Hamsters celebrated the anniversary of one rather unpleasant event - the Morris worm turned 20 years old, reports.

Assessing the consequences of the first major attack on the Web, it should be noted that the Morris worm served as a dire warning to the Internet engineering community. He clearly demonstrated the serious dangers of software bugs and turned network security issues into an important area of ​​research and practical development.

“A really big event has happened,” said Eric Allman. In 1981, as a student at the University of California at Berkeley, Allman developed sendmail, an open source program that controlled email Internet. He currently holds the post of scientific director of Sendmail, which sells commercial versions of this program.

“The Internet was then very small and was considered a kind of interest club,” Allman explained. - After the attack carried out by Morris, it became clear that certain part visitors may not come to this "club" with the best of intentions. We realized that we urgently need to think about security.”

Despite the clear mechanism of action of the worm and the tremendous noise that arose around it, some argue that at that time it was not immediately appreciated.

"The most interesting lesson that the Morris worm taught us was how short-lived and insignificant the findings were," said Columbia University professor Steve Bellovin, who worked at Bell Labs in 1988 to build the first firewall. “People were able to see the threat posed by software flaws, but after that no one paid serious attention to network security issues. This continued until the mid-90s, subsequently giving rise to a lot of additional difficulties.

This historic worm was written by Cornell University student Robert Tappan Morris, who was accused of computer fraud as a result of the incident. Today, Morris is a respected adjunct professor at the Massachusetts Institute of Technology.

Launched at approximately 6:00 pm on November 2, 1988, the worm blocked approximately 10% of systems connected to the Internet. In total, more than 60,000 computers were connected via the Internet at that time.

The Morris worm was a self-propagating program that exploited known weaknesses in a number of popular utilities, including sendmail, which was responsible for routing email, and Finger, which allowed you to find out which users in this moment initiated a web session.

The Morris worm was able to infiltrate systems running various flavors of Unix. Rapidly moving across the Web, the worm spread its new copies, repeatedly infecting computers, resulting in failures in the operation of many systems.

“At first we had no idea where the threat could come from,” Allman recalled. - It was quite clear that this was done on purpose, but we could not figure out who and why did this. Panic set in, which was understandable, despite the unfortunate nature of the circumstance.”

Attack for a long time blocked the normal Internet work, forcing whole line organizations, including the Pentagon, shut down their Internet gateways in order to avoid further infection.

“People disconnected from the Internet because they were afraid of possible negative consequences,” Allman said. - However, disconnection from the Network disrupted the operation of the most important communication channels. That is why it took a long time to restore the status quo.”

At the time that the Morris worm was on its way, commercial Internet traffic and Web sites did not yet exist. The victims were limited to government research departments, universities and a number of companies that used the Web to transfer files and exchange e-mail. Nevertheless, news about the attack appeared in leading publications, in particular in The New York Times.

"The Morris worm was the reason that many people first heard about the existence of the Internet," Bellovin said. - For most, the Web was associated with a new, strange and outlandish world ... and suddenly it turned out that just one intruder could put an end to this world. I repeat, no one, with the exception of narrow specialists in computer topics, knew practically nothing about the Internet.

For some, the appearance of the Morris worm was a career turning point. Eugene Spafford at this time worked as a senior lecturer at Purdue University. Today, Spafford is Executive Director of the Center for Education and Research in information support and Security at Purdue University. He is a recognized international authority on Internet security.

"I've been told that applied computer security research has no future," Spafford said. - And after the appearance of the Morris worm, many people suddenly realized that computer systems had gone beyond the mainframe environment, where everything was kept under control, and now we need a completely different security model. It is necessary to offer more advanced engineering solutions.”

Previously, researchers were developing only "useful" worms, thanks to which automatic installation software updates, but no one has ever launched a destructive program uncontrollably into the Network.

The Morris worm was the forerunner of other notable attacks, including the Melissa, Code Red and Slammer worms, all of which targeted systems running Microsoft software. Recently, worms have become less common than viruses and emails that contain links to malicious sites in the text.

"Actually, worms are much rarer than viruses today," Allman said. “And for the average user, phishing is the biggest threat.”

