The Morris Worm is often regarded as the virus that started it all. The first computer worm with widespread real-world impact was far more damaging and easily spread than intended. Consequently, it gained significant media attention and goes down in history as the “Great Worm” given its devastating effects. The worm is named after Robert Morris, its creator, who released it on November 2, 1988.

When the Morris worm was created, the creator only intended to highlight the vulnerabilities of computer networks (which were still in their infancy) and raise awareness about their risks. However, the experiment went rogue, spreading faster than Morris had anticipated. It is reported that within 24 hours of releasing it, about 6000 major UNIX computers (about 10% of UNIX machines at the time) were infected and rendered useless until decontaminated. On one hand, the virus achieved its purpose of raising widespread awareness about the dangers of the internet and left a long-lasting legacy in the cyber-security world. On the other, it came at a much higher cost than Robert Morris anticipated.

Morris worm
The Morris Worm was released on November 2, 1988, by Robert Morris.

Worm vs Virus: What’s the Scoop?

Contrary to popular belief, the Morris worm isn’t a virus. Unlike a virus, worms are standalone programs capable of self-replicating and spreading from one computer to another through networks. Alternately, a virus requires a host program to run. In other words, you might not notice a worm sneak into your computer, while a virus is likely caused by you inadvertently activating it (such as launching an infected program).

Another notable difference between worms and viruses is that worms typically wreak more havoc than viruses. Their primary target is using up computing power and memory space. As a result, the computer slows down, programs might shut down, and the entire computer might be unusable until the worm is removed.

The Morris Worm: “Accidents” Happen

Cornell University graduate student Robert Tappan Morris designed the Morris worm to exploit vulnerabilities on computers employing the Unix Operating system. Though his intentions were far from nefarious (he simply wanted to see if it could be done), his efforts quickly spun out of control. Ironically (or perhaps not so), Morris was the son of cryptographer Robert Morris, who was working for the NSA when his son released the destructive infection. Although the Morris Worm didn’t destroy the operating system or wipe out files on the UNIX computers, the worm did slow things down considerably, resulting in several days of delay.

Within a few hours of releasing the worm, it had infected thousands of computers at research centers, universities, and military installations all over the country. The worm did not damage any files. However, it made the internet inaccessible for the short period it was active. Emails were delayed for several days, and in an attempt to get rid of the virus, many institutions either disconnected their computers or wiped them completely. Additionally, the U.S. Government Accountability Office put the cost of the damage between $100,000 and $10,000,000. While this number is inordinately broad, it speaks to the costly mistake — regardless of the exact dollar amount.

Attack Mode

Part of what makes the Morris worm so efficient is that it can spread through multiple vectors. These include:

Name/Finger Protocol

One method of the Morris Virus’s attack was to exploit a UNIX Machine internet service known as the “name/finger protocol.” The protocol was used to supply information to other network users. So, the Morris virus leveraged this to move from one computer to the other across the network.

Brute Force on Computer Passwords

The Morris virus could hack into computers using a brute force attack that allowed it to guess user IDs and passwords. It then used the hacked credentials to access servers where the user had an account.

SendMail Attack

The third hole exploited by the worm was in the debug mode of the Unix Sendmail program, a standard utility used to send emails. The Morris worm was also programmed to duplicate itself at every seventh instance of any computer that had the bug installed already. This self-duplication program allowed the worm to spread faster than Morris expected.

The Aftermath

An experiment gone wrong, Robert Morris immediately attempted to mitigate the damage he’d caused by sending out a message on how to dismantle the worm. Ironically, the network congestion made it difficult to get the message across.

Cornell suspended Rober Morris, and a federal jury indicted him for computer fraud. Although he wasn’t jailed, he was fined $10,050 and had to undergo 400 hours of community service. He was also on probation for three years.

Being the first widespread internet virus attack, the Morris worm had a remarkable impact on the computing world. It was a wake-up call for the internet community, which was relatively sleepy at the time — a glimpse of the potential dangers of the internet during a time when everyone treated the internet as a friendly club where everyone trusted one another.

Moreover, the Morris Worm gave the government an eye-opening view of computer vulnerabilities, and it contributed to the growth of cybersecurity. Developers began to create systems to detect computer intrusions, the precursor to present-day antiviruses that detect and remove computer malware. Of course, the Morris Worm attack also inspired a generation of hackers who perpetrate internet assaults on digital to this day.

Protection

Most antivirus tools that detect computer worms are also able to remove them. To best protect your computer from the Morris worm, we recommend the following antivirus software:

