On Fri, Nov 1, 2019, 4:37 PM Dave Horsfall <dave@horsfall.org> wrote:

> The infamous Morris Worm was released in 1988; making use of known
> vulnerabilities in Sendmail/finger/RSH (and weak passwords), it took out a
> metric shitload of SUN-3s and 4BSD Vaxen (the author claimed that it was
> accidental, but the idiot hadn't tested it on an isolated network first).
> A
> temporary "condom" was discovered by Rich Kulawiec with "mkdir /tmp/sh".
>
> Another fix was to move the C compiler elsewhere.
>
> -- Dave
>

One of my comp sci professors was a grad student at Cornell when this
happened. He shared a small office with Morris and some other students. He
said that he had to explain that he had absolutely nothing to do with it on
quite a few occasions.

Morris was caught partly because he used the Unix crypt command to encrypt
his source code. The command was a computer model of the Enigma machine,
and its output could be and indeed was cracked, after retrieving the
encrypted code from a backup tape.

It's interesting that the worm was quickly detected. The reason was that it
kept infecting the same machines, and as you referred to, it contained a
password cracker, which slowed those machines to a crawl because of the
multiple instances running.

>