"AT last years we have not seen large-scale attacks of worms, and there are several reasons for this,” Bellovin explained. - An important role here was played by the widespread use of network address translation technology and personal firewalls making it difficult for modern worms to penetrate in the way that the Morris worm did."

The Morris worm anticipated distributed denial-of-service attacks, which are used by attackers to overload and lose systems from the Internet.

“Such a large-scale and single-stage infection has never been recorded before,” Spafford said. - In fact, it was the first denial of service attack that attracted the attention of people associated with computing. In addition, this was the first event that affected the platforms of several manufacturers at once. Sun and BSD Unix systems were attacked at the same time, which is a rarity. As a rule, only one platform is the target of attacks.”

Spafford compared the spread of the Morris worm to today's botnets - networks that bring together a large number of infected computers, using them to send spam or organize distributed DoS attacks.

“Software turns systems into zombies, and those slowly spreading worms fill the ranks of botnets,” Spafford explained. - These systems do not cause a denial of service, but slowly seep further, automatically forwarding their code to other machines. Botnets already control literally millions of machines: according to some estimates, their number reaches 100 million.”

The Morris worm immediately cut off a fairly large segment of the Internet. His appearance was a very notable event. In contrast, today's attacks on the Internet are directed against individual systems, and their authors try to remain unnoticed. If earlier curious students hacked into systems to increase their own self-esteem, then modern viruses are more and more criminal in nature, masking their presence in every possible way.

“Today, attacks on the Internet are aimed at making a profit, and shutting down certain segments of the Web does not bring any profit,” Bellovin explained. "Initiating new attacks, sophisticated attackers are very cautious."

The Morris worm, although it caused much less damage compared to its followers, remained in the memory of the computer community for a long time.

"The Morris worm actually marked the beginning of the official development of computer security," Allman said. - Prior to this, very few specialists dealt with security issues, besides, they were mainly interested in the topic of encryption. The concept of computer security was not really singled out as a separate area of ​​research until after the appearance of the famous worm.”

America was shocked when, on November 2, 1988, almost all computers that had access to the Internet (in America), around eight o'clock in the morning, as they say, "froze". At first it was attributed to failures in the power system. But then, when the epidemic caused by the "Morris Worm" happened, it became clear that the terminals were attacked by a program unknown at that time, which contained a code that could not be decrypted by the available means. Not surprising! At that time, computers connected to the Internet numbered only in the tens of thousands (about 65,000 terminals) and were mostly represented in government circles or self-government bodies.

Morris worm virus: what is it?

The virus of this type was the first of its kind. It was he who became the ancestor of all other programs of this type, which today differ from the progenitor quite strongly.

Robert Morris created his “worm” without even realizing how popular it would become and how much harm it could do to the economy. In general, it is believed that it was, as they say now, a purely sporting interest. But in fact, the introduction of APRANET into the then global network, to which, by the way, both government and military organizations were connected, caused such a shock that America could not recover from for a long time. By preliminary estimates The Morris Worm computer virus caused damage in the amount of 96.5 million US dollars (and this is only the amount known from official sources). The above amount is official. And what is not taken into account, probably, is not subject to disclosure.

The creator of the computer virus "Morris Worm" Robert Morris: some facts from the biography

The question immediately arises as to who this genius programmer was, who managed to paralyze computer system North American continent.

The same respected resource "Wikipedia" indicates that at one time Robert was a graduate student at Cornell University R. T. Morris (accident or coincidence?), at the Faculty of Computer Engineering.

The history of the creation and appearance of the virus

It is believed that initially the virus did not contain any threat. Fred Cohen studied the "Morris Worm" based on his calculations about malicious codes and revealed an interesting feature in it. It turned out that this is not a malicious program at all.

The Morris Worm (although today it is considered a virus at the suggestion of the Pentagon) was originally created as a tool for testing the vulnerabilities of systems based on the "intranet" (it is not surprising that APRANET users were the first to suffer).

How does a virus affect a computer system

Robert Morris himself (the creator of the virus) in every possible way denies the consequences inflicted by his "brainchild" on the United States, arguing that an error in the code of the program itself provoked the spread over the network. Considering that he received his education at the university, especially at the Faculty of Informatics, it is difficult to agree with this.

