The Morris worm was the first computer malware program to be circulated by means of the Internet. This self-replicating, malicious computer program was written by a Cornell University graduate student named Robert Morris and initiated on 2 November 1988. The Morris worm is estimated to have infected at least 6,000 computers and caused the failure of numerous servers. The Computer Emergency Response Team Coordination Center (CERT/CC) was created in December 1988 in response to the Morris worm attack. As a result of this incident, Robert Morris became the first person convicted in the U.S. for a violation of the 1986 Computer Fraud and Abuse Act.
According to Robert Morris, he did not intend to use the program to cause any damage to the network, but rather to determine the actual size of the Internet. As a student of computer science, Morris was curious to know exactly how far and at what speed the worm could proliferate. Morris claimed that overcompensation in the program’s logic caused it to be able to infect the same computer numerous times causing the device to become completely unusable. Despite his claims of causing unintended harm, Morris was found to have launched the worm from a computer at the Massachusetts Institute of Technology to conceal the fact that it had actually originated at Cornell.
The Morris worm was changed from a relatively harmless experiment to a damaging attack on the network by a critical programming error. A computer worm uses a network such as the Internet to locate other computers connected to the network and download an unauthorized copy of the program onto them. Before a worm downloads a copy of itself to a computer, it will typically check to see if one already exists. In order to prevent the download from occurring, a computer can be programmed to falsely claim that a copy of the worm already exists. Morris attempted to circumvent this security measure by directing his worm to download multiple copies to each computer and caused a catastrophic overload to occur.
It is believed that the Morris worm infected at least 10% of all the computers connected to the Internet at the time of the incident. The overall effect upon computer and Internet security prompted the U.S. Department of Defense to establish a centralized method of responding to network emergencies known as CERT/CC. The U.S. Government Accountability Office estimated the damages from the Morris worm to be as much as $100,000,000 U.S. Dollars (USD). Robert Morris was convicted on federal charges and received three years probation and a $10,000 (USD) fine. He later became an associate professor of computer science at the Massachusetts Institute of Technology.