Morris Worm

The Morris Worm was a self-replicating computer program (worm) written by Robert Tappan Morris, a student at Cornell University, and released from MIT on November 2, 1988. According to Morris, the purpose of the worm was to gauge the size of the precursor “Internet” of the time - ARPANET - although it unintentionally caused denial-of-service (DoS) for around 10% of the 60,000 machines connected to ARPANET in 1988. The worm spread by exploiting vulnerabilities in UNIX send mail, finger, and rsh/rexec as well as by guessing weak passwords.

Before spreading to a new machine, the Morris Worm checked if the machine had already been infected and was running a Morris Worm process. If a target machine had already been infected, the Morris Worm would re-infect it 1 in 7 times. This practice of “1-in-7 re-infection” ensured that a user could not completely avoid a Morris Worm infection by creating a fake Morris Worm process to pretend his or her machine was already infected. It also, caused some users’ machines to be infected many times - once too many Morris Worm processes were running on a target machine it would run out of computing resources and begin to malfunction.

The United States v. Morris (1991) court case resulted in the first conviction under the 1986 Computer Fraud and Abuse Act, with Morris receiving a sentence of three years in prison, 400 hours of community service and a $10,000 fine.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center