So, the so-called "Morris Worm" was originally focused on intercepting communications between large organizations (including government and military). The essence of the impact was to replace the source text of the letter sent back then on the APRANET network, with the removal of headers and endings in the Sendmail debug mode or when the buffer of the network fingerd service was overflowed. The first part of the new letter contained code compiled on a remote terminal, and the third part consisted of the same binary code, but adapted for different computer systems.

In addition, a specialized tool was used that made it possible to select logins and passwords using remote access to execute programs (rexec), as well as to call a remote interpreter (rsh), which at the command level used the so-called "trust mechanism" (now more associated with certificates).

Propagation speed

As it turns out, the creator of the virus was not a stupid person at all. He immediately realized that the longer the code, the longer the virus takes to infiltrate the system. That is why the well-known "Morris Worm" contains the minimum binary (but compiled) combination.

Due to this, the same boom occurred, which is now for some reason customary to be silent at the level of state intelligence services, although the threat of self-copying spread almost exponentially (each copy of the virus was capable of creating two or more of its own analogues).

Damage

No one, however, thinks about what damage can be done to the same security system. Here the problem, rather, is what the Morris Worm computer virus itself is. The fact is that initially, when penetrating a user terminal, a virus had to determine whether a copy of it was contained in the system. If there was one, the virus left the machine alone. Otherwise, it was introduced into the system and created its own clone at all levels of use and management. This applied to all operating system in general, and installed user programs, and applications or applets.

The official figure given by the US Department (approximately $96-98 million in damages) is clearly an underestimate. If you look only at the first three days, it was already about 94.6 million). Over the following days, the amount did not grow so much, but ordinary users suffered (the official press and the US Department are silent about this). Of course, at that time the number of computers connected to the global web was approximately 65,000 in the US alone, but almost every fourth terminal was affected.

Effects

It is easy to guess that the essence of the impact is to completely deprive the system of efficiency at the level of resource consumption. For the most part, this applies to network connections.

The virus is in simple case creates copies of itself and initiates the launch of processes masquerading as system services (now even running as administrator in the Task Manager process list). And it is not always possible to remove threats from this list. Therefore, at the end of the processes associated with the system and the user, you need to act very carefully.

What about Morris?

"Morris Worm" and its creator at the moment feel very good. The virus itself was successfully isolated by the efforts of the same antivirus laboratories, since they have source, on which the applet is written.

Morris in 2008 announced the release of the Arc language based on Lips, and in 2010 became a nominee and winner of the Weiser Prize.

By the way, one more interesting fact is that the public prosecutor Mark Rush admitted that the virus disabled many computers by force shutting down, but still did not intentionally damage the data of users of any level, since it was not originally a destructive program, but an attempt to test the possibility of interfering with the internal structure existing systems. Compared to the fact that initially the attacker (who voluntarily surrendered to the authorities) was threatened with imprisonment for up to five years and a $250,000 fine, he got off with three years of probation, a $10,000 fine and 400 hours of community service. As many lawyers of that (by the way, and present) time considered, this is nonsense.

Multiple totals

Of course, today to be wary of such a threat, which in the early stages of its birth computer technology imagined the "Morris Virus", of course, is not worth it.

But here's what's interesting. It is believed that Windows operating systems are mainly affected by malicious codes. And then it suddenly turns out that the body of the virus was originally developed for UNIX systems. What does this mean? Yes, only that it is time for the owners of Linux and Mac OS, which are fundamentally based on the UNIX platform, to prepare means of protection (although it is believed that viruses do not affect these operating systems at all, in the sense that they were not written). This is where many users of "poppies" and "Linuxoids" are deeply mistaken.

November 2, 1988 Robert Morris, Jr., a graduate student in the Computer Science Department at Cornell University, infected a large number of computers with a virus he wrote. The virus was originally developed as harmless and had only the purpose of secretly penetrating computer systems connected by a network ARPANET (ARPANET officially renamed the Internet in 1989), and stay there undetected. The Morris virus is a member of the Internet worm virus family, and is a 60 kilobyte program designed to infect UNIX Berkeley 4.3 operating systems.

