Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Morris and the Brain

Created: 13 Jul 2007 07:00:00 GMT • Updated: 23 Jan 2014 18:47:58 GMT
Marc Fossi's picture
0 0 Votes
Login to vote

Same thing we do every night – try to take over the world…

Morris and Brain. The average person doesn’t know these names very well in comparison to Melissa, CodeRed, Nimda, Slammer, and Funlove. They all had their day and are burned in the memories of the users who were infected and those who cleaned up after them. Without Morris and Brain, though, the current “superstars” wouldn’t exist.

Brain (also known as Lahore) was the first virus written for the PC in January 1986. The virus was quite simple by today’s standards – it merely infected the boot sector of floppy disks and displayed a message to the user. Otherwise, it didn’t have any destructive payload. Two brothers from Pakistan created it with the intent of protecting their medical software from being copied illegally. Unfortunately, the virus spread further than they anticipated and soon users around the world were infected.

The Morris worm (or Internet worm) was also created with innocent intentions according to its author. Robert Morris claims that he wrote the worm in an effort to gauge the size of the Internet (which at the time was far less difficult to do than today). Unfortunately, the worm contained an error that caused it to infect computers multiple times, creating a denial of service.

The worm propagated by exploiting vulnerabilities in Sendmail, the finger daemon, and rsh on Sun and VAX systems. Before infecting a computer, the worm would check to see if a copy was already running. If it were, the worm would not attempt to infect the computer again. However, this would have made the worm easy to stop since users could have created a process that would simulate the worm already running on an uncompromised computer. To compensate for this, the worm would still infect a computer that claimed it was already infected fourteen percent of the time. This resulted in computers having multiple instances of the worm running and caused them to severely bog down.

While the authors of both these pieces of malicious code claim they never had malicious intent (and that’s a debate I’m not willing to wade into here), they opened a Pandora’s Box that everyone who owns a computer connected to the Internet is dealing with. It isn’t fair to say that without Brain and Morris there wouldn’t be any viruses or worms; if it hadn’t been them, we would likely be talking about different names that had similar consequences. These just happen to be the names that have the (mis)fortune of living on in infamy.

For more on the history of worms see: A Brief History of the Worm.

For more on Symantec's 25th anniversary, click here.