What Is the Morris Worm? History and Modern Impact

A hacker launched the Morris worm in 1988, and many people consider it one of the very first public attacks on computer systems. 

Morris worm code poses no threat today. Modern, well-defended computers are immune to the vulnerabilities the hacker exploited. 

But even so, the worm inspired generations of hackers. Modern hackers still use worms, and they can be devastating. And it made thousands of people deeply suspicious of the information we store and share online. 

Let's dig into how worms work, and then we'll unpack how the Morris worm got its name and how it continues to impact modern programming. 

How do worms work? 

Every computer needs an operating system. This program runs in the background, and you may never notice how it works or what it does. But it's critical to your performance, and you can't turn it off. A worm targets vulnerabilities in operating systems. 

Attackers have used worms to deliver some of the most destructive forms of malware, including ransomware programs that encrypt all the files on a server. 

Years ago, hackers spread these worms via floppy disks and other types of storage. You'd pop the disk into your computer, and the program would run in the background. You wouldn't know anything was wrong until your computer started acting up.

Now, worms could come to you via:

  • Email. You get a note from someone you trust, and it comes with an attachment it encourages you to click. When you do, a file runs. Your computer starts sending out more copies of the worm via email. 
  • USB. Someone gives you a storage stick, and every file on it is infected. Click on even one, and the program begins to run. 

When infected by a worm, your computer works overtime to send out more copies. You might notice sluggish performance, or your computer could go down altogether. 

Worms are relatively common. Wikipedia lists more than 40 of them. Many more may exist, but they just haven't been formally named quite yet. 

Meet the Morris worm's creator 

Think of the Morris worm as the grandfather of every single worm out there. The Morris worm might also have inspired other nasty web attacks, such as viruses. 

The Morris worm was created by a 23-year-old student at Cornell named Robert Morris. He'd spent his early life working with computers and designing code, and while he was at school, he was known as a bit of a prankster. This isn’t completely surprising—the recipe for a perfect hacker involves cleverness and the willingness to cause a little trouble. 

Morris was working in a very different environment than the one we use today. In 1998, there were fewer than 100,000 connected machines, and most organizations that were online seemed to trust one another. There were few passwords and other hoops to jump through to get connected. Everyone really wanted to get along. 

Safety issues are rampant in a system like this, and Morris intended to point them out. He only meant for his worm to expose how quickly an attack could unfold, but he made a devastating coding mistake. 

The Morris worm was made to:

  • Query. The worm asked each computer it encountered if it already had a copy of the code. 
  • Respond to "No." If the computer wasn't infected, the code would execute. 
  • Respond to "Yes." If the computer was infected, the worm wouldn't copy. 

This code seems innocent, but Morris didn't want clever programmers to work around him and prompt all of their computers to respond "Yes" to every copy. 

So after seven "Yes" responses, the code duplicated anyway. This flaw devastated computers. Many had several versions of the code running at the same time, and performance slowed to an absolute crawl. Some systems crashed altogether. 

The outcry was swift and severe, and Morris was the first person convicted under the Computer Fraud and Abuse Act. He was sentenced to probation lasting three years and a fine. 

He remains active in the programming community, but he spent years in court.

Measuring the long-term worm impact 

No one can launch a current Morris worm attack. And there's no reason to do so. The worm doesn't come with any kind of "payload" or opportunity to make money. A hacker would likely choose a much more profitable attack over this one. 

But the Morris worm remains very important in the ongoing conversation about security.

Some say that the Morris worm made people feel very uncomfortable with the idea of online security. The story was splashed all over the news, and some people were so uncomfortable with the idea that this could happen that they vowed never to go online. 

To these people, the Morris worm made the web seem so much less secure. And that's an issue that continues to haunt us today. 

But it's reasonable to say that the Morris worm also made the entire world understand just why cybersecurity is so important. After this attack, companies started investing in things like password management programs and firewalls. The trusting nature of the web disappeared, and we all got a little more protective. That's not an entirely bad development. 

At Okta, we believe in the power of cybersecurity solutions. Learn more about how to secure your digital interactions with employees and customers with Okta.


What Is a Computer Worm? How This Self-Spreading Malware Wreaks Havoc. (August 2019). CSO. 

List of Computer Worms. Wikipedia. 

The Morris Worm. (November 2018). Federal Bureau of Investigations. 

US v. Morris. (March 1991). United States Court of Appeals. 

The Morris Worm: Internet Malware Turns 25. (November 2013). ZD Net. 

The Untold Story Behind the World's First Major Internet Attack: The Morris Worm. (August 2019). Mashable.