"The Morris worm": the history of the appearance of the virus, the principle of action and interesting facts

America was shocked when on November 2, 1988 almost all computers that had access to the Internet (in America), about eight o'clock in the morning, they say, "hung up". At first this was attributed to power failures. But then, when the epidemic caused by "Morris's Worm" happened, it became clear that the terminals were attacked by an unknown program at that time, containing a code that could not be deciphered by the available means. Not surprising! At that time computers connected to the Internet were estimated at only tens of thousands (approximately 65,000 terminals) and were mostly represented in government circles or self-government bodies.

Morris Worm: what is it?

The virus of this type was the first of its kind. It was he who became the ancestor of all other programs of this type, which today differ from the progenitor rather strongly.

Robert Morris created his "worm" without even knowing what popularity he would gain and what harm could be done to the economy. In general, as it is believed, it was, as they say now, purely sporting interest. But in fact, the introduction into the then global network APRANET, to which, incidentally, were connected both government and military organizations, caused such a shock, from which America could not recover for a long time. According to preliminary estimates, the computer virus "Morris Worm" caused damage of about 96.5 million US dollars (and this is only the amount known from official sources). The amount above is official. And what is not taken into account, probably, and is not subject to disclosure.

The creator of the computer virus "The Morris worm" Robert Morris: a few facts from the biography

Immediately the question arises as to who this genius-programmer was, who for several days managed to paralyze the computer system of the North American continent.

The same respected resource "Wikipedia" indicates that at one time Robert was a postgraduate student at Cornell University RT Morris (coincidence or coincidence?), At the Faculty of Computing.

History of the creation and appearance of the virus

As it is believed, initially in the virus there was no threat. Fred Cohen studied the Morris Worm on the basis of his calculations about malicious codes and revealed an interesting feature in it. It turned out that this is not a malicious program at all.

The Morris worm (although it is now considered to be a virus from the Pentagon) was originally created as a means of testing vulnerabilities of systems based on intranet (it is not surprising that the APRANET users suffered in the first place).

How the virus affects the computer system

Robert Morris himself (the creator of the virus) in every possible way rejects the consequences caused by his "brainchild" to the United States, arguing that the spread on the network provoked an error in the code of the program itself. Given that he received education at the university, especially at the faculty of computer science, it is difficult to agree with this.

So, the so-called "Morris Worm" was initially focused on intercepting messages between large organizations (including government and military). The essence of the impact was to replace the original text of the letter sent then back in the APRANET network, with the removal of headers and endings in the Sendmail debug mode or when the network fingerd service buffer was full. The first part in the new letter contained the code compiled on the remote terminal, and the third consisted of the same binary code, but adapted for different computer systems.

In addition, a specialized tool was used to select logins and passwords using remote access to execute programs (rexec), as well as call a remote interpreter (rsh), which at the command level used the so-called "trust mechanism" (now it is more associated with Certificates).

Speed of propagation

As it turns out, the creator of the virus was not at all a stupid person. He immediately realized that the longer the code, the longer the virus is injected into the system. That's why the well-known "Morris Worm" contains a minimal binary (but compiled) combination.

Due to this, the same boom took place, which for some reason it is accepted to keep silent at the level of state intelligence services, although the threat of self-copying spread almost geometrically (each copy of the virus was able to create from two or more of its own analogs).

Damage

No one, however, thinks about how much damage can be done to the same security system. Here the problem, rather, is what the computer virus "Morrist Morris" itself is. The fact is that initially when entering the user terminal the virus had to determine whether the copy was in the system. If there was one, the virus left the machine alone. Otherwise - it was introduced into the system and created its clone at all levels of use and management. This involved the entire operating system as a whole, and the installed user programs, and applications or applets.

The official figure, called the US department (approximately $ 96-98 million damage), is clearly understated. If you look only at the first three days, it was already about 94.6 million). Over the following days, the amount grew not so much, but ordinary users suffered (the official press and the US Department are silent about this). Of course, at that time, the number of computers connected to the global web was about 65,000 only in the US, but almost every fourth terminal was affected.

Effects

It is not difficult to guess that the essence of the impact is to completely deprive the system of efficiency at the level of resource consumption. For the most part this applies to network connections.

The virus in the simplest case creates its own copies and initiates the start of processes masquerading as system services (now even running as an administrator in the process list of the "Task Manager"). And it is not always possible to remove threats from this list. Therefore, when you end the processes associated with the system and the user, you must act extremely cautiously.

And what about Morris?

"The Morris worm" and its creator at the moment feel very good. The virus itself has been successfully isolated by the efforts of the same anti-virus labs, since they have the source code on which the applet is written.

Morris in 2008 announced the release of the Arc language, based on the "Lips", and in 2010 became the nominee and the owner of the Weiser prize.

By the way, another interesting fact is that state prosecutor Mark Rush admitted that the virus disrupted a lot of computers by forcibly completing work, but still did not deliberately damage data of users of any level, since it was not originally a destructive program, but an attempt The possibility of interference in the internal structure of existing systems. Compared with the fact that initially an intruder (voluntarily surrendered to the authorities) was facing a prison sentence of up to five years and a $ 250 thousand fine, he escaped with three years probation, a fine of 10 thousand dollars and 400 hours of community service. As counted many lawyers of that (by the way, and this time), this is nonsense.

Several results

Of course, today we should not be afraid of such a threat that the "Morris Virus" represented itself at the early stages of the birth of computer technology.

But that's interesting. It is believed that the impact of malicious code is mainly on Windows. And then suddenly it turns out that the body of the virus was originally developed for UNIX-systems. What does this mean? But only that the owners of Linux and Mac OS, which are fundamentally based on the UNIX platform, it's time to prepare protection tools (although it is believed that the viruses do not affect these OS at all, in the sense that they were not written). Here, many users of "poppies" and "linuxoids" are deeply mistaken.

As it turns out, even on mobile platforms running iOS, some threats (including the "Morris Worm") began to manifest their activities. First it's advertising, then - unnecessary software, then ... - crash of the system. There involuntarily and you will reflect. But after all, there was a graduate student who made a mistake in his own tester program, which led to the emergence of what is now called computer worms. And they, as is known, and the principles of influence on the systems are somewhat different.

In a sense, such viruses become spyware (spyware) that not only loads the system, but also in addition to all the passwords of access to sites, login credentials, PIN codes of credit or debit cards, and God knows what the ordinary user can Not even guess. In general, the impact of this virus and its like at this stage of computer technology development is fraught with serious consequences, despite even the most modern methods of protection. And it is against computer worms that you should be as alert as possible.

Here is an entertaining and extraordinary story that will not be forgotten for a long time. Interesting and safe for you to spend time online - without data theft, system overload and any spies like "Morris worm"!