HOME   HISTORY   EFFECT   TOUR   LESSONS   BIBLIOGRAPHY

The history of worm like programs


The 1988 Internet worm was not the first program of its type, nor (alas) was it the last. Here is a brief description of other historical worms.

The term "worm" actually comes from a science fiction story called The Shockwave Rider written by John Brunner in 1975. In short, the story is about a totalitarian government that controls its citizens through a powerful computer network. A freedom fighter infests this network with a program called a "tapeworm" forcing the government to shut down the network, thereby destroy its base of power.

Between this and the 1988 worm, it is small wonder that worm programs are getting a bad name. However, the first worm programs were actually designed to facilitate better usage of a network.
The first program that could reasonably called a worm was written in 1971 by Bob Thomas. This program was in response to the needs of air traffic controllers and would help to notify operators of when control of a certain airplane moved from one computer to another. In actuality, the program, called "creeper" only traveled from screen to screen in the network displaying the message "I'm creeper! Catch me if you can!" The creeper program did NOT reproduce itself.
After this, several other programmers tried their hands at similar programs, but the idea gradually died out in a couple of months.
In the early 1980's, John Shock and Jon Hepps of Xerox's Palo Alto Research Center began experimenting with worm programs. (This was the first time that the term worm was actually applied to this sort of code.) The developed 5 worms, each of which were designed to preform helpful tasks around the network. Some worms were quite simple, such as the town crier worm, which simply traveled throughout the network posting announcements. Other worms were quite clever and complex, such as the "vampire" worm. This worm was idle during the day, but at night, it would take advantage of the largely idle computers and apply them to complex tasks which needed the extra processing power. At dawn, it would save the work it had done so far, and then become idle, waiting for the next evening.
However, although these programs were inherently useful, it became apparent that worm could be dangerous tools if incorrectly used. This was demonstrated amply when one of Xerox's worms malfunctioned during the night. When people arrived at work the next day, they found that computers throughout the research center had crashed. Moreover, when they tried to restart the machines, the malfunctioning worm immediately crashed them again. A "vaccine" had to be written to prevent the worm from crashing the systems.
At that point, worm research (for some odd reason) died out of the public spotlight until it was violently thrust back into it by Morris in November of 1988. Morris's worm received vast amount of media attention, becoming front page news for over a week after the occurrence. (Which is pretty impressive for a computer program when Presidential elections are going on.) The media jumped on the story of the program that had single handedly crashed the Internet, to the point of hampering attempts by the MIT and Berkeley teams to decompile the captured worm program. However, this media coverage was mortally wounded when reporters found out that there was nothing visual to describe to the general viewing audience. the story ended up being more a coverage of the attempts to defeat the worm, and the consequences the worm would have on the Internet community, not to mention Robert Morris.
No worm yet devised have been able to follow Morris's in terms of shock value. However, this is not to say that there are not still worms out there. In late 1989, a CERT (Computer Emergency Response Team) advisory was posted for a worm entitled WANK. Like the Internet worm, it takes advantage of bugs and security holes to travel from network to network. Unlike Morris's worm, the program is malicious and designed to be destructive.

Even if it fails to infect a system account:

Since this time, CERT, to my knowledge, has not posted additional worm warnings, however, no one claims that all the security holes that worms can take advantage of have been closed off.
Return to the main Worm page.