Contact Us Today 01642 716680

Morris Worm

Definition: The Morris Worm was one of the first computer worms distributed via the internet, launched on November 2, 1988, by Robert Tappan Morris. It was designed to gauge the size of the internet by exploiting known vulnerabilities in Unix systems.

Although purportedly intended to cause no damage, the Morris Worm had a design flaw that led to it being more aggressive than planned, resulting in denial-of-service conditions as it replicated unchecked and consumed system resources. Estimates suggest that the worm infected approximately 6,000 computers, which was a significant portion of the internet at the time, causing significant disruption and financial cost in terms of lost productivity and system remediation efforts.

The incident brought to light the importance of network security and the potential impact of malware. It led to increased awareness and the development of computer emergency response teams (CERTs). The creator of the worm, Robert Morris, became the first person convicted under the Computer Fraud and Abuse Act in the United States.

How did the Morris Worm spread?

The Morris Worm cleverly capitalised on several weak spots in Unix systems back in the late 80s. The exploit utilised vulnerabilities in the sendmail program and exploited a buffer overflow in the fingerd network service. To add insult to injury, the Morris Worm also guessed easy passwords and exploited a bug in “rsh/rexec” commands, which allowed unauthorised access to the systems. These tactics allowed the worm to multiply across networks without needing any user interaction whatsoever.

What year was the Morris Worm?

The Morris Worm emerged in the year 1988.

What did the Morris Worm do?

The Morris Worm was designed to map the extent of the internet but inadvertently caused widespread disruption. It replicated itself and spread across networks, exploiting several vulnerabilities in Unix systems. The aggressive replication of the worm led to an unintended denial of service as it consumed an excessive amount of system resources. The Morris Worm was never intended to cause damage, as originally the author was just conducting an experiment.

Key Characteristics:

  • Replication: The worm was self-replicating, spreading to other machines without user intervention.
  • Exploitation of Multiple Vulnerabilities: Utilised several known vulnerabilities to infect systems.
  • Accidental Denial of Service: Unintended consequence of aggressive replication consuming system resources.
  • Historical Significance: Marked a turning point in awareness and handling of network security threats.


  • Real-World Example: Upon release, the Morris Worm caused certain Unix-based systems connected to the internet to become unusable due to overwhelming resource consumption.
  • Hypothetical Scenario: Imagine a similar situation wherein a well-intentioned researcher creates a worm to map the spread of an application across a network, but due to a coding error, it spirals out of control, causing widespread system crashes.

Related Terms:

  • Computer Worm: A type of malware that is self-replicating and can spread autonomously from system to system.
  • Denial of Service (DoS): An attack that renders a network or machine unavailable by disrupting services.
  • CERT (Computer Emergency Response Team): An organisation that handles computer security incidents.

Learn better by watching a video? Here is a YouTube video by Destination Certification explaining the Morris Worm.

What is the OWASP Top 10: Download our flash cards to find out.

Inside you will find a description of the most common web vulnerabilities.

Contact us

Get a free, no obligation quote from one of our expert staff.

      Looking for reliable Penetration Testing? Use the contact form below and request a quote today.