The Morris worm or Internet worm of November 2, 1988, was one of the first computer worms distributed via the Internet, and the first to gain significant mainstream media attention. It also resulted in the first felony conviction in the US under the 1986 Computer Fraud and Abuse Act. It was written by a graduate student at Cornell University, Robert Tappan Morris, and launched on November 2, 1988, from the computer systems of the Massachusetts Institute of Technology.
According to its creator, Robert Tappan Morris, the Morris worm was not written to cause damage, but to highlight security flaws. The worm was released from MIT in the hope of suggesting that its creator studied there, which Morris did not (though Morris became a tenured professor at MIT in 2006). It worked by exploiting known vulnerabilities in Unix sendmail, finger, and rsh/rexec, as well as weak passwords.
The U.S. Government Accountability Office put the cost of the damage at $100,000–10,000,000. Clifford Stoll, who helped fight the worm, wrote in 1989, “I surveyed the network, and found that two thousand computers were infected within fifteen hours. These machines were dead in the water—useless until disinfected. And removing the virus often took two days”.