Morris worm turns 20: Look what it's done

First Internet attack spawned panic, public awareness and security research

Previously, researchers had been developing benevolent worms that could be used to automatically install software updates, but no one had launched a malicious worm onto a network in an uncontrolled fashion.

The Morris worm served as a precursor to other well-known worm attacks including 1999's Melissa, 2001's Code Red and 2003's Slammer, all of which targeted systems running Microsoft software.

Lately worms have been less popular attacks than viruses or e-mails with URLs that point to malicious Web sites.

"Worms are actually relatively rare compared to the number of virus attacks," Allman says. "For the average user, phishing is a worse problem."

"We haven't seen a big Internet-clogging worm in several years, and there are several reasons for that including the increasing prevalence of [network address translation] boxes and personal firewalls that make it difficult for a worm to do the scanning the way the Morris worm did," Bellovin says.

The Morris worm foreshadowed how future distributed denial-of-service attacks would be used to overload systems and knock them off the Internet.

"There had never been a simultaneous large-scale security event prior to that," Spafford says. "It was the first significant denial-of-service issue that came to people's attention related to computing. And it was the first event that crossed vendor platforms because it attacked Berkeley Unix and Sun systems, and in that regard I would say we haven't seen many other incidents like that. Most incidents have been directed at one vendor's platform."

Spafford likens the Morris worm to today's botnets, which are large volumes of compromised computers used to send spam.

"The software that turns systems into zombies and adds them to botnets are like slow-moving worms," Spafford says. "They don't cause a denial of service, but they do create a slow infiltration and they spread to other machines automatically. There are quite literally millions of machines -- some estimates are 100 million machines -- that are inside botnets."

While the Morris worm was a high-profile attack that took down large swaths of the Internet, today's Internet attacks are focused on individual systems and tend to be stealthy. Instead of curious college students breaking into systems for bragging rights, it's more common to see criminals infect systems with viruses designed to be invisible.

Tags morris worm

Show Comments