What is Morris Worm?

The Morris Worm was a self-replicating computer program (worm) written by Robert
Tappan Morris, a student at Cornell University, and released from MIT on November 2,
1988. According to Morris, the purpose of the worm was to gauge the size of the
precursor “Internet” of the time - ARPANET - although it unintentionally caused denial-
of-service (DoS) for around 10% of the 60,000 machines connected to ARPANET in
1988. The worm spread by exploiting vulnerabilities in UNIX send mail, finger, and
rsh/rexec as well as by guessing weak passwords.
Before spreading to a new machine, the Morris Worm checked if the machine had
already been infected and was running a Morris Worm process. If a target machine had
already been infected, the Morris Worm would re-infect it 1 in 7 times. This practice of
“1-in-7 re-infection” ensured that a user could not completely avoid a Morris Worm
infection by creating a fake Morris Worm process to pretend his or her machine was
already infected. It also, caused some users’ machines to be infected many times -
once too many Morris Worm processes were running on a target machine it would run
out of computing resources and begin to malfunction.
The United States v. Morris (1991) court case resulted in the first conviction under the
1986 Computer Fraud and Abuse Act, with Morris receiving a sentence of three years in
prison, 400 hours of community service and a $10,000 fine.

When Morris worm Develop?

Last Saturday marked 25 years of what has been one of the most important pieces of
malicious code in the history of malware: the Morris worm. On November 2nd, 1988 the
worm was released by its author and, less than twenty-four hours later, it caused the
greatest damage ever witnessed by a piece of malware up to that point. The worm
slowed thousands of systems down to a crawl by creating processes and files in
temporary folders and triyng to spread copies of itself. By the following day (Thursday,
November 3rd), it had the attention of thousands of users who started to get worried
about these unusual facts. Ever since, this worm has been considered the first worm to
spread over the Internet, and given the fact that it propagated through the exploitation of
vulnerabilities on VAX and Sun Microsystems systems as well as vulnerabilities in the
UNIX email delivery software – sendmail, the first multi-platform malware

The worm infected systems through two propagation vectors: TCP connections (1), or
SMTP connections (2), as can be seen in the following code pieces, explained in
the paper about the threat by Professor Eugene H. Spafford from Purdue University:
Why Morris Worm develop?

Who Create a Morris Worm?

Robert Tappan Morris was a Harvard graduate and Cornell graduate student when he

developed the first widely spread Internet “worm.” He released it on Nov. 2, 1988, using

MIT’s systems to disguise the fact that he was a Cornell student.The worm was

intended to be harmless, but Morris made a mistake in writing it. He hoped that only one

copy of the worm would infect each computer, but in an attempt to circumvent

computers that would say it already had a copy, he “programmed the worm to duplicate

itself every seventh time it received a ‘yes’ response,” explains week.

The Morris worm began replicating itself at a far faster rate than he intended, flooding

hard drives and causing extensive damage. A friend of Morris tried to send out a

warning to other users, but many systems had already shut down.

In just a few days, the Morris worm traveled across Arpanet, the precursor to today’s

Internet, and infected more than 6,000 computers at universities, research centers and

military installations.

The cost in removing the worm from each computer ranged from $200 to more than

$53,000. According to estimates by the U.S. General Accounting Office, between

$100,000 and $10 million was lost due to lack of access to the Internet.

Morris was soon identified as the source of the worm, and authorities sought to indict

him under the 1986 Computer Fraud and Abuse Act, which outlawed gaining
unauthorized access to federal computers. It took prosecutors eight months to hand
down an indictment because there was “an internal debate over whether it might be

impossible to prove the charges,” reported The New York Times. Prosecutors had to

prove that “Morris intended to cripple the computer network.”

Morris was found guilty in 1990. He was given a light sentence: a $10,050 fine, 400

hours of community service, and a three-year probation.

How Does Morris Worm Infect computer? Steps and effect of morris
worm contaminated.

A computer worm is a standalone malware computer program that replicates itself in

order to spread to other computers.[1] Often, it uses a computer network to spread
itself, relying on security failures on the target computer to access it. Worms almost
always cause at least some harm to the network, even if only by consuming bandwidth,
whereas viruses almost always corrupt or modify files on a targeted computer.

Many worms are designed only to spread, and do not attempt to change the systems
they pass through. However, as the Morris worm and Mydoom showed, even these
"payload-free" worms can cause major disruption by increasing network traffic and other
unintended effects.

Why can you identify that your device is infected by the virus?

A computer virus is a type of malware that infiltrates a computer and its programs. It’s
similar to the way the flu infects your body’s immune system and multiplies. Viruses can
be installed on your computer without your knowledge or consent, and can insert new,
malicious code that can monitor and manipulate your online activity.
Some malware may not seem serious, but they could lead to more damaging problems.
For example, criminals could use a virus to access to your personal information which
could enable them to commit identity theft and other types of fraud.
You may be thinking you couldn’t possibly be affected. Or perhaps you’re wondering
how bad a malware infection could be. The answer? Quite bad. For example, the
MyDoom virus, discovered in 2004, is considered the most damaging virus ever
released. Not only was MyDoom the fastest-spreading email-based worm, but it caused
$38 billion in damage.
Ransomware is another kind of virus that poses a threat. Ransomware entices its
victims to click on a legitimate-looking link in an email that contains malicious code. The
 malware then prevents you from accessing your data by encrypting it. It holds that data
hostage until you pay a ransom.
One example of ransomware was the destructive WannaCry virus of 2017, which
targeted systems running Windows OS. Victims were asked to pay ransom in
anonymous payment systems such as Bitcoin in order to retrieve their data. Keep in
mind, even if you pay, you may not get your data back. That’s one reason why it’s
recommended you shouldn’t pay the ransom.

How to Remove Morris Virus?

Worms are rapidly-spreading viruses transmitted through insecure networks, e-mail

attachments, software downloads, and social media links.[1] Worms primarily affect PCs,
but Mac users can unknowingly spread them throughout the Internet. And while viruses
don’t affect Android or iOS, they can fall prey to other malware. Learn how to remove a
worm from your Windows PC with a virus-removal tool, remove malware from Macs and
mobile devices, and how to best protect yourself from malware in the future.
f you think you have a worm virus, download a dedicated virus removal tool to scan for
and remove viruses. Do this even if you already have antivirus software, as the software
on your computer may be infected. Once you’ve chosen a virus removal tool, download
it to your desktop.

 Most companies that sell antivirus software also offer free virus removal tools. Some
options besides Microsoft’s own are Kaspersky Free Virus Scan and Sophos Virus
Removal Tool.
 If you can’t use a web browser on the infected computer, use a different computer to
download a virus removal tool, then burn it to a CD or DVD. Insert the burned disc into
the infected machine, press ⊞ Win + E to launch File Explorer, then double-click your
DVD-ROM drive to find the tool.