Information Technology Reference
In-Depth Information
DESIGNING THE WORM
Morris entered the graduate program in computer science at Cornell University in the
fall of 1988. He became intrigued with the idea of creating a computer worm that would
exploit bugs he had found in three Unix applications:
ftp
,
sendmail
, and
fingerd
.His
“wish list” for the worm had about two dozen goals, including the following:
.
Infect three machines per local area network
.
Only consume CPU cycles if the machines are idle
.
Avoid slow machines
.
Break passwords in order to spread to other computers
The goal of the worm was to infect as many computers as possible. It would not destroy
or corrupt data files on the machines it infected.
LAUNCHING THE WORM
On November 2, 1988, Morris learned that a fix for the
ftp
bug had been posted
to the Internet, meaning his worm program could no longer take advantage of that
security hole. However, nobody had posted fixes to the other two bugs Morris knew
about. After making some last-minute changes to the worm program, he logged in
to a computer at the MIT Artificial Intelligence Lab and launched the worm at about
7:30 P.M.
The worm quickly spread to thousands of computers at military installations, med-
ical research facilities, and universities. Unfortunately, due to several bugs in the worm's
programming, computers became infected with hundreds of copies of the worm, caus-
ing them to crash every few minutes or become practically unresponsive to the programs
of legitimate users.
Morris contacted friends at Harvard to discuss what ought to be done next. They
agreed that Andy Sudduth would anonymously post a message to the Internet. Sudduth's
message is shown here.
1
Harvard's computers were not affected (the security holes had
already been patched), and you can tell from the last sentence that Sudduth was having
a hard time believing Morris's story:
A Possible virus report:
There may be a virus loose on the internet.
Here is the gist of a message I got:
I'm sorry.
Here are some steps to prevent further
transmission:
1. Copyright © 2011 by Ruth Kennedy Sudduth. Reprinted with permission.