At the same time, it is interesting that the father of the "father of the virus" - Robert Morris - Senior at that time held the position supervisor National Center Computer Security (NCSC - National Computer Security Center) is a computer security expert. Morris Sr. worked for many years in the AT&T Bell laboratory, where he took part in the development of Core Wars programs in the 60s. By the way, the incident with the worm program had practically no effect on the career of Morris Senior. In early 1989, he was elected to a special advisory board to the National Standards Institute and the Department of Commerce. The task of this council is to develop conclusions and recommendations on the security of US government computing systems, as well as to resolve issues that arise in the development and implementation of information security standards.

The Morris virus incident gave impetus to the emergence of an entire branch of computer security - computer virology.

According to the most conservative estimates, the Morris virus incident cost over 8 million hours of loss of access and over a million hours of direct losses to restore systems to working order. The total cost of these costs is estimated at over $98 million. The virus infected over 6,200 computers. As a result of the virus attack, most networks were out of order for up to five days. Computers that performed switching functions, worked as file servers, or performed other functions to ensure the operation of the network, also failed. The damage would have been much greater if the virus had been created with destructive intent in the first place.

U.S. on-site reports by leading newspapers such as the Chicago Tribune, New York Times and Boston Herald extensively covered the dynamics of the virus and the development of methods to combat it, as well as raised general computer security issues. Later, in analytical articles on this occasion, unresolved problems related to the security of computer systems, and legislative initiatives aimed at preventing such cases in the future, were raised. In particular, two bills have been introduced in the House of Representatives to criminalize the creation and distribution of computer viruses.

In addition, the question of how to qualify Morris's act was widely discussed: is Morris a hero hacker who, without causing really serious damage, pointed out weaknesses in the national computer network, or is he a criminal who should be severely punished. At the same time, he has already dropped out of Cornell University (with the right to apply for re-entry in a year). Thus, Morris can re-apply for admission no earlier than the fall of 1990. In this case, the issue of his admission will be decided by the administration.

« Modern history» computer viruses.

- ARPANET officially renamed to Internet.

Appeared Trojan horse AIDS. The virus made all the information on the hard drive inaccessible and displayed only one message on the screen: "Send a check for $ 189 to such and such an address." The author of the program was arrested at the moment of cashing out money and convicted of extortion.

Created a virus to counter anti-virus software ("Dark Avenger" - The Dark Avenger). It infected new files while antivirus program checked the computer hard drive.

Cliff Stoll, an employee of the Lawrence Berkeley National Laboratory, published the book The Cuckoo's Egg, in which he warned that the world computer network can serve not only the purposes of good, but also be actively used by the military, criminals and hooligans. Stoll recommended that measures be taken in advance to prevent such a development of events.

1990(December). The European Institute for Computer Anti-Virus Research (EICAR) was established in Hamburg, Germany. Today it is one of the most respected international organizations, uniting almost all major anti-virus companies.

1991 A program has been written designed exclusively for creating viruses - VCSvl.0.

Virus satanbug hits hundreds of computers in the US capital, Washington. Even the White House computers are suffering. The FBI arrested the author, who turned out to be a 12-year-old teenager.

Fixed appearance "time bomb"– viruses that become active after reaching a certain date.

1994 Several authors of viruses have been arrested in the UK, USA, Norway. They get off with fines.

1995 Appearance macro viruses, designed to defeat the MS Word software environment.

1999 Mail virus Melissa caused an epidemic on a global scale, hit tens of thousands of computers and caused $ 80 million in damage. After this incident, a collapse in demand for anti-virus programs began in the world. In 2002, Melissa's author, 33-year-old programmer David L. Smith, was sentenced to 20 months in prison.

May 2000 Melissa's record is broken mail virus I love you! that hit millions of computers within hours. The peculiarity of the virus was that the file with the body of the virus attached to the letter was activated automatically when the user opened the letter for reading. The investigation showed that the virus was created by a Filipino student who was not convicted due to the lack of relevant laws in Philippine law. In the same year, the first international agreement on combating computer viruses was signed.

year 2001. Internet hit by a mail virus Anna Kournikova. Dutchman Jan De Wit, 20, was sentenced to 150 hours of hard labor for creating the virus. The court concluded that it could not accurately determine the extent of the damage caused by Anna Kournikova to the Dutch economy. De Wit also had a collection of 7,500 viruses confiscated. De Wit told the court that he had no idea that the program he had written would be a virus and harm anyone.

