The Morris Worm
Back to Recollections
Advanced
1988

The Morris Worm

Target: The Early Internet (ARPANET)
Impact: 10% of Internet Disabled

Operational Briefing

Return to the dawn of cyber warfare. Analyze the first worm released on the Internet.

The Full Story

The Morris Worm was the first computer worm distributed via the Internet. Written by Robert Tappan Morris, it was intended to gauge the size of the internet but a bug caused it to replicate excessively, DoS-ing machines.

Technical Analysis

Vectors

  • sendmail: Exploited debug mode in sendmail.
  • fingerd: Exploited a buffer overflow in the finger daemon.
  • rsh/rexec: Guessing weak passwords to gain access via trusted hosts.

Available Modes

Offensive
Replicate the attack vector
Defensive
Harden systems & patch
Analysis
Forensic investigation

Event Timeline

Nov 2, 1988
Worm released from MIT.
Nov 3, 1988
Worm clogs 10% of connected machines.
1989
Morris becomes first person convicted under CFAA.
#Worm#Buffer Overflow#History