
© Profit_Image / Shutterstock.com
Key Points
- The Morris Worm is considered the first computer virus.
- When the Morris worm was created, the creator only intended to highlight the vulnerabilities of computer networks.
- The worm is named after Robert Morris, its creator, who released it on November 2, 1988.
The Morris Worm is often regarded as the virus that started it all. The first computer worm with widespread real-world impact was far more damaging and easily spread than intended. Consequently, it gained significant media attention and goes down in history as the “Great Worm” given its devastating effects.
The worm is named after Robert Morris, its creator, who released it on November 2, 1988.
When the Morris worm was created, the creator only intended to highlight the vulnerabilities of computer networks (which were still in their infancy) and raise awareness about their risks. However, the experiment went rogue, spreading faster than Morris had anticipated.
It is reported that within 24 hours of releasing it, about 6000 major UNIX computers (about 10% of UNIX machines at the time) were infected and rendered useless until decontaminated.
On one hand, the virus achieved its purpose of raising widespread awareness about the dangers of the internet and left a long-lasting legacy in the cyber-security world. On the other, it came at a much higher cost than Robert Morris anticipated.

©Profit_Image/Shutterstock.com
Worm vs Virus: What’s the Scoop?
Contrary to popular belief, the Morris worm isn’t a virus. Unlike a virus, worms are standalone programs capable of self-replicating and spreading from one computer to another through networks. Alternately, a virus requires a host program to run. In other words, you might not notice a worm sneak into your computer, while a virus is likely caused by you inadvertently activating it (such as launching an infected program).
Another notable difference between worms and viruses is that worms typically wreak more havoc than viruses. Their primary target is using up computing power and memory space. As a result, the computer slows down, programs might shut down, and the entire computer might be unusable until the worm is removed.
The Morris Worm: “Accidents” Happen
Cornell University graduate student Robert Tappan Morris designed the Morris worm to exploit vulnerabilities on computers employing the Unix Operating system. Though his intentions were far from nefarious (he simply wanted to see if it could be done), his efforts quickly spun out of control.
Ironically (or perhaps not so), Morris was the son of cryptographer Robert Morris, who was working for the NSA when his son released the destructive infection. Although the Morris Worm didn’t destroy the operating system or wipe out files on the UNIX computers, the worm did slow things down considerably, resulting in several days of delay.
Within a few hours of releasing the worm, it had infected thousands of computers at research centers, universities, and military installations all over the country. The worm did not damage any files. However, it made the internet inaccessible for the short period it was active.
Emails were delayed for several days, and in an attempt to get rid of the virus, many institutions either disconnected their computers or wiped them completely. Additionally, the U.S. Government Accountability Office put the cost of the damage between $100,000 and $10,000,000. While this number is inordinately broad, it speaks to the costly mistake — regardless of the exact dollar amount.

©wk1003mike/Shutterstock.com
Attack Mode
Part of what makes the Morris worm so efficient is that it can spread through multiple vectors. These include:
Name/Finger Protocol
One method of the Morris Virus’s attack was to exploit a UNIX Machine internet service known as the “name/finger protocol.” The protocol was used to supply information to other network users. So, the Morris virus leveraged this to move from one computer to the other across the network.
Brute Force on Computer Passwords
The Morris virus could hack into computers using a brute force attack that allowed it to guess user IDs and passwords. It then used the hacked credentials to access servers where the user had an account.
SendMail Attack
The third hole exploited by the worm was in the debug mode of the Unix Sendmail program, a standard utility used to send emails. The Morris worm was also programmed to duplicate itself at every seventh instance of any computer that had the bug installed already. This self-duplication program allowed the worm to spread faster than Morris expected.
The Aftermath
An experiment gone wrong, Robert Morris immediately attempted to mitigate the damage he’d caused by sending out a message on how to dismantle the worm. Ironically, the network congestion made it difficult to get the message across.
Cornell suspended Rober Morris, and a federal jury indicted him for computer fraud. Although he wasn’t jailed, he was fined $10,050 and had to undergo 400 hours of community service. He was also on probation for three years.
Being the first widespread internet virus attack, the Morris worm had a remarkable impact on the computing world. It was a wake-up call for the internet community, which was relatively sleepy at the time — a glimpse of the potential dangers of the internet during a time when everyone treated the internet as a friendly club where everyone trusted one another.
Moreover, the Morris Worm gave the government an eye-opening view of computer vulnerabilities, and it contributed to the growth of cybersecurity. Developers began to create systems to detect computer intrusions, the precursor to present-day antiviruses that detect and remove computer malware. Of course, the Morris Worm attack also inspired a generation of hackers who perpetrate internet assaults on digital to this day.
Protection
Most antivirus tools that detect computer worms are also able to remove them. To best protect your computer from the Morris worm, we recommend the following antivirus software:
- Download and install instantly
- Real-time protection from malware
- Safely and securely store your passwords with password manager
- Firewall blocks unauthorized traffic
- 2GB of PC Cloud backup
- AWARD WINNING ANTIVIRUS: Rest easy knowing McAfee’s protecting you from the latest threats
- PROTECT YOUR IDENTITY: We'll monitor your life online, from bank account numbers, credit cards, to your emails and more.
- BROWSE CONFIDENTLY AND PRIVATELY: Secure VPN keeps your info safe from prying eyes
- SEE HOW SAFE YOU ARE BEING ONLINE: Get your personalized protection score, identify weaknesses and get help to fix them.
- BANK, SHOP and CONNECT WORRY-FREE: be warned about risky websites before you click
- SPEED-OPTIMIZED, CROSS-PLATFORM PROTECTION: World-class antivirus security and cyber protection for Windows (Windows 7 with Service Pack 1, Windows 8, Windows 8.1, and Windows 10), Mac OS (Yosemite...
- SAFE ONLINE BANKING: A unique, dedicated browser secures your online transactions; Our Total Security product also includes 200MB per day of our new and improved Bitdefender VPN
- ADVANCED THREAT DEFENSE: Real-Time Data Protection, Multi-Layer Malware and Ransomware Protection, Social Network Protection, Game/Movie/Work Modes, Microphone Monitor, Webcam Protection,...
- NO CREDIT CARD REQUIRED: Subscription does not automatically renew (unless your account was previously set up to do so)
- ECO-FRIENDLY PACKAGING: Your product-specific code is printed on a card and shipped inside a protective cardboard sleeve. Simply open packaging and scratch off security ink on the card to reveal your...
Are you interested in learning about other computer viruses? Check out our complete guide!