Editing Morris worm (section)

== Architecture ==
[[File:Morris Worm.jpg|right|thumb|[[Floppy disk]] containing the source code for the Morris Worm, at the [[Computer History Museum]]]]
The worm's creator, [[Robert Tappan Morris]], is the son of [[List of cryptographers|cryptographer]] [[Robert Morris (cryptographer)|Robert Morris]], who worked at the [[National Security Agency|NSA]].<ref>{{Cite web|url=https://www.globalknowledge.com/blog/2018/11/01/the-morris-worm-turns-25/|title=The Morris Worm Turns 30|date=November 1, 2018|website=Global Knowledge Blog|access-date=January 29, 2019|archive-date=January 30, 2019|archive-url=https://web.archive.org/web/20190130053313/https://www.globalknowledge.com/blog/2018/11/01/the-morris-worm-turns-25/|url-status=live}}</ref> A friend of Morris said that he created the worm simply to see if it could be done,<ref>{{cite tweet|user=paulg|number=1323246618326507524|date=November 2, 2020|title=FWIW the Wikipedia article on the worm is mistaken|first=Paul | last=Graham|access-date=November 2, 2020}}</ref> and released it from the Massachusetts Institute of Technology (MIT) in the hope of suggesting that its creator studied there, instead of Cornell.<ref>{{Cite book|last=Kehoe|first=Brendan P.|title=Zen and the Art of the Internet: A Beginner's Guide to the Internet, First Edition|year=1992}}</ref> 
[[Clifford Stoll]], author of ''[[The_Cuckoo's_Egg_(book)|The Cuckoo's Egg]]'', wrote that "Rumors have it that [Morris] worked with a friend or two at Harvard's computing department (Harvard student [[Paul Graham (programmer)|Paul Graham]] sent him mail asking for 'Any news on the brilliant project')".<ref name="stoll1989">{{cite book |title=The Cuckoo's Egg |url=https://archive.org/details/cuckooseggtracki00stol |url-access=registration |publisher=Doubleday |author=Stoll, Clifford |year=1989 |isbn=978-0-307-81942-0 |author-link=Clifford Stoll |chapter=Epilogue}}</ref>

The worm exploited several vulnerabilities of targeted systems, including:

* A hole in the debug mode of the [[Unix]] [[sendmail]] program
* A [[buffer overflow]] or overrun hole in the [[fingerd|finger]] network service
* The transitive trust enabled by people setting up network [[login]]s with no [[password]] requirements via [[Berkeley r-commands|remote execution]] (rexec) with [[Remote Shell]] (rsh), termed rexec/rsh

The worm exploited [[Password strength|weak passwords]].<ref>{{cite web |url=http://www.loundy.com/CASES/US_v_Morris2.html |title=US vs. Morris |publisher=Loundy.com |access-date=February 5, 2014 |archive-date=February 13, 1998 |archive-url=https://web.archive.org/web/19980213113238/http://www.loundy.com/CASES/US_v_Morris2.html |url-status=live }}</ref> Morris's exploits became generally obsolete due to decommissioning rsh (normally disabled on untrusted networks), fixes to sendmail and finger, widespread network filtering, and improved awareness of weak passwords.

Though Morris said that he did not intend for the worm to be actively destructive, instead seeking to merely highlight the weaknesses present in many networks of the time, a consequence of Morris's coding resulted in the worm being more damaging and spreadable than originally planned. It was initially programmed to check each computer to determine if the infection was already present, but Morris believed that some [[system administrator]]s might counter this by instructing the computer to report a [[false positives and false negatives|false positive]]. Instead, he programmed the worm to copy itself 14% of the time, regardless of the status of infection on the computer. This resulted in a computer potentially being infected multiple times, with each additional infection slowing the machine down to unusability. This had the same effect as a [[fork bomb]], and crashed the computer several times. 

The main body of the worm can infect only [[Digital Equipment Corporation|DEC]] [[VAX]] machines running 4[[Berkeley Software Distribution|BSD]], alongside [[Sun-3]] systems. A portable [[C (programming language)|C]] "grappling hook" component of the worm was used to download the main body parts, and the grappling hook runs on other systems, loading them down and making them peripheral victims.<ref>{{cite web |url=http://homes.cerias.purdue.edu/~spaf/tech-reps/823.pdf |title=An analysis of the worm |first=Eugene |last=Spafford |author-link=Gene Spafford |publisher=[[Purdue University]] |format=PDF |date=December 8, 1988 |access-date=October 30, 2019 |archive-date=May 1, 2006 |archive-url=https://web.archive.org/web/20060501223032/http://homes.cerias.purdue.edu/~spaf/tech-reps/823.pdf |url-status=live }}</ref>