Sale
Norton AntiVirus Plus, 2023 Ready, Antivirus software for 1 Device with Auto-Renewal - Includes Password Manager, Smart Firewall and PC Cloud Backup [Download]
  • ONGOING PROTECTION Download instantly & install protection for your PC or Mac in minutes!
  • REAL-TIME THREAT PROTECTION Advanced security protects against existing and emerging malware threats, including ransomware and viruses, and it won’t slow down your device performance
  • PASSWORD MANAGER Easily create, store, and manage your passwords, credit card information and other credentials online – safely and securely
  • SMART FIREWALL Monitors communications between your computer and other computers and blocks unauthorized traffic, helping protect your personal files and financial information
  • 2GB SECURE PC CLOUD BACKUP store and help protect important files as a preventative measure to hard drive failures, stolen devices and even ransomware***
Sale
McAfee Total Protection 2022 | 3 Device | Antivirus Internet Security Software | VPN, Password Manager, Dark Web Monitoring | 1 Year Subscription | Download Code
  • AWARD WINNING ANTIVIRUS: Rest easy knowing McAfee’s protecting you from the latest threats
  • PROTECT YOUR IDENTITY:  We'll monitor your life online, from bank account numbers, credit cards, to your emails and more.
  • BROWSE CONFIDENTLY AND PRIVATELY: Secure VPN keeps your info safe from prying eyes
  • SEE HOW SAFE YOU ARE BEING ONLINE: Get your personalized protection score, identify weaknesses and get help to fix them.
  • BANK, SHOP and CONNECT WORRY-FREE: be warned about risky websites before you click
Bitdefender Total Security 2023 – Complete Antivirus and Internet Security Suite – 5 Devices | 1 Year Subscription | PC/Mac | Activation Code by Mail
  • SPEED-OPTIMIZED, CROSS-PLATFORM PROTECTION: World-class antivirus security and cyber protection for Windows (Windows 7 with Service Pack 1, Windows 8, Windows 8.1, and Windows 10), Mac OS (Yosemite 10.10 or later), iOS (11.2 or later), and Android (5.0 or later). Organize and keep your digital life safe from hackers
  • SAFE ONLINE BANKING: A unique, dedicated browser secures your online transactions; Our Total Security product also includes 200MB per day of our new and improved Bitdefender VPN
  • ADVANCED THREAT DEFENSE: Real-Time Data Protection, Multi-Layer Malware and Ransomware Protection, Social Network Protection, Game/Movie/Work Modes, Microphone Monitor, Webcam Protection, Anti-Tracker, Phishing, Fraud, and Spam Protection, File Shredder, Parental Controls, and more
  • NO CREDIT CARD REQUIRED: Subscription does not automatically renew (unless your account was previously set up to do so)
  • ECO-FRIENDLY PACKAGING: Your product-specific code is printed on a card and shipped inside a protective cardboard sleeve. Simply open packaging and scratch off security ink on the card to reveal your activation code. No more bulky box or hard-to-recycle discs

Are you interested in learning about other computer viruses? Check out our complete guide!

Last update on 2022-12-01 / Affiliate links / Images from Amazon Product Advertising API

The Morris Worm Virus: How it Works and How to Protect Yourself FAQs (Frequently Asked Questions) 

What is the Morris Worm Virus?

The Morris Worm is a self-replicating computer program written by Robert Tappan in 1988. The virus unintentionally caused a sort of denial-of-service (DoS) attack in November 1988, affecting up to 6000 Unix Machines connected to the ARPANET.

How does the Morris Worm Virus work?

Unlike a Virus, the Morris worm does not wipe out or destroy the operating system it attacks. Instead, it works like a DDoS attack, slowing down the network and causing systems to crash. The Morris Worm uses several modes of attacks, including exploiting holes in the Unix Sendmail protocol, the finger protocol, rsh/rexec, and guessing weak passwords.

How do you fix the Morris Worm Virus?

An attack of a Morris Worm Virus is unlikely today because a hacker would have no motivation to do so. The worm does not damage operating systems, and it does not deliver any form of payload that could present an opportunity for money. However, a worm is relatively easy to remove if an attack occurs.

Most modern antivirus software can identify and remove worms with relative ease. Unlike viruses, worms don’t typically modify or infect files on a computer since they’re standalone programs installed on system folders. Removing them is as simple as identifying and removing the file it is installed and registry links that may be linked to them.

When was the Morris Worm Virus created?

The Morris worm was created in 1988 and released on November 2, 1988, from a computer at MIT.

Who created the Morris Worm Virus?

Robert Tappan Morris Morris created the Morris Worm. He was the son of Robert Morris, who worked as a cryptographer with the NSA. Morris was a talented computer scientist. He had graduated from Havard and was just 23 years old when he created the virus. He began developing the Morris Worm program while studying as a graduate student at Cornell.

How do I know if my computer has the Morris Worm Virus?

Generally, Morris Worm and similar computer viruses slow down computers and take up free space. If you notice free space on your computer depleting faster than usual, it is possibly a symptom of a computer worm. The worm replicates itself so much that it takes up free space on your hard disk. This is often accompanied by a reduction in the speed of your computer and crashing programs. The most efficient way to discover a Worm is to scan your computer with antivirus software that can detect the presence of the worm.

Is the Morris Worm Virus dangerous?

The Morris worm does not cause any significant destruction to files and programs or damage the operating system. Its principal effect is to slow the computer down. However, you may suffer a downtime since it often takes a while to identify the problem and clean up your computer.

How do I prevent the Morris Worm Virus?

These days, it is easier to prevent a Morris Worm than it was years ago. The best form of prevention against viruses and worms is to have an antivirus installed on your computer. Also, since worms and viruses are often delivered via mail, attachments, and malicious links, refraining from clicking these links will reduce the risk of getting infected with a worm.

What's the Best Antivirus?

There are hundreds of antivirus software solutions out there, so choosing the best antivirus for you might be tricky. You have to consider various factors, including ease of user, performance, and features. The best types of antivirus software offer extra perks beyond just antivirus protection. This includes ransomware protection and malware detection. They can also protect multiple devices at the same time.

About the Author

More from History-Computer

  • FBI Available here: https://www.fbi.gov/news/stories/morris-worm-30-years-since-first-major-attack-on-internet-110218
  • Radware Available here: https://www.radware.com/security/ddos-knowledge-center/ddospedia/morris-worm/
  • Okta Available here: https://www.okta.com/identity-101/morris-worm/
  • Techtarget Available here: https://www.techtarget.com/searchsecurity/definition/Robert-Morris-worm?amp=1
  • Industrial Cybersecurity Pulse Available here: https://www.industrialcybersecuritypulse.com/throwback-attack-the-morris-worm-launches-the-first-major-attack-on-the-internet/
  • Exabeam Available here: https://www.exabeam.com/information-security/cybersecurity-calendar-morris-worm/