Morris Worm


The Morris Worm is an early computer worm that was released on November 2, 1988, by Robert Tappan Morris. It was designed to exploit vulnerabilities in Unix systems and spread through the internet, unintentionally causing extensive damage and becoming the first widely publicized instance of a computer worm. Its unintended rapid replication overwhelmed networked computers, causing them to crash or become inoperable, drawing attention to the need for better internet security.

Key Takeaways

  1. The Morris Worm was an early computer worm created in 1988 by Robert Tappan Morris, a graduate student at the time, with the intention of measuring the size of the Internet.
  2. Instead of achieving its intended purpose, the worm caused widespread damage and disruptions by infecting thousands of computers, replicating itself excessively, and consuming system resources, ultimately leading to the first large-scale cyberattack in history.
  3. As a result of the Morris Worm, both awareness and the importance of computer security increased considerably, it also led to the formation of Computer Emergency Response Team (CERT), and Robert Morris being the first person convicted under the Computer Fraud and Abuse Act.


The Morris Worm is significant in the history of technology as it was one of the first computer worms to be distributed through the internet, highlighting the potential consequences of network vulnerabilities on a large scale.

Invented by Robert Tappan Morris in 1988, this worm was designed to gauge the size of the internet by duplicating itself across computer systems connected via the ARPANET, however, it inadvertently revealed critical security shortcomings in the process.

The Morris Worm caused significant damage through excessive replicating, effectively causing system crashes and rendering thousands of computers inoperable.

This event prompted widespread media attention, raised public awareness of the emerging threat of cybercrime, and eventually led to the establishment of the Computer Emergency Response Team (CERT) to better anticipate and manage such digital incursions.


The Morris Worm emerged in the late 20th century as an early example of a self-replicating computer program, better known today as a computer worm. Launched on November 2, 1988, by its creator Robert Tappan Morris, the worm was initially designed as a means to gauge the extent of the internet, rather than as a malicious attack.

Nevertheless, the unintended consequences of the program’s design led to a widespread network slowdown, as computer systems across the United States became infected. The purpose of the Morris Worm, in essence, was to reveal the vulnerabilities present in the computer systems of that time.

The worm functioned by exploiting UNIX system vulnerabilities, thereby spreading quickly throughout the network and infecting thousands of computers within a short span. The worm’s replication rate was far greater than anticipated, causing system overload, a triggered shutdown of mail servers, and a loss of connectivity.

While it highlighted the importance of cybersecurity both then and now, the Morris Worm also demonstrated how even a well-intended program, without an elaborate malicious design, could have far-reaching and detrimental effects on computer networks worldwide.

Examples of Morris Worm

The Morris Worm, created by Robert Tappan Morris in 1988, was one of the first computer worms to spread widely across the internet. Here are three real-world examples related to the Morris Worm:Incident at MIT: The Morris Worm was unleashed from the MIT computer system to disguise its true origin, as the creator, Robert Tappan Morris, was a graduate student at Cornell University. Once released, it soon began infecting computers across the United States. The worm propagated rapidly, exploiting vulnerabilities in UNIX systems, causing system slowdowns and crashes as it infected and replicated itself.

Internet Slowdown and System Damages: The Morris Worm infected around 10% of the 60,000 internet-connected computers at the time, causing an unprecedented internet slowdown and system damages. It is estimated that the overall cost of the damages caused by the worm ranged from $100,000 to $10,000,The widespread impact of the Morris Worm led to increased scrutiny of computer security measures and highlighted the need for greater vigilance in protecting systems from malicious software.

Legal Consequences and the Creation of the Computer Emergency Response Team (CERT): As a result of the Morris Worm incident, Robert Tappan Morris became the first person to be convicted under the Computer Fraud and Abuse Act inHe was sentenced to three years of probation, 400 hours of community service, and a fine of $10,

Additionally, the severity of the Morris Worm’s consequences led to the creation of the Computer Emergency Response Team (CERT) by DARPA, a U.S. government organization responsible for developing emerging technologies for military use. CERT has since evolved into a global network of organizations dedicated to handling cybersecurity incidents and promoting internet security.

Frequently Asked Questions: Morris Worm

What is the Morris Worm?

The Morris Worm was one of the first computer worms distributed through the internet. It was created by Robert Tappan Morris, a computer science graduate student at Cornell University. The worm was launched on November 2, 1988, and became a significant turning point in the history of malware and cybersecurity.

What was the purpose of the Morris Worm?

The creator, Robert Tappan Morris, claimed that the primary purpose of the worm was to gauge the size of the internet. However, due to a coding error, the worm ended up replicating and causing widespread damage to a large number of computers, eventually causing them to crash.

How did the Morris Worm spread?

The Morris Worm spread through exploiting vulnerabilities in the UNIX operating system. It scanned for vulnerable systems and then infected them using a combination of known security flaws, such as weak passwords and buffer overflows.

What was the impact of the Morris Worm?

The Morris Worm infected an estimated 6,000 computers, which was a considerable percentage of the total number of systems connected to the internet at that time. The infected systems experienced significant slowdowns and, in many cases, crashed completely. The financial cost of the damage has been approximated to be between $200,000 and $53,000,000.

What were the consequences for the creator of the Morris Worm?

Robert Tappan Morris was prosecuted under the 1986 Computer Fraud and Abuse Act and became the first person to be convicted under the law. He was sentenced to three years of probation, 400 hours of community service, and a fine of $10,050.

What role did the Morris Worm play in the development of modern cybersecurity?

The Morris Worm brought the importance of internet and computer security to the forefront. It was a wakeup call for the public and private sectors alike, leading to increased investments in security measures, the development of new technologies to combat threats, and the creation of cybersecurity institutions like the Computer Emergency Response Team (CERT).

Related Technology Terms

  • Computer Worm
  • Buffer Overflow
  • System Vulnerability
  • Internet Worm
  • Robert Tappan Morris

Sources for More Information


About The Authors

The DevX Technology Glossary is reviewed by technology experts and writers from our community. Terms and definitions continue to go under updates to stay relevant and up-to-date. These experts help us maintain the almost 10,000+ technology terms on DevX. Our reviewers have a strong technical background in software development, engineering, and startup businesses. They are experts with real-world experience working in the tech industry and academia.

See our full expert review panel.

These experts include:


About Our Editorial Process

At DevX, we’re dedicated to tech entrepreneurship. Our team closely follows industry shifts, new products, AI breakthroughs, technology trends, and funding announcements. Articles undergo thorough editing to ensure accuracy and clarity, reflecting DevX’s style and supporting entrepreneurs in the tech sphere.

See our full editorial policy.

More Technology Terms

Technology Glossary

Table of Contents