Early Bird Gets the Internet Worm


When Robert Tappan Morris was a graduate student at Cornell in 1988, he had a clever idea: he would release a self-replicating program (or "worm") onto the Internet, reportedly in an effort to highlight security problems in computer networks. Morris's worm exploited vulnerabilities in common computer systems, allowing it to propagate at will onto new computers via the Internet. The worm was designed to use minimal computer resources, but in the wild its effect proved to be devastating.

Morris released his worm on November 2, 1988 (twenty years ago yesterday), directing instances of the program to report back to a host computer so that he could monitor its spread. The epidemic spread faster than Morris had expected, aggressively infecting and reinfecting computers around the U.S. Infected computers became overloaded and unresponsive, causing system administrators to panic. Within hours of its release, the worm had infected thousands of computers, and wasn't nearly as well-behaved as Morris had hoped. When Morris realized what was happening, he and a Harvard friend emailed information that would help stop the worm -- but it was too late, as email routes were already clogged...by Morris's worm.

System administrators and computer scientists banded together to fight the worm, disassembling the program and locking down its modes of transmission. Others disconnected their systems from the Internet to avoid becoming infected. Within two days the worm was largely eradicated, but Morris's troubles were just beginning: he was eventually indicted under the Computer Fraud and Abuse Act of 1986, and the U.S. General Accounting Office issued a report on the worm -- Morris had succeeded in focusing attention on computer security after all. (The report actually begins with the text: "This is the first GAO report to be made available over the Internet. GAO wants to know how many people acquire the report this way. If you are reading this, please send mail to me swolff@nsf.gov and I'll keep count for them. Your name will not be saved or used." I have to wonder how many emails swolff@nsf.gov has gotten about the report over twenty years!) Pictured at left: the source code of Morris's worm, on display (in binary form on a 3.5" floppy) at The Computer History Museum.

Morris was sentenced to three years of probation, 400 hours of community service, a $10,050 fine, and the costs of his supervision. Nearly twenty years after the worm was released, Morris is now a tenured professor at MIT; his MIT homepage makes no mention of the worm.

To read more on the worm and its aftermath, check out a contemporaneous report by Bob Page written on November 7, 1988. Network World also posted a nice retrospective of the worm last week. RTM's worm was also discussed at length in the classic Cyberpunk by Hafner and Markoff.

(Worm source code photo courtesy of Flickr user Go Card USA.)