself than intended. This in turn caused buffer overflow and denial-of-service attacks on infected systems, rendering them useless within 90 minutes of initial infection.

In less than a day, the Morris worm affected approximately 10% of the 60,000 Internet-connected computers across the United States. Even if the infected systems were cleaned or rebooted, the worm would return and re-infect them. Each infection reportedly cost between $200 and $53,000 to remove and, according to the U.S. General Accounting Office, as much as $10 million may have been lost due to the Morris worm.

The Morris worm served as a wake-up call for the information security industry, drawing attention to the potential danger posed by computer viruses and the need for strong protections. It also resulted in the first conviction under the 1986 Computer Fraud and Abuse Act; Robert Morris was sentenced to three years' probation, 400 hours of community service and fined $10,000. The Morris worm is also credited with prompting the creation of the Computer Emergency Response Team by the Defense Advanced Research Projects Agency.

This was last updated in April 2014

Continue Reading About Robert Morris worm

Dig Deeper on Threats and vulnerabilities