Skip to content

Robert Tappan Morris and the Morris Worm

In 1988, the malware known as Morris worm was launched from a computer at Cornell University, by graduate student Robert Tappan Morris. The worm spread to all internet-connected computers and was designed to be undetectable. A design flaw led it to create more copies than Morris could control, which ultimately led to its detection.

A worm is a productivity tool built to move from computer to computer.

The term worm came from a team of computer engineers from Xerox PARC in the 70s. Similar to Morris, they left a worm unattended overnight to run tests in their computers. When they arrived the next morning, all computers had crashed upon booting up. They coined the term worm from the novel Shockwave Rider, “There’s never been a worm with that tough a head or that long a tail! It’s building itself, don’t you understand?… it can’t be killed. Not short of demolishing the net!”

Forensic science- soil analysisThe Morris worm was not a destructive malware, only meant to slow the processing of computers, though nobody knows what Robert’s intentions were in creating it. Morris was the first individual to be tried under the new Computer Fraud and Abuse Act of 1986, where he was tried, convicted and sentenced to three years of probation, 400 hours of community service, and a fine of $10,050. When the case was appealed, the Defense Advanced Research Projects Agency (DARPA) of the Computer Emergency Response Team (CERT) was created to coordinate information and proper responses to computer security.

The term “white hat hackers” is someone in the academic or corporate world, that creates programs to demonstrate vulnerabilities in order to make them publicly visible. Many believe that Morris only had the goal of copying his malware to the school computers so they would appear slower, then the school would have to fix or update them. Others that knew him claimed he created it just to see how large the networks spread, how far the internet could take his worm. His father was a cryptographer and computer scientist that helped to develop Unix (which iPhone users are still using today), so Morris was fully aware of how his program functioned, just not of the implications of not being able to manually control it.

There were no lines of code that seemed malicious, in that it wasn’t programmed to harm the computers only slow them down; which was the angle used in his appeal. A programming flaw that made the program automatic (no user interaction needed) led the program to get away from him too quickly by copying itself and spreading repeatedly – even reaching military computers and nearly crashing computers throughout NASA. A newspaper headline from 1986 read, “Student indicted in case involving ‘virus’ that paralyzed 6,000 computers.” The Morris worm is noted for starting the cybersecurity industry and is very well known in the computer sciences.

The original floppy disks of the Morris worm are on exhibit at the Computer History Museum in Mountain View, California.

Back to Crime Library

Back To Top