The First Internet Worm

In the early days, the Internet was a peaceful place. Almost only universities were connected and online transactions were still a couple of years down the line. Of course some computers got attacked once in a while. But that was isolated incidents and very little damaged was caused. There was very little need for strict security and few worried about IT security. Much changed after the so called Morris Worm in November 1988.

The creator of the worm was Robert Tappan Morris, a Cornell graduate student in computer science. The worm may have managed to infect up to 20% of all computers on the Internet. This made the worm very successful but also short-lived. The worm infected the same computer multiple times, overloading many computers. The rapid growth of the worm forced system administrators to quickly find ways to kill it.

With today’s standard, the worm code was very basic. But back in those days, security was lax so the worm spread very quickly despite that it was taking advantage of security flaws that in some cases had been known for years. Nowadays security is much tighter, such basic attacks would not cause any significant damage today. The code of the worm was an interesting mix of some sophisticated parts combined with a couple of basic flaws.

The worm was not created to cause damage, it was more an attempt to create something that would travel around in the network. But Morris misjudged the success of the worm, far too many systems had basic security holes. But the worst damage was done because the worm infected the same computer multiple times. Some computers got infected with so many copies of the worm that the systems got overloaded and crashed. It became, by accident, the first known Denial-of-Service attack, things simply went out of control.

Exactly how many computers were infected is not known. Some estimations indicated that 20% of all computers on the Internet were infected. But many think that the number was much lower, probably less than 10%. The worm targeted only two types of computers, VAXs running BSD Unix and Sun-3 computers, also running a BSD-like UNIX version. Back in 1988 these computers were very popular on the
Internet.

The worm tried four different attacks. Three of them tried to exploit known security flaws in UNIX while the fourth was trying to take advantage of weak passwords. But as mentioned, the worm did not do any damage to the system, except for overloading the systems by infecting the same system multiple times. It did not try to gain root privileges, which is needed to alter or damage a UNIX system. Its only purpose was to infect new systems.

The Morris Worm changed the Internet, but slowly. Before the incident, computer security had not been much of an issue. Some people would say that the Internet community was trusting and naïve. After that so many computers got infected so easily, computer security became more important. Some people called it a wake-up call. But pretty soon most of the Internet society forgot all about potential security problems. It would take quite some time before Internet security become a hot topic. One reason for this was that back in 1988, the Internet was mainly an academic network with no commercial traffic. Once the Internet started to get commercial traffic, security became a priority.

Leave a Reply