The second of November marked 30 years since the release of the Morris Worm. Released in 1988, the it was one of the first computer worms, unleashed after an experiment reportedly intended to gauge the size of the Internet went wrong.

Robert Tappan Morris, a graduate student at Cornell University, developed a programme that exploited vulnerabilities in sendmail to install copies of the worm on internet-connected computers, so that the number of computers could be counted.


However, an error in the programming meant that the worm spread far faster than Morris had predicted, installing itself multiple times on each computer, and ended up infecting an estimated 10% of the 60,000 computers online at the time.


The unnecessary processing triggered by computers becoming clogged with numerous copies of the worm caused machines to crash and led to disruptions in internet connectivity. Estimated repairs cost between $200-$53,000 per location.


This is the first example of Distributed Denial of Service (DDoS) attack and as a result of the chaos it caused, Morris became the first person to be convicted under the 1986 Computer Fraud and Abuse Act.

The first ever DDos attack

The Morris Worm was the first widespread cyberattack, and for many it represents a wake-up call for just how easily the vulnerabilities of the internet could be exploited, something those outside of the tech sphere were not previously aware of.


Prior to the worm, the majority of internet users, who at this point were mainly academics and engineers, were not aware or concerned about malicious software, let alone having any kind of protective software installed.


The damage caused by the Morris Worm highlighted that internet security was something that needed to be taken seriously, and led DARPA to establish the CERT Coordination Center. It also kick-started attempts to prevent similar attacks from occurring.

Worms are still a major problem

Since 1988, a number of worms such as Code Red, Blaster, Sasser and ILoveYou, have wrecked varying levels of havoc, and preventing the spread of worms is an ongoing challenge for the cybersecurity world.


In 2017, a piece of Malware, dubbed NotPetya, spread to Microsoft Windows PCs around the world, largely concentrated in Ukraine, scrambling data and demanding a cryptocurrency ransom to restore it. The attack was attributed to the Russian military.


Although internet security has come a long way since 1988, so have cyberattacks, and with more than 20 billion devices now online, so has scale of the damage they can cause.

Despite recent cyberattacks catching the public’s attention, many organisations remain ill-prepared, meaning it is still possible to exploit weak passwords and systems.


Many organisations have been criticised for not implementing stringent cybersecurity measures, with cyberattacks costing UK companies alone an estimated £42bn since 2013. Notably, however, these are not just caused by malicious attacks; the majority are due to data breaches caused by human error.

Two experts give their views

A report by cybersecurity firm Radware found that two thirds of businesses believe their systems are vulnerable to attacks, but many still fail to implement basic security measures such as keeping software up to date, reporting incidents promptly, and adequately educating employees on good cybersecurity practices.


Matt Walmsley, EMEA Director at Vectra believes that this leaves many vulnerable to worms:


“Whilst worms are nothing new, their ability to spread like wildfire makes them a tantalising prospect for threat actors as a means to propagate threat payloads over networks at machine speed. Just ask any of the enterprises impacted by WannaCry about the scope and speed it hit them, and the disruption caused.


“This venerable technique has longevity, and we will continue to see it used as a component in opportunistic attacks – why? Because too many enterprises remain unable to spot to worm reconnaissance and lateral movement behaviours, and security analysts and threat hunters cannot operate at the speed and scale required to manually identify the threat and close down their lines of communication and movement."


He believes that artificial intelligence may be one way of combatting malicious attacks:


“It is here that automation, powered by AI, is increasingly being deployed to constantly monitor and detect in real-time such attack behaviours and automate some, or all, of the quarantine and remediation actions necessary. AI augments not replaces the human, and it is making the difference between containing an attack in its early stages or dealing a full-blown enterprise-crippling security incident.”


Alex Hinchliffe, Threat Intelligence Analyst, Unit 42, Palo Alto Networks comments:


“There are still organisations relying on the same basic protections as the victims of the Morris worm; notably, weak passwords. Organisations continue to get pummelled by cyber attacks, and the advent of cloud computing, Bring Your Own Device (BYOD) and Internet of Things devices means organisations are more exposed than ever before.


“Relying on passwords as the only line of defence puts organisation at risk for identify theft and/or a significant security breach, especially when individuals use the same, or similar, passwords for more than one site. It’s crucial that two-factor or multi-factor authentication become standard practice at your companies.


“It’s also worth noting that the spread of the Morris worm was halted the day after it was first spotted due to software patching, which mitigated against the vulnerabilities harnessed by the malware to gain control. It is a must for organisations to regularly patch and have systems in place to identify when a vendor has released a new patch.”

Share this article