Saturday, November 2nd, marks the twenty-fifth anniversary of the Morris Worm, considered to be the first major malware to rock the fledgling Internet world, and the lessons it holds for security have yet to be learned, according to Eugene Spafford, Purdue University professor of computer science.
“Based on what people have done since then in terms of security, I don’t think it [the Morris Worm] taught us a lot.” said Spafford. “I don’t think we learned anything from it, and we’re still not learning anything from it.”
Spafford, then an assistant professor at Purdue, was one of the first academics to study the Morris Worm after it infected two systems in the university’s computer science lab.
Robert Tappan Morris, now a professor at MIT, maintains that he created the worm in an effort to gauge the size of the Internet, but the code replicated itself and spread like a wildfire, ultimately infecting some 6,000 computers, or about 6% of all the computers connected to the Internet at the time.
Morris, for whom the worm is named, was subsequently the first person ever convicted under the 1986 Computer Fraud and Abuse Act. Spafford’s research on the malicious code also brought him into the limelight, as well as highlighting the power of these new information technologies and magnitude of their inherent insecurity.
“The day after the worm, an awful lot of people were shocked that such an abuse could occur,” Spafford said. “A lot of people outside the academic and research communities suddenly became aware of networking, became aware that malicious software could be written and that really changed a lot of people’s perceptions. It woke them up to the possibilities.”
Gene Kim, author and founder/former CTO of Tripwire said that his “mentor and a major influence on my career is Dr. Gene Spafford, one of the true luminaries and pioneers in the information security profession. In fact, the reason I went to Purdue University in 1990 was because of the seminal paper he wrote on the 1988 Internet Morris Worm.”
Read More Here…