On November 2, 1988, Robert Morris Jr.
, a computer science graduate student at Cornell, wrote a self-replicating and self-propogating worm which took advantage of two security vulnerabilities, one in the sendmail
daemon, and one in the finger
Morris had intended the program as an experiment, but there was a bug. The worm was designed so that it would only infest a machine once, and would ignore machines which were already infested. Probably thinking that system administrators would realize this and rapidly insert inert code which would fool the worm into believing that a machine was already infested, Morris set the worm to infest one out of every few machines, even if it detected that the worm already existed.
In an attempt to disguise the location and identity of the author, Morris unleashed the worm from a computer at MIT, instead of one at Cornell where he was a student.
Unfortunately for Morris, his worm which was itself fairly harmless, spun out of control. It rapidly infected machines all over the net, including military installations and biomedical research facilities. The worm replicated at an exponential rate, and eventually, depending on how lame the operating system running on a given machine was, either crashed that machine or clogged it, making it unusable.
Morris quickly discovered that his experiment had gone horribly wrong. He contacted a friend at Harvard and discussed a solution. They sent an anonymous email from Harvard telling system administrators how to kill the worm and keep it from reinfecting their machines, but the network was so clogged by that time that the propogation of the antidote was delayed or prevented.
Programmers worked around the clock to devise a solution to this problem. After approximately twelve hours, a team at Berkeley released a partial solution which would retard the progress of the worm. Another method was released by Purdue. In both cases, propogation of the antidote ran was hampered by the same problem which kept Morris' antidote from propogating: the network was clogged.
Several days later, things returned to some semblence of normal, and people wanted to know who did it. The average American didn't know that the Internet existed, much less what it was. The New York Times ran a story fingering Morris as the author before it had ever been proven, but there was a large body of evidence pointing to Morris.
Robert Morris Jr. was convicted of violating the Computer Fraud and Abuse Act (U.S. Title 18) and was sentenced to three years probation, 400 hours of community service, a find of $10,050, and to pay the costs of his supervision. His appeal, which was filed in December of 1990, was rejected in March 1991.
The Morris Worm is sometimes referred to as the Great Worm as well.