[ISN] 16 candles for first Internet worm

InfoSec News isn at c4i.org
Thu Nov 4 03:12:58 EST 2004


By Munir Kotadia 
Special to CNET News.com
November 3, 2004

The first significant Internet worm appeared on this day 16 years ago,
and online security has never been the same, security professionals

At around midnight on Nov. 2, 1988, the Morris worm, written by a
23-year-old Massachusetts Institute of Technology student called
Robert Tappan Morris, was released on the embryonic Internet.

Within hours, the worm's 99 lines of code overloaded thousands of
Unix-based VAX and Sun Microsystems systems, forcing administrators to
disconnect their computers from the network to try to stop the worm
from spreading.

The Morris worm was part of a research project and was not designed to
cause damage, but it was programmed to self-replicate. Unfortunately,
the code contained a bug that allowed the worm to infect a single
machine multiple times, which resulted in thousands of computers
grinding to a halt.

Morris' worm was the first to spread on the Internet. But the very
first appearance of a worm was in a 1982 paper by researchers John
Shoch and Jon Hupp of the Xerox Palo Alto Research Center, who
described a self-distributing program with a bug that managed to crash
100 machines in the research building.

Morris was convicted for his research, but did not go to prison. He
received a suspended sentence with community service and was fined

At the time, the Internet was still a closed system used by
universities and the military for research purposes, security experts
say. Once it was opened to the public--and became known as the World
Wide Web--attitudes to security had to change.

Sean Richmond, a senior technology consultant at Sophos Australia,
said that since Morris, there have been fundamental changes in the way
networks and computers communicate with each other, and that will
continue to evolve over the next 16 years.

"At that time, commands such as 'remote login,' 'remote shell' and
'remote copy' were commonly used. The idea was that if you were logged
into one machine, you could access another system, and it wouldn't
even ask you for a login password. There was a level of trust,"  
Richmond said.

Matt Dircks, vice president and product manager at network management
specialists NetIQ, said that the biggest difference is the impact a
network worm has on the general population.

When Morris hit in 1988, academics would have lost some of their
research. But when worms like Blaster or Sasser start spreading on the
modern Internet, it affects banks, government departments and even
stops kids from researching their schoolwork from home, said Dircks.

"The stakes have gone up because the impact of the worm has changed in
scope and in depth. The impact on people's daily lives is much more
pronounced," Dircks said.

Sophos' Richmond said that malicious software is unlikely to go away
over the next 16 years, but it should have less impact, as software
companies develop their applications with security in mind rather than
as an afterthought.

Richmond also said that the next-generation Internet will run on IPv6,
or Internet Protocol version 6, which is a communications protocol
that lays the foundation for a far more secure and safe online
commercial environment.

"Security is being designed in the next TCP/IP version (IPV6), so the
IP address will contain a knowledge and expectation of security. The
current version IPv4 was built with a much more open world in mind.  
Security was not part of the initial design," he said. "In 16 years'
time, the potential for something to spread widely and rapidly across
everything will be diminished just by the underlying security."

However, NetIQ's Dircks said that IPv6 is a very long-term project,
and because it will require so much hardware to be replaced, it will
be a very slow upgrade cycle.

"Part of the solution is to build security into the architecture. But
there are systems that are 30 or 40 years old still running, and the
companies using them will not get rid of them, because they still
work," Dircks said. "We are always going to have a heterogeneous
world, and without painting a picture of doom, gloom and apocalypse,
the problems are not going away."

Munir Kotadia of ZDNet Australia reported from Sydney.

More information about the ISN mailing list