A computer worm can be defined as a type of malware or malicious program that has the ability to self-replicate and spread across computer networks without any human intervention. Unlike viruses, these threats can spread without being attached to other applications.
Worms typically enter systems by exploiting vulnerabilities and, once active, they search for IP addresses or connected devices to begin their dissemination process, copying themselves to other systems. While some simply propagate, others install spyware, ransomware, and even open backdoors.
To date, hundreds of computer worms have been created. Some are quite famous, such as the ILOVEYOU virus, which appeared during the dot-com era around 2000, being sent as an email attachment with a supposed romantic message. Also, the more recent WannaCry from 2017, which was a mix of worm and ransomware and affected countless hospitals, companies, and public organizations.
But, what was the first known worm? We would have to go back almost four decades. On the afternoon of November 2, 1988, a malicious program emerged from a computer at the renowned MIT (Massachusetts Institute of Technology) to make history.
What characterized the so-called Morris Worm (we will explain why it was named so) was that it attacked only systems operating on a specific version of the UNIX operating system. Thus, it only ‘hurt’ by spreading on DEC’s VAX computers and those produced by Sun Microsystems. Experts say that if it had worked on other systems, the consequences would have been devastating.
It should be made clear that the initial purpose of this tool was not malicious; its creator sought to use it to measure the nascent Internet of that era (ARPANET). Thus, this malware did not deliberately destroy files or data.
However, a vulnerability in its code caused Morris to replicate much faster than initially intended.
This threat, which was not intended to be one, slowed down the vital functions of institutions that had access to that early network. Emails took days to arrive, and some systems had to be restarted or reset.
It is believed that the worm affected about 10% of the computers connected at that time, around 6,000 computers, infiltrating the systems of prestigious academic and research centers, such as Harvard, Princeton, Stanford universities, NASA, and even the Pentagon for 72 hours.
To spread with such speed, Morris had two attack vectors: a flaw in the ‘finger’ command (used to identify network users) and a backdoor in the Internet’s email system.
Coincidentally, Morris was also quickly stopped. On November 3, the annual UNIX experts meeting was held in Berkeley, so this ‘council of wise men’ was able to dissect the ‘bug’ and that same afternoon began distributing patches to close the security gaps.
The worm’s code can be ‘seen’ on a hard drive displayed at the Museum of Science in Boston.
The father of the creature
The Morris Worm went down in history with this name, obviously, because of its creator. After the computer worm caused a stir, the 23-year-old admitted to being its author. A confession to a friend and a well-intentioned call from him to the New York Times to say it was an accident brought it to the news.
It cannot be said that the creator of this whole mess was a nobody. It was Robert Tappan Morris (nicknamed RTM), son of the famous cryptographer Robert Morris, who would go on to head the NSA and who—curiously—had made valuable contributions to UNIX in the sixties while working at Bell Labs.
Also curiously, Bell Sr. was one of the creators of CoreWar, a game that left the machine without memory and is considered one of the precursors of computer viruses.
Morris Jr. launched the tool while studying at Cornell University, although he decided to execute the worm from an MIT machine to hide his trail and avoid detection, simulating that the origin was at another institution. His father worked at the institute at that time, so he would have access or credentials to enter one of its systems with relative ease.
Despite his remorse, Robert Tappan Jr. was convicted of fraud and deception and served a three-year probation sentence. He also had to pay a fine of $10,000. He went down in history for being the malware creator with a conviction and the first to be prosecuted under the U.S. Computer Fraud and Abuse Act.
To close the circle of curiosities, Morris is currently an associate professor at MIT, specifically in the Department of Electrical Engineering and Computer Science.
Why it was important
It is estimated that eradicating the worm cost $1 million at the time, but its total losses rose to $96 million.
Among other things, the impact of this malware led to the creation of the Computer Emergency Response Team (CERT) to address such problems, an entity that many countries now have to manage these incidents.
