Internet Worm

Zen and the Art of the Internet

Go to the Table of Contents. Visit Gifcom

 Things You'll Hear About
 
There are certain things that you'll hear about shortly after you
start actively using the Internet.  Most people assume that everyone's
familiar with them, and they require no additional explanation.  If
only that were true!
 
This section addresses a few topics that are commonly encountered and
asked about as a new user explores Cyberspace.  Some of them are
directly related to how the networks are run today; other points are
simply interesting to read about.
 
The Internet Worm
 
from a letter by Severo M. Ornstein, in ACM June 89 Vol32 No6
and the appeal notice
 
On November 2, 1988, Robert Morris, Jr., a graduate student in
Computer Science at Cornell, wrote an experimental, self-replicating,
self-propagating program called a worm and injected it into the
Internet.  He chose to release it from MIT, to disguise the fact that
the worm came from Cornell.  Morris soon discovered that the program
was replicating and reinfecting machines at a much faster rate than
he had anticipated---there was a bug.  Ultimately, many machines at
locations around the country either crashed or became ``catatonic.''
When Morris realized what was happening, he contacted a friend at
Harvard to discuss a solution.  Eventually, they sent an anonymous
message from Harvard over the network, instructing programmers how to
kill the worm and prevent reinfection.  However, because the network
route was clogged, this message did not get through until it was too
late.  Computers were affected at many sites, including universities,
military sites, and medical research facilities.  The estimated cost
of dealing with the worm at each installation ranged from $200 to
more than $53,000. {Derived in part from a letter by Severo M.
Ornstein, in the Communications of the ACM, Vol 32 No 6, June 1989.}
 
The program took advantage of a hole in the debug mode of the Unix
sendmail program, which runs on a system and waits for other systems
to connect to it and give it email, and a hole in the finger daemon
fingerd, which serves finger requests (Finger).  People at the
University of California at Berkeley and MIT had copies of the
program and were actively disassembling it (returning the program
back into its source form) to try to figure out how it worked.
 
Teams of programmers worked non-stop to come up with at least a
temporary fix, to prevent the continued spread of the worm.  After
about twelve hours, the team at Berkeley came up with steps that
would help retard the spread of the virus.  Another method was also
discovered at Purdue and widely published.  The information didn't
get out as quickly as it could have, however, since so many sites had
completely disconnected themselves from the network.
 
After a few days, things slowly began to return to normalcy and
everyone wanted to know who had done it all.  Morris was later named
in The New York Times as the author (though this hadn't yet been
officially proven, there was a substantial body of evidence pointing
to Morris).
 
Robert T. Morris was convicted of violating the computer Fraud and
Abuse Act (Title 18), and sentenced to three years of probation, 400
hours of community service, a fine of $10,050, and the costs of his
supervision.  His appeal, filed in December, 1990, was rejected the
following March.