2002 13 host DNS servers of the Internet, which ensure the functioning of the World Wide Web, were subjected to a DoS attack organized with the help of a network virus. Analysts warn that a well-prepared and executed computer attack could destroy the Internet for weeks.

2003(July). Breaking records for speed of distribution "worm" Slammer, which infected 75 thousand computers in 10 minutes. As a result of the activation of the Slammer worm, the speed of the network has significantly slowed down, and some regions, such as South Korea, have become almost cut off from the Internet.

The virus attack began at 0:30 am East Coast time or 8:30 am Moscow time. The exact location of the source of infection is still unknown. Some computer security experts suggest that the virus spread from the United States, while others believe that its homeland is located somewhere in Asia. In a matter of minutes, a worm exploiting a vulnerability in a DBMS Microsoft SQL Server 2000 flooded the Internet. Despite the small size of the virus ( 376 bytes), he was able to create real traffic jams in the data transmission channels, because after infecting a computer, it starts sending its code to random IP addresses in an endless loop. If at any of the addresses it was found vulnerable computer, he became infected and also began to send out copies of the virus.

All this led to a large-scale increase in traffic. At the peak of the worm's activity, hundreds of requests per minute could come to one server. Unable to withstand the increased load, some servers stopped working normally. At this time, up to 20% of IP packets were lost in the US alone, which is ten times the normal rate. According to reports, five of the thirteen root DNS servers were also affected by the attack.

About the error program code in MS SQL Server 2000 became known in the summer of 2002, and the fix for it is contained in the service pack released by Microsoft service pack 3 . Nevertheless, the administrators took up the installation of patches only after the Slammer attack. However, few succeeded: the Microsoft site, from where it was possible to get the Service Pack, was overloaded.

January 27, 2004. Beginning of a large-scale mail worm epidemic Novarg, also known as mydoom. All anti-virus companies assigned this worm the maximum danger level. The number of infected emails on the Internet is estimated at several million copies.

The worm spreads over the Internet in the form of files attached to infected emails. The worm is Windows application(PE EXE file), 22,528 bytes in size, packed with UPX. The size of the unpacked file is about 40KB. The worm is activated only if the user himself opens the archive and runs the infected file (when double click on attachment). The worm then installs itself into the system and starts its propagation procedures. The worm contains a "backdoor" function that opens TCP ports with 3127 on 3198 , which makes it possible remote control infected system, looks up email addresses in the address book, Outlook, and sends itself to these addresses using its own SMTP client, and is also programmed to carry out DoS attacks on the www.sco.com and www.microsoft.com websites.

The damage from the epidemic of the MyDoom virus (aka Novarq) was the largest in the history of Internet epidemics: it amounted to $ 2.6 billion. Such assessments are contained in the report of English experts from Mi2g.

May 3, 2004 A new Sasser worm has been discovered on the Internet. The worm has been given the highest danger rating. Analysts estimate that an ordinary computer connected to the Internet and not provided with protection means is infected with a worm within 10 minutes.

Sasser is distributed by exploiting a buffer overflow error in the lsass.exe process on Windows systems 2000, XP and 2003 Server. Once the system is infected, the worm starts using it to attack other computers via TCP port 445.

The worm is activated without user intervention and is capable of infecting any computer connected to the network, regardless of whether it is currently in use or not. Various reports of infection are signs of infection. system errors and spontaneous system reboot.

The further history of the development of computer viruses is closely intertwined with the history of the development of malicious software in general. There are practically no unique creative finds in it, but the desire for easy money for attackers using this software is increasingly being traced.

America was shocked when, on November 2, 1988, almost all computers that had access to the Internet (in America), around eight o'clock in the morning, as they say, "froze". At first it was attributed to failures in the power system. But then, when the epidemic caused by the "Morris Worm" happened, it became clear that the terminals were attacked by a program unknown at that time, which contained a code that could not be decrypted by the available means. Not surprising! At that time, computers connected to the Internet numbered only in the tens of thousands (about 65,000 terminals) and were mostly represented in government circles or self-government bodies.

Morris worm virus: what is it?

