The Internet Worm
was a program
which copied itself
from one computer
s in BSD
variants to get access
to these computers.
It was similar to a virus, in that it reproduces itself on other computers, but is referred to as a worm because it was a whole program, as opposed to a piece of code that attaches itself parasitically to other programs, which is considered the usual mode of viruses.
The worm was launched on November 2, 1988 by Robert Tappan Morris, Jr., and over the next couple days, BSD-UNIX computers around the country ground to a halt as they became infected over and over by the worm, and multiple running copies of the worm gradually consumed more and more CPU time and RAM, while experts quickly analyzed it and took steps to stop it from spreading further.
The Internet Worm exploited two security flaws in the systems it infected. One was part of a debug feature of the sendmail program, the process which sends and receives mail on these systems. The other was a buffer overrun bug in the fingerd program, the daemon process which responds to requests from the finger program, which displays information about users on the system to local or remote users who request it.
Such buffer overrun bugs are a frequent problem in many programs which run with privileges, due to a common type of operation in which a string is copied into a buffer of a certain fixed size. When these programs make such calls without first checking that the string will fit, it is possible for the copy operation to overwrite other data or program code. The usual method of exploiting buffer overruns is to feed the program a specially-prepared long string which contains program code which will subsequently be executed and provide the attacker with a more direct level of access.
Besides testing security holes, the worm also attempted to crack passwords on the machine it was running on, and once it had determined a user's password, attempted to access that user's other accounts on other computers to propagate itself.
The worm was not intended to hog all time on the infected systems, but due to bugs in the worm's code, infected systems would eventually end up with multiple copies (and an increasing number of copies) of the worm running, eventually reaching the point that it made the system unusable.