The Morris Worm of 1988

1
The Morris Worm of 1988
2
What is a worm?

• The primary difference between worms and other
  illicit computer programs (often referred to as
  viruses) is the method of operation the programs
  use in order to reproduce and spread.
• A worm is a self-replicating piece of code that
  uses security lapses to travel from machine to
  machine, placing copies of itself everywhere and
  then using those newly compromised machines as
  bases to attack further systems.

3
About Robert T. Morris

• Born in 1965
• Morris received his A.B. from Harvard in 1987.
• He received his M.S. in 1993 and Ph.D. in Applied
  Sciences in 1999 from Harvard and became a
  professor at MIT.
• His principal research interest is computer
  network architectures which includes work on
  distributed hash tables such as Chord and
  wireless mesh networks such as Roofnet.

4
About Robert T. Morris (cont)

• He is currently working as an associate professor
  at the Massachusetts Institute of Technology.
• He is best known for creating the Morris Worm in
  1988, considered the first computer worm on the
  Internet.
• He is the son of Robert Morris, the former chief
  scientist at the National Computer Security
  Center, a division of the National Security
  Agency (NSA).

5
Why was it made?

• The original intent, according to him, was to
  gauge the size of the Internet.

6
How does it work?

• The worm took advantage of bugs/backdoors in
  sendmail and finger daemons.
• A line in the code created a condition that the
  worm would attempt to infect previously infected
  machines over and over, until so many worms were
  running on a machine that it hung, to prevent the
  worm from being easily destroyed with a simple
  yes reply.

7
The Release

• The worm was released from MIT to conceal its
  true origins as Cornell.
• Within 90 minuets the worm had infected so many
  machines on the internet that it caused the
  internet to crash. A computer at University of
  Utah had 37 instances of the worm running on it,
  preventing any other processes from being
  started.

8
Damages

• No physical damage was done by the worm, however
  much time was lost and an estimated
  10,000-10million were lost in lost time
  revenue.

9
Punishment

• Robert Morris was tried and convicted of
  violating the 1986 Computer Fraud and Abuse Act.
  After appeals he was sentenced to three years'
  probation, 400 hours of community service, and a
  fine of 10,050.

10
RFC 1135

• More detailed information as to the attack and
  all specifics on it.

11
Lessons / Prevention

• Limit access to files, especially encrypted files
• Having a variety of machines on a network is a
  benefit, as several worms cannot run on different
  platforms
• Sharing of research on related topics is highly
  encouraged and lead to the defeat of the Morris
  worm of 1988.
• Defenses moved from network level down to host
  level.
• Logging of Information is very important,
  although much of it isnt used, it is still
  important in the case of an attack.

12
Recent Variations

• NakedWife
• Kournikova
• Melissa
• ILOVEYOU

13
Sources used

• http//en.wikipedia.org/wiki/Morris_worm
• http//snowplow.org/tom/worm/worm.html
• http//www-swiss.ai.mit.edu/6805/articles/morris-w
  orm.html
• http//www.eweek.com/article2/0,1895,1245602,00.as
  p

14
The End