The type itself was the first of its kind. It was he who became the ancestor of all other programs of this type, which today differ from the progenitor quite strongly.

Robert Morris created his “worm” without even realizing how popular it would become and how much harm it could do to the economy. In general, it is believed that it was, as they say now, a purely sporting interest. But in fact, the introduction of APRANET into the then global network, to which, by the way, both government and military organizations were connected, caused such a shock that America could not recover from for a long time. According to preliminary estimates, the Morris Worm computer virus caused damage in the order of 96.5 million US dollars (and this is only the amount known from official sources). The above amount is official. And what is not taken into account, probably, is not subject to disclosure.

The creator of the computer virus "Morris Worm" Robert Morris: some facts from the biography

The question immediately arises as to who this genius programmer was, who managed to paralyze the computer system of the North American continent for several days.

The same respected resource "Wikipedia" indicates that at one time Robert was a graduate student at Cornell University R. T. Morris (accident or coincidence?), at the Faculty of Computer Engineering.

The history of the creation and appearance of the virus

It is believed that initially the virus did not contain any threat. Fred Cohen studied the Morris Worm based on his findings about malicious codes and found an interesting feature in it. It turned out that this is not a malicious program at all.

The Morris Worm (although today it is considered a virus at the suggestion of the Pentagon) was originally created as a tool for testing the vulnerabilities of systems based on the "intranet" (it is not surprising that APRANET users were the first to suffer).

How does a virus affect a computer system

Robert Morris himself (the creator of the virus) in every possible way denies the consequences inflicted by his "brainchild" on the United States, arguing that an error in the code of the program itself provoked the spread over the network. Considering that he received his education at the university, especially at the Faculty of Informatics, it is difficult to agree with this.

So, the so-called "Morris Worm" was originally focused on intercepting communications between large organizations (including government and military). The essence of the impact was to replace the source text of the letter sent back then on the APRANET network, with the removal of headers and endings in the Sendmail debug mode or when the buffer of the network fingerd service was overflowed. The first part of the new letter contained code compiled on a remote terminal, and the third part consisted of the same binary code, but adapted for different computer systems.

In addition, a specialized tool was used that made it possible to guess logins and passwords using remote access to execute programs (rexec), as well as calling a remote interpreter (rsh), which at the command level used the so-called "trust mechanism" (now this is more associated with certificates).

Propagation speed

As it turns out, the creator of the virus was not a stupid person at all. He immediately realized that the longer the code, the longer the virus takes to infiltrate the system. That is why the well-known "Morris Worm" contains the minimum binary (but compiled) combination.

Due to this, the same boom occurred, which is now for some reason customary to be silent at the level of state intelligence services, although the threat of self-copying spread almost exponentially (each copy of the virus was capable of creating two or more of its own analogues).

Damage

No one, however, thinks about what damage can be done to the same security system. Here the problem, rather, is what the Morris Worm computer virus itself is. The fact is that initially, when penetrating a user terminal, a virus had to determine whether a copy of it was contained in the system. If there was one, the virus left the machine alone. Otherwise, it was introduced into the system and created its own clone at all levels of use and management. This applied to the entire operating system as a whole, and installed user programs, and applications or applets.

The official figure given by the US Department (approximately $96-98 million in damages) is clearly an underestimate. If you look only at the first three days, it was already about 94.6 million). Over the following days, the amount did not grow so much, but ordinary users suffered (the official press and the US Department are silent about this). Of course, at that time the number of computers connected to the global web was approximately 65,000 in the US alone, but almost every fourth terminal was affected.

Effects

It is easy to guess that the essence of the impact is to completely deprive the system of efficiency at the level of resource consumption. For the most part, this applies to network connections.

The virus in the simplest case creates copies of itself and initiates the launch of processes masquerading as system services (now even running as administrator in the Task Manager process list). And it is not always possible to remove threats from this list. Therefore, at the end of the processes associated with the system and the user, you need to act very carefully.

What about Morris?

"Morris Worm" and its creator at the moment feel very good. The virus itself was successfully isolated by the efforts of the same anti-virus laboratories, since they have the source code on which the applet is written.

Morris in 2008 announced the release of the Arc language based on Lips, and in 2010 became a nominee and winner of the Weiser Prize.

