America was shocked when on November 2, 1988, almost all computers that had access to the Internet (in America) at about eight o’clock in the morning, as they say, were “frozen”. At first it was attributed to failures in the power system. But then, when there was an epidemic caused by the Morris Worm, it became clear that the terminals were attacked by an unknown program at that time containing code that could not be decrypted by the available means. Not surprising! At that time, computers connected to the Internet numbered only tens of thousands (approximately 65,000 terminals) and were mostly represented in government circles or self-government bodies.
Morris Worm virus: what is it?
The virus itself of this type was the first of its kind. It was he who became the ancestor of all other programs of this type, which today differ from the progenitor quite strongly.
Robert Morris created his own “worm” without even realizing how popular it would be and what harm the economy could do. In general, it is believed that this was, as they say now, a purely sporting interest. But in fact, the introduction of APRANET into the then global network, to which, by the way, both governmental and military organizations were connected, caused such a shock that America could not recover for a long time. According to preliminary estimates, the Morris Worm computer virus caused damage of about 96.5 million US dollars (and this is only the amount known from official sources). The amount given above is official. And what is not taken into account is probably not subject to disclosure.
The creator of the Morris Worm computer virus Robert Morris: some facts from the biography
The question immediately arises of who this genius-programmer was, who managed to paralyze the computer system of the North American continent for several days.
The same respected Wikipedia resource indicates that Robert was once a graduate student at Cornell University, R. T. Morris (chance or coincidence?), At the Department of Computer Engineering.
History of the creation and appearance of the virus
It is believed that initially the virus did not contain any threat. Fred Cohen studied the Morris Worm based on his calculations about malicious codes and revealed an interesting feature in it. It turned out that this is not a malicious program at all.
The Morris Worm (although today it is considered to be a virus from the Pentagon) was originally created as a means of testing vulnerabilities of systems based on the "intranet" (it is not surprising that APRANET users were primarily affected).
How a virus affects a computer system
Robert Morris himself (the creator of the virus) in every possible way rejects the consequences caused by his "brainchild" to the United States, claiming that the spread on the network provoked an error in the code of the program itself. Given the fact that he received education at the university, especially at the faculty of computer science, it is difficult to agree with this.
So, the so-called "Morris Worm" was originally focused on intercepting messages between large organizations (including government and military). The essence of the impact was to replace the original text of a letter sent back then in the APRANET network, with the removal of headers and endings in the debug mode of Sendmail or when the buffer of the network fingerd service is full. The first part in the new letter contained code compiled on a remote terminal, and the third consisted of the same binary code, but adapted for different computer systems.
In addition, a specialized tool was used that allowed us to select logins and passwords using remote access to execute programs (rexec), as well as calling a remote interpreter (rsh), which at the command level used the so-called “trust mechanism” (now it is more associated with certificates).
Propagation speed
As it turns out, the creator of the virus was not a stupid person at all. He immediately realized that the longer the code, the longer the virus was introduced into the system. That is why the well-known “Morris Worm” contains a minimal binary (but compiled) combination.
Due to this, the very boom took place, which is now customarily kept silent about the level of state intelligence services, although the threat of self-copying spread almost exponentially (each copy of the virus was able to create two or more of its own analogues).
Damage
No one, however, thinks about what damage might be inflicted on the same security system. Here the problem, rather, is what the Morris Worm computer virus itself is. The fact is that initially, when it entered a user terminal, the virus had to determine whether a copy of it was contained in the system. If there was one, the virus left the car alone. Otherwise, it was introduced into the system and created its clone at all levels of use and management. This applies to the entire operating system as a whole, and installed user programs, and applications or applets.
The official figure, called the US Department (approximately $ 96-98 million in damage), is clearly underestimated. If you look only at the first three days, it was already about 94.6 million). Over the next few days, the amount has not grown so much, but ordinary users have suffered (the official press and the US Department are silent about this). Of course, at that time the number of computers connected to the global web was approximately 65 thousand in the United States alone, but almost every fourth terminal was damaged.
Effects
It is easy to guess that the essence of the impact is to completely deprive the system of efficiency at the level of resource consumption. Mostly this relates to network connections.
In the simplest case, the virus creates its own copies and initiates the launch of processes masquerading as system services (now even launched as administrator in the list of processes of the “Task Manager”). And removing threats from this list is not always possible. Therefore, when completing the processes associated with the system and the user, you must act extremely carefully.
What about Morris?
"Morris Worm" and its creator are currently feeling very good. The virus itself is successfully isolated by the efforts of the same anti-virus laboratories, since they have the source code on which the applet is written.
Morris in 2008 announced the release of the Lips-based Arc language, and in 2010 became the nominee and winner of the Weiser Prize.
By the way, another interesting fact is that the public prosecutor Mark Rush admitted that the virus disabled many computers by forced shutdown, but still did not intentionally damage users' data at any level, since it was originally not a destructive program, but an attempt checking the possibility of interference in the internal structure of existing systems. Compared with the fact that initially the attacker (voluntarily surrendering to the authorities) was threatened with imprisonment for up to five years and a fine of 250 thousand dollars, he escaped with three years probation, a fine of 10 thousand dollars and 400 hours of community service. As many lawyers of that (by the way, and present) time considered, this is nonsense.
A few results
Of course, today it is not worth it to be afraid of such a threat, which Morris Virus represented in the early days of the emergence of computer technology.
But here is the interesting thing. It is believed that the exposure to malware is mainly affected by Windows. And then suddenly it turns out that the body of the virus was originally developed for UNIX systems. What does this mean? The only thing is that it is time for Linux and Mac OS owners who are fundamentally based on the UNIX platform to prepare security tools (although it is believed that viruses do not affect these OSes at all, in the sense that they were not written). Here, many users of "poppies" and "Linuxoids" are deeply mistaken.
As it turns out, even on mobile platforms running iOS, some threats (including the Morris Worm) have begun to show their activity. First, this is advertising, then - unnecessary software, then ... - the crash of the system. Here involuntarily and think about it. But at the source of all this was some kind of graduate student who made a mistake in his own tester program, which led to the appearance of what is commonly called computer worms today. And they, as you know, and the principles of influence on systems are somewhat different.
In a sense, such viruses become spyware, which not only load the system, but also, in addition to everything, steal site access passwords, logins, PIN codes of credit or debit cards, and God knows what an ordinary user can do not even guess. In general, the impact of this virus and the like at this stage in the development of computer technology is fraught with quite serious consequences, despite even the most modern methods of protection. And it is precisely with regard to computer worms that one should be as alert as possible.
Here is such an entertaining and extraordinary story that will not be forgotten for a long time. An interesting and safe pastime on the network - without data theft, overloading the system and any spyware like the Morris worm!