The Robert Morris Internet Worm

The book by Hafner and Markoff (noted here) gives an outstanding a history of the case.

The following short overview is taken from Zen and the Art of the Internet, by Brendan P. Kehoe:

On November 2, 1988, Robert Morris, Jr., a graduate student in Computer Science at Cornell, wrote an experimental, self-replicating, self-propagating program called a worm and injected it into the Internet. He chose to release it from MIT, to disguise the fact that the worm came from Cornell. Morris soon discovered that the program was replicating and reinfecting machines at a much faster rate than he had anticipated---there was a bug. Ultimately, many machines at locations around the country either crashed or became ``catatonic.'' When Morris realized what was happening, he contacted a friend at Harvard to discuss a solution. Eventually, they sent an anonymous message from Harvard over the network, instructing programmers how to kill the worm and prevent reinfection. However, because the network route was clogged, this message did not get through until it was too late. Computers were affected at many sites, including universities, military sites, and medical research facilities. The estimated cost of dealing with the worm at each installation ranged from $200 to more than $53,000.

The program took advantage of a hole in the debug mode of the Unix sendmail program, which runs on a system and waits for other systems to connect to it and give it email, and a hole in the finger daemon fingerd, which serves finger requests. People at the University of California at Berkeley and MIT had copies of the program and were actively disassembling it (returning the program back into its source form) to try to figure out how it worked.

Teams of programmers worked non-stop to come up with at least a temporary fix, to prevent the continued spread of the worm. After about twelve hours, the team at Berkeley came up with steps that would help retard the spread of the virus. Another method was also discovered at Purdue and widely published. The information didn't get out as quickly as it could have, however, since so many sites had completely disconnected themselves from the network.

After a few days, things slowly began to return to normalcy and everyone wanted to know who had done it all. Morris was later named in The New York Times as the author (though this hadn't yet been officially proven, there was a substantial body of evidence pointing to Morris).

Robert T. Morris was convicted of violating the computer Fraud and Abuse Act (Title 18), and sentenced to three years of probation, 400 hours of community service, a fine of $10,050, and the costs of his supervision. His appeal, filed in December, 1990, was rejected the following March.