By the way, another interesting fact is that the public prosecutor Mark Rush admitted that the virus disabled many computers by force shutting down, but still did not intentionally damage the data of users of any level, since it was not originally a destructive program, but an attempt checking the possibility of interference in the internal structure of existing systems. Compared to the fact that initially the attacker (who voluntarily surrendered to the authorities) was threatened with imprisonment for up to five years and a $250,000 fine, he got off with three years of probation, a $10,000 fine and 400 hours of community service. As many lawyers of that (by the way, and present) time considered, this is nonsense.

Multiple totals

Of course, today it is not worth fearing such a threat, which the "Morris Virus" represented at the early stages of the emergence of computer technology, of course, is not worth it.

But here's what's interesting. It is believed that Windows operating systems are mainly affected by malicious codes. And then it suddenly turns out that the body of the virus was originally developed for UNIX systems. What does this mean? Yes, only that it is time for the owners of Linux and Mac OS, which are fundamentally based on the UNIX platform, to prepare means of protection (although it is believed that viruses do not affect these operating systems at all, in the sense that they were not written). This is where many users of "poppies" and "Linuxoids" are deeply mistaken.

As it turns out, even mobile platforms under iOS control some threats (including the "Morris Worm") began to show their activity. First it's advertising, then - unnecessary software, then ... - system crash. Here you will involuntarily think. But at the origins of all this was some graduate student who made a mistake in his own tester program, which led to the appearance of what today is commonly called computer worms. And they, as you know, have slightly different principles for influencing systems.

In a sense, such viruses become spies (spyware), which not only load the system, but also, in addition to everything else, steal passwords for accessing sites, logins, PIN codes for credit or debit cards, and God knows what, about what ordinary user may not even guess. In general, the impact of this virus and similar ones at this stage of development computer technology fraught with quite serious consequences, despite even the most modern ways protection. And it is with regard to computer worms should be as vigilant as possible.

Here is such an entertaining and extraordinary story that will not be forgotten for a long time. Have an interesting and safe time on the net - without data theft, system overload and any spies like the "Morris worm"!

In 1988, the first mass-produced network worm was created by Robert Morris Jr. The 60,000-byte program was designed to defeat Berkeley 4.3 UNIX operating systems. The virus was originally developed as harmless and was intended only to covertly penetrate computer systems connected by the ARPANET network and remain undetected there. The virus program included components that made it possible to reveal passwords stored in the infected system, which, in turn, allowed the program to disguise itself as the task of legal users of the system, actually multiplying and distributing copies. The virus did not remain hidden and completely safe, as the author intended, due to minor errors made during development, which led to the rapid uncontrolled self-replication of the virus.

According to the most conservative estimates, the Morris worm incident cost over 8 million hours of loss of access and over a million hours of direct losses to restore systems to working order. The total cost of these costs is estimated at $ 96 million (this amount also, not entirely justified, includes the costs of finalizing the operating system). The damage would have been much greater if the virus had been created with destructive intent in the first place.

The Morris worm infected over 6,200 computers. As a result of the virus attack, most networks were out of order for up to five days. Computers that performed switching functions, worked as file servers, or performed other functions to ensure the operation of the network, also failed.

On May 4, 1990, Morris was found guilty by a jury. He was sentenced to a two-year suspended sentence, 400 hours of community service, and a $10,000 fine.

DATACRIME and AIDS

In 1989, DATACRIME viruses became widespread, which, starting from October 12, destroyed the file system, and before that date simply multiplied. This series of computer viruses began to spread in the Netherlands, the USA and Japan in early 1989 and by September had infected about 100,000 PCs in the Netherlands alone (which was about 10% of their total number in the country). Even IBM responded to this threat by releasing its VIRSCAN detector, which allows you to search for strings (signatures) characteristic of a particular virus in file system. The set of signatures could be supplemented and changed by the user.

In 1989, the first AIDS Trojan horse appeared. The virus made inaccessible all the information on the hard drive and displayed only one message on the screen: "Send a check for $ 189 to such and such an address." The author of the program was arrested while cashing the check and convicted of extortion.

Also, the first virus was created that counteracts the anti-virus software-- The Dark Avenger. It infected new files while the antivirus program was checking HDD computer.