The worm slowed thousands of systems down to a crawl by creating processes and files in temporary folders and triyng to spread copies of itself. By the following day (Thursday, November 3rd), it had the attention of thousands of users who started to get worried about these unusual facts. Ever since, this worm has been considered the first worm to spread over the Internet, and given the fact that it propagated through the exploitation of vulnerabilities on VAX and Sun Microsystems systems as well as vulnerabilities in the UNIX email delivery software – sendmail, the first multi-platform malware
The worm infected systems through two propagation vectors: TCP connections (1), or SMTP connections (2), as can be seen in the following code pieces, explained in the paper about the threat by Professor Eugene H. Spafford from Purdue University:
On the one hand, this malicious code has marked the history of malware and, at the same time, several curiosities emerge from its analysis, which clearly explain the moment when the worm propagated and how it has changed the Internet and malware in these 25 years. That is why we have compiled these five interesting facts about the Morris worm:
1. Extent
of the Infection – the Morris worm infected about 10% of the computers
connected to the Internet, the only malware case in history that reached that
magnitude (at least, which was verified.) It is worth mentioning that the
numbers at that time were much lower, since the ARPANET network connected
around 60,000 computers and 6,000 became infected by the malware. The
compromised computers belonged to the NASA, Berkley and Stanford universities,
MIT and the Pentagon, among many others, and stayed infected for almost 72
hours.
2. The
Heritage – the worm writer, Robert Tappan Morris, Jr. is the son of Robert
Morris, Sr. a famous cryptographer and computer professional who, in the
1960s and ’70s, while working for the Bell Labs, made significant contributions
to UNIX, such as the bc programming language, the program crypt and the el
encryption scheme used by passwords in this operating system. Robert Morris,
Sr., (father) was also one of the creators of CoreWar, a game that used
assembly language to leave the computer out of memory, and which is considered
one of the predecessors of computer viruses. A chip off the old block…
3. The
Force of the Law – on January 22nd, 1990, Robert Tappan Morris was
prosecuted under the charge of fraud and deception and was convicted by the
Syracuse Federal Court in New York. He was sentenced to three years of
probation, plus a fine of $10,000 and 400 hours of community work. Such
sentence was the first one which used the 1986 computer fraud law, and Morris
was the first malware writer who was convicted in history.
4. The
Size of the Internet – The report
developed by the GAO (US General Accounting Office) described the Internet
as “the main computer network used by the U.S. research community” and began
its report indicating that the Internet was “a multi-network system connecting
more than 60 thousand computers nationwide and overseas”. This report also
mentioned that “no one organization is responsible for Internet-wide
management” and that there were plans for the “Internet to evolve into a
faster, more accessible, larger capacity network system.” Apparently, they have
achieved their goal – according to the Internet WorldStats
Website, nowadays Internet has more than 7 billion users.
5. Regarding
Operating Systems – the same GAO report mentioned above indicated that
“UNIX is the most commonly used operating system on the Internet. [It is]
estimated that about three-quarters of the computers attached to the Internet
use some version of UNIX”.
