The first computer worm, dubbed the “Morris worm” after it’s creator Robert Morris Jr., appeared in the winter of 1988. It was not written to cause damage, but to spread. Morris originally had benign reasons for creating it, claiming it was to gauge the size of the internet. A Cornell University graduate student, he released the worm from MIT on Nov. 2nd, 1988. What he didn’t know is the worm’s code had a bug, and it quickly infected computers by the thousands.
The worm worked by exploiting vulnerabilities in the Unix operating system along with sendmail, fingerd, and other packages. It only infected DEC VAX machines running 4 BSD and Sun 3. It was programmed to reproduce itself and other files, and filter through the networks. The size of the reproduced files eventually filled a computer’s memory due to the unintended bug, effectively disabling them.
Morris was eventually arrested and became the first person tried under the Computer Fraud and Abuse Act of 1986. He was sentenced to three years of probation, 400 hours of community service, and a fine of $10,050. The worm also prompted the creation of the Computer Emergency Response Team (CERT), and has also been called “The Great Worm” because of it’s disastrous effect. Morris was also the son of the chief scientist at the National Computer Security Center, part of the National Security Agency.