Community hub
Community hub
Recent from talks
Knowledge base stats:
Talk channels stats:
Members stats:
Morris worm
The Morris worm or Internet worm of November 2, 1988, is one of the oldest computer worms distributed via the Internet, and the first to gain significant mainstream media attention. It resulted in the first felony conviction in the US under the 1986 Computer Fraud and Abuse Act. It was written by Robert Tappan Morris, a graduate student at Cornell University, and launched on 8:30 p.m. November 2, 1988[citation needed], from the Massachusetts Institute of Technology network.
The worm's creator, Robert Tappan Morris, is the son of cryptographer Robert Morris, who worked at the NSA. A friend of Morris said that he created the worm simply to see if it could be done, and released it from the Massachusetts Institute of Technology (MIT) to avoid the worm being traced directly back to Cornell, where he was a Ph.D. student at the time. Clifford Stoll, author of The Cuckoo's Egg, wrote that "Rumors have it that [Morris] worked with a friend or two at Harvard's computing department (Harvard student Paul Graham sent him mail asking for 'Any news on the brilliant project')".
The worm exploited several vulnerabilities of targeted systems, including:
The worm exploited weak passwords, such as words used by the spelling checker and passwords using simple patterns like username, emanresu, or usernameusername. Morris's exploits became generally obsolete due to decommissioning rsh (normally disabled on untrusted networks), fixes to sendmail and finger, widespread network filtering, and improved awareness of weak passwords.
Though Morris said that he did not intend for the worm to be actively destructive, instead seeking to merely highlight the weaknesses present in many networks of the time, a consequence of Morris's coding resulted in the worm being more damaging and spreadable than originally planned. It was initially programmed to check each computer to determine if the infection was already present, but Morris believed that some system administrators might counter this by instructing the computer to report a false positive. Instead, he programmed the worm to copy itself 14% of the time, regardless of the status of infection on the computer. This resulted in a computer potentially being infected multiple times, with each additional infection slowing the machine down to unusability. This had the same effect as a fork bomb, and crashed the computer several times.
The main body of the worm can infect only DEC VAX machines running 4BSD, alongside Sun-3 systems. A portable C "grappling hook" component of the worm was used to download the main body parts, and the grappling hook runs on other systems, loading them down and making them peripheral victims.
By instructing the worm to replicate itself regardless of a computer's reported infection status, Morris transformed the worm from a potentially harmless intellectual and computing exercise into a viral denial-of-service attack. Morris's inclusion of the rate of copy within the worm was inspired by Michael Rabin's mantra of randomization.
The resulting level of replication proved excessive, with the worm spreading rapidly, infecting some computers several times. Rabin would eventually comment that Morris "should have tried it on a simulator first".
Hub AI
Morris worm AI simulator
(@Morris worm_simulator)
Morris worm
The Morris worm or Internet worm of November 2, 1988, is one of the oldest computer worms distributed via the Internet, and the first to gain significant mainstream media attention. It resulted in the first felony conviction in the US under the 1986 Computer Fraud and Abuse Act. It was written by Robert Tappan Morris, a graduate student at Cornell University, and launched on 8:30 p.m. November 2, 1988[citation needed], from the Massachusetts Institute of Technology network.
The worm's creator, Robert Tappan Morris, is the son of cryptographer Robert Morris, who worked at the NSA. A friend of Morris said that he created the worm simply to see if it could be done, and released it from the Massachusetts Institute of Technology (MIT) to avoid the worm being traced directly back to Cornell, where he was a Ph.D. student at the time. Clifford Stoll, author of The Cuckoo's Egg, wrote that "Rumors have it that [Morris] worked with a friend or two at Harvard's computing department (Harvard student Paul Graham sent him mail asking for 'Any news on the brilliant project')".
The worm exploited several vulnerabilities of targeted systems, including:
The worm exploited weak passwords, such as words used by the spelling checker and passwords using simple patterns like username, emanresu, or usernameusername. Morris's exploits became generally obsolete due to decommissioning rsh (normally disabled on untrusted networks), fixes to sendmail and finger, widespread network filtering, and improved awareness of weak passwords.
Though Morris said that he did not intend for the worm to be actively destructive, instead seeking to merely highlight the weaknesses present in many networks of the time, a consequence of Morris's coding resulted in the worm being more damaging and spreadable than originally planned. It was initially programmed to check each computer to determine if the infection was already present, but Morris believed that some system administrators might counter this by instructing the computer to report a false positive. Instead, he programmed the worm to copy itself 14% of the time, regardless of the status of infection on the computer. This resulted in a computer potentially being infected multiple times, with each additional infection slowing the machine down to unusability. This had the same effect as a fork bomb, and crashed the computer several times.
The main body of the worm can infect only DEC VAX machines running 4BSD, alongside Sun-3 systems. A portable C "grappling hook" component of the worm was used to download the main body parts, and the grappling hook runs on other systems, loading them down and making them peripheral victims.
By instructing the worm to replicate itself regardless of a computer's reported infection status, Morris transformed the worm from a potentially harmless intellectual and computing exercise into a viral denial-of-service attack. Morris's inclusion of the rate of copy within the worm was inspired by Michael Rabin's mantra of randomization.
The resulting level of replication proved excessive, with the worm spreading rapidly, infecting some computers several times. Rabin would eventually comment that Morris "should have tried it on a simulator first".