The Morris worm was not written to cause damage but to spread; bugs in the code, however, caused it to be more damaging - a computer could be infected multiple times and each additional process would slow the machine down to the point it would be unusable. The Morris worm worked by exploiting known vulnerabilities in Unix sendmail, fingerd, rsh/rexec and weak passwords. It could only infect DEC VAX machines running 4 BSD and Sun 3 systems.
Around 6,000 major Unix machines were infected by the Morris worm. The GAO put the cost of the damage at $10m - $100m. Robert Morris was tried and convicted of violating the 1986 Computer Fraud and Abuse Act (Title 18). After appeals he was sentenced to three years probation, 400 hours of community service, and a fine of $10,000.
CERT (the Computer Emergency Response Team) was created as a response to the Morris Worm.
The Morris Worm has sometimes been referred to as the "Great Worm", because of the devastating effect it had upon the internet at that time.
See also: SQL slammer worm, Melissa worm
Search Encyclopedia
|
Featured Article
|