EditWYSIWYGAttach PDF Raw View►More Actions▼More Actions

Restore topic to revision: You will be able to review the topic before saving it to a new revision

Copy text and form data to a new topic (no attachments will be copied though).
Name of copy:
You will be able to review the copied topic before saving

Rename/move topic... scans links in all public webs (recommended)
Rename/move topic... scans links in CBI_ComputerSecurity web only
Delete topic... scans links in all public webs (recommended)
Delete topic... scans links in CBI_ComputerSecurity web only

Revision Date Username Comment
1116 Apr 2015 - 15:49halky001?Clarifications to exploit details 
1010 Apr 2015 - 09:19ThomasMisa 
907 Apr 2015 - 15:06ThomasMisa 
807 Apr 2015 - 14:49ThomasMisa 
707 Apr 2015 - 13:33ThomasMisa 
607 Apr 2015 - 13:25ThomasMisa 
504 Mar 2015 - 12:11ThomasMisa 
404 Mar 2015 - 12:09ThomasMisaAttached file MorrisWorm_p17-spafford-1989.pdf

Attached file MorrisWorm_p678-spafford-1989.pdf 
318 Nov 2014 - 08:32ThomasMisa 
225 Feb 2014 - 10:04norqu036? 
earlier first

Render style:     Context:

 History: r11 | r6 < r5 < r4 < r3
[X] Hide this message.
Notice: On June 30, 2016, UMWiki service will be decommissioned. If you have information in UMWIki that needs to be preserved, you should make plans to move it before that date. Google Sites is anticipated to be the most popular and appropriate alternative for users because it offers a more modern and user-friendly interface and unlimited capacity. To learn more about the features of Google Sites and other alternatives, and to identify which one best fits your needs, see the University’s Website Solution Selection Guide. If you have concerns or would like help regarding this change and your options, please contact Technology Help at help@umn.edu
You are here: UMWiki>CBI_ComputerSecurity Web>Events>EventsMorrisWorm (revision 4)

Current Activitieslock Who is Who?lock People Programs Publications CSHW_2014 Systems Events Mechanisms

Robert Morris Worm

The Robert Morris worm was released onto the Internet the evening of November 2, 1988, causing serious damage to the network. The worm was developed and released by Robert T. Morris, Jr., a graduate student at Cornell University. The damage was estimated between $100,000 and $97 million, and Morris was subsequently convicted of violating the Federal Computer Fraud and Abuse Act of 1986 (externaltext), for which he received a fine of $10,000, a suspended three-year jail sentence, and 400 hours of community service.(1)

The primary damage caused by the worm was due to computing resource exhaustion. The worm was designed to check whether a target host was already infected so that duplicate copies were not created on the same host, but due to a flaw in the code many copies were created on each machine, causing a serious downgrade in performance as the worms used more and more computing resources. The worm caused secondary damage when system administrators began disconnecting their machines from the Internet in an effort to either avoid spreading the infection or to avoid the infection in the first place. Accordingly, the disconnection of so many systems disrupted research and business relying on network connections. In total, an estimated 6,000 installations had to either shut down or disconnect from the Internet. Many of the machines were disconnected for several days. As in the case of the SQL Slammer worm of 2003, the Morris worm did not cause as much damage as it could have had it contained code instructing it to delete or encrypt files on its hosts.(2)

The Morris worm had a tremendous impact on the Internet community, mostly composed of academics and researchers at the time. The flaws in the Unix system that had allowed the worm to spread were fixed, and system administrators began to look for ways to boost security. The worm was released at about the same time that Clifford Stoll reported on his investigation of the "Cuckoo's Egg" hacker. The combination of events led the computing community to the conclusion that better organization was needed for dealing with malicious and non-malicious code flaws. One of the results was the formation of the Computer Emergency Response Team (CERT) at Carnegie Mellon University and other such centers that allowed system administrators to exchange information on problems and solutions.(3)


  • Eugene H. Spafford. "The internet worm program: an analysis." ACM SIGCOMM Computer Communication Review 19 no. 1 (January 1989): 17-57. externalDOI
  • E. H. Spafford. "Crisis and aftermath." Communications of the ACM 32 no. 6 (June 1989): 678-687. DOI
  • Katherine Fithen and Barbara Fraser. "CERT incident response and the Internet." Communications of the ACM 37 no. 8 (August 1994): 108-113. DOI


Supported by the National Science Foundation CNS--TC 1116862 "Building an Infrastructure for Computer Security History."


1 , 2 , 3 : Charles P. Pfleeger and Shari Lawrence Pfleeger, Security in Computing. 3rd Edition, New Jersey: Prentice Hall, 2003.

Topic attachments
I Attachment Action Size Date WhoSorted ascending Comment
pdfpdf MorrisWorm_p17-spafford-1989.pdf manage 2395.4 K 04 Mar 2015 - 12:09 ThomasMisa Spaf on Morris worm 1
pdfpdf MorrisWorm_p678-spafford-1989.pdf manage 1134.9 K 04 Mar 2015 - 12:09 ThomasMisa Spaf on Morris worm 2
Edit | WYSIWYG | Attach |  PDF |  History: r11 | r6 < r5 < r4 < r3 |  Backlinks |  Raw View | More topic actions...
Topic revision: r4 - 04 Mar 2015 - 12:09:49 - ThomasMisa
Signed in as lewi0740 (NicLewis) | Sign out
UMWiki UMWiki
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding UMWiki? Send feedback