Professional Documents
Culture Documents
What Is Morris Worm
What Is Morris Worm
The Morris Worm was a self-replicating computer program (worm) written by Robert
Tappan Morris, a student at Cornell University, and released from MIT on November 2,
1988. According to Morris, the purpose of the worm was to gauge the size of the
precursor “Internet” of the time - ARPANET - although it unintentionally caused denial-
of-service (DoS) for around 10% of the 60,000 machines connected to ARPANET in
1988. The worm spread by exploiting vulnerabilities in UNIX send mail, finger, and
rsh/rexec as well as by guessing weak passwords.
Before spreading to a new machine, the Morris Worm checked if the machine had
already been infected and was running a Morris Worm process. If a target machine had
already been infected, the Morris Worm would re-infect it 1 in 7 times. This practice of
“1-in-7 re-infection” ensured that a user could not completely avoid a Morris Worm
infection by creating a fake Morris Worm process to pretend his or her machine was
already infected. It also, caused some users’ machines to be infected many times -
once too many Morris Worm processes were running on a target machine it would run
out of computing resources and begin to malfunction.
The United States v. Morris (1991) court case resulted in the first conviction under the
1986 Computer Fraud and Abuse Act, with Morris receiving a sentence of three years in
prison, 400 hours of community service and a $10,000 fine.
The worm infected systems through two propagation vectors: TCP connections (1), or
SMTP connections (2), as can be seen in the following code pieces, explained in
the paper about the threat by Professor Eugene H. Spafford from Purdue University:
Why Morris Worm develop?
Robert Tappan Morris was a Harvard graduate and Cornell graduate student when he
developed the first widely spread Internet “worm.” He released it on Nov. 2, 1988, using
MIT’s systems to disguise the fact that he was a Cornell student.The worm was
intended to be harmless, but Morris made a mistake in writing it. He hoped that only one
copy of the worm would infect each computer, but in an attempt to circumvent
computers that would say it already had a copy, he “programmed the worm to duplicate
The Morris worm began replicating itself at a far faster rate than he intended, flooding
hard drives and causing extensive damage. A friend of Morris tried to send out a
warning to other users, but many systems had already shut down.
In just a few days, the Morris worm traveled across Arpanet, the precursor to today’s
Internet, and infected more than 6,000 computers at universities, research centers and
military installations.
The cost in removing the worm from each computer ranged from $200 to more than
$100,000 and $10 million was lost due to lack of access to the Internet.
Morris was soon identified as the source of the worm, and authorities sought to indict
him under the 1986 Computer Fraud and Abuse Act, which outlawed gaining
unauthorized access to federal computers. It took prosecutors eight months to hand
down an indictment because there was “an internal debate over whether it might be
impossible to prove the charges,” reported The New York Times. Prosecutors had to
Morris was found guilty in 1990. He was given a light sentence: a $10,050 fine, 400
How Does Morris Worm Infect computer? Steps and effect of morris
worm contaminated.
Many worms are designed only to spread, and do not attempt to change the systems
they pass through. However, as the Morris worm and Mydoom showed, even these
"payload-free" worms can cause major disruption by increasing network traffic and other
unintended effects.
Why can you identify that your device is infected by the virus?
A computer virus is a type of malware that infiltrates a computer and its programs. It’s
similar to the way the flu infects your body’s immune system and multiplies. Viruses can
be installed on your computer without your knowledge or consent, and can insert new,
malicious code that can monitor and manipulate your online activity.
Some malware may not seem serious, but they could lead to more damaging problems.
For example, criminals could use a virus to access to your personal information which
could enable them to commit identity theft and other types of fraud.
You may be thinking you couldn’t possibly be affected. Or perhaps you’re wondering
how bad a malware infection could be. The answer? Quite bad. For example, the
MyDoom virus, discovered in 2004, is considered the most damaging virus ever
released. Not only was MyDoom the fastest-spreading email-based worm, but it caused
$38 billion in damage.
Ransomware is another kind of virus that poses a threat. Ransomware entices its
victims to click on a legitimate-looking link in an email that contains malicious code. The
malware then prevents you from accessing your data by encrypting it. It holds that data
hostage until you pay a ransom.
One example of ransomware was the destructive WannaCry virus of 2017, which
targeted systems running Windows OS. Victims were asked to pay ransom in
anonymous payment systems such as Bitcoin in order to retrieve their data. Keep in
mind, even if you pay, you may not get your data back. That’s one reason why it’s
recommended you shouldn’t pay the ransom.
Most companies that sell antivirus software also offer free virus removal tools. Some
options besides Microsoft’s own are Kaspersky Free Virus Scan and Sophos Virus
Removal Tool.
If you can’t use a web browser on the infected computer, use a different computer to
download a virus removal tool, then burn it to a CD or DVD. Insert the burned disc into
the infected machine, press ⊞ Win + E to launch File Explorer, then double-click your
DVD-ROM drive to find the tool.