Sunday, November 20, 2005


To explore the roots of today’s blended threats, we need to peer way back in computing history to the Morris worm. Launched on Nov. 2, 1988, by its creator, Cornell student Robert Tappan Morris, the worm exploited security holes in Unix-based system software by using a three-pronged approach. Although an attack wasn’t necessarily the intention of the Morris worm’s author (he intended for the worm to spread without damage to victimized computers), buggy code resulted in severe computer slowdowns.
Morris propagated by infiltrating holes in Unix’s sendmail, fingerd, and rsh/rexec components included on DEC’s VAX and Sun Microsystems’ Sun 3 systems. Morris used the buffer overflow technique, among other avenues, to infiltrate the systems.
The author intended for the worm to spread from computer to computer without causing any damage, but instead, the worm didn’t stop its replication process when it entered a new computer—it replicated hundreds of times until the computer’s resources couldn’t handle the overload. Because computers connected to the Internet were defenseless against Morris, owners of unaffected systems had to sever their online connections to avoid infection.
The attack was devastating, crashing between 5% and 20% of the 60,000 to 80,000 computers connected to the Internet at the time. Computer experts from the University of California, Berkeley, MIT (Massachusetts Institute of Technology), and Purdue University dissected the worm’s code and eventually helped release a fix, but not before Morris caused significant damage.
Convicted under The Computer Fraud and Abuse Act of 1986, Robert Tappan Morris received three years of probation, 400 hours of community service, and a $10,000 fine.


Post a Comment

<< Home