25 years ago – the Morris worm struck the internet [VIDEO]

Graham Cluley
Graham Cluley
@[email protected]

On November 2, 1988, computer viruses made the mainstream news headlines for the very first time – with the spread of the infamous Morris worm across the internet.

Here is a nostalgic media report broadcast at the time of the outbreak:

Computer Virus TV News Report 1988

Released from MIT by Robert T Morris, a first-year graduate computer science at Cornell University, the worm spread rapidly – exploiting vulnerabilities in sendmail, the email server software commonly used at the time.

Sign up to our free newsletter.
Security news, advice, and tips.

The problem was that many Unix servers were running a version of sendmail that included buggy debugging code, and – as Eugene Spafford explained in a fascinating November 1988 analysis of the incident – that was what the worm exploited:

The bug exploited in sendmail had to do with functionality provided by a debugging option in the code. The Worm would issue the DEBUG command to sendmail and then specify a set of commands instead of a user address as the recipient of the message. Normally, this is not allowed, but it is present in the debugging code to allow testers to verify that mail is arriving at a particular site without the need to activate the address resolution routines. The debug option of sendmail is often used because of the complexity of configuring the mailer for local conditions, and many vendors and site administrators leave the debug option compiled in.

The sendmail program is of immense importance on most Berkeley-derived (and other) UNIX systems because it handles the complex tasks of mail routing and delivery. Yet, despite its importance and wide-spread use, most system administrators know little about how it works. Stories are often related about how system administrators will attempt to write new device drivers or otherwise modify the kernel of the OS, yet they will not willingly attempt to modify sendmail or its configuration files.

Exploiting this and other flaws (as well as the worm’s ability to guess passwords) made it trivial for the Morris worm to infect systems rapidly, and helped it spread at great speed across the internet.

Morris wormIndeed, it was estimated at the time that perhaps 10% of the internet was affected by the Morris worm – which would make it (in percentage terms) the most widespread malware of all time.

Of course, the internet was a lot smaller back in 1988. :)

Nevertheless, the impact was significant – computer systems were flooded with traffic as the worm tried to spread itself further, with many crashing or grinding to a halt.

Robert T Morris was found guilty of breaking computer abuse laws in the United States, and was eventually sentenced to three years’ probation, 400 hours of community service and fines totalling over $10,000.

What Morris did was stupid and reckless – there is no doubt about that. But he wasn’t the first person to write a virus, and he was far from the last to create and spread destructive malware.

What played to his advantage, however, was that his crime was committed back in 1988. If malware like the Morris worm had spread today, then chances are that he would have received a much stiffer sentence.

But back then no-one could have predicted just how much of an impact malware and cybercrime was going to have on all of us in the future.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.