Akamai Diversity

The Akamai Blog

Ten Years After the Blaster Worm

This month marks the 10th anniversary of Blaster -- a worm that tore a path of disruption across the Internet. It struck a few months before I started writing about information security. But even then I was well aware that something big had happened. 

I was editing for a daily newspaper at the time and had no idea what patch management, software vulnerabilities and malware were. But Blaster was a big enough deal to make the front page of my paper. 
Within 10 months I'd get a crash course. In fact, my first day as a security journalist happened to be the third day of attack from another worm called Sasser. An analysis of Sasser was the first article I ever wrote about anything having to do with InfoSec. Look at the writing quality and you can see how green, nervous and unsure I was. But it wouldn't be long before I was writing daily stories about the latest worms and other malware. 
Every story compared the latest worm to the likes of Blaster. It was the monster all who followed were measured against.
Interestingly, one of the companies I often quoted during worm outbreaks was Akamai. Back then almost nobody thought of Akamai as a security player, but if a serious worm outbreak was clogging up Internet traffic, the company had a ring-side seat -- a vantage point like no other.
There are a lot of articles about Blaster's 10th anniversary. The best I've read thus far is this one in CSOonline. In the interest of full disclosure, that's where I worked before coming to Akamai. It's written by Aaron Turner, who was a security strategist at Microsoft when Blaster struck. The pressure Turner felt back then is clear from the intro:
10 years ago, I had a life-altering work experience. I was on the team at Microsoft that was trying to solve 2 huge problems:

--2 Billion computers had been infected with a self-replicating virus (AKA 'worm') now known as Blaster.

--The NE Power Outage was, for a period of time and by some people, attributed to Blaster.

There are many of my former colleagues who spent literally a year of their lives working with me to fix the aftermath of these problems. There are more friends with whom I later worked with at the Idaho National Lab (INL) that helped me understand the breadth of the problem that was uncovered by Blaster, specifically the reliance of critical infrastructure upon consumer-grade technologies.

From my perch as a newspaper editor, I remember all the major news outlets speculating that Blaster was connected to the blackout. I've heard theories in the years since then, though I haven't seen solid proof of a connection.

Also see: "2003 Blackout: An Early Lesson in Planetary Scale?"

The big thing that strikes me as I look back is how rapidly the threat landscape has changed. In the beginning the big news always involved worm outbreaks like Sasser and Mytob. First a big vulnerability would be revealed on Patch Tuesday and then someone would exploit it with malware. Then the trend shifted from covering that to chasing the latest data breach. 

From early 2005 onward, every time a company announced it had suffered a breach, reporters like me would have to drop everything and chase it. Eventually, breaches were announced so often that it ceased to qualify as breaking news. Then the trend shifted to such things as hacktivism and the rise of cloud insecurity. The one constant along the way has been the challenge of regulatory compliance, from HIPAA to Sarbanes-Oxley and PCI DSS.

Also see: "What's New In Security? Nothing."

Now I'm part of Akamai InfoSec, seeing a variety of threats and defensive measures up close. The daily grind usually involves tracking and blunting the latest DDoS attacks targeting our customers. 

I'm not 100 percent certain about what's next, but I suspect the next 10 years will be just as interesting -- if not more so -- than the last 10.




Did they ever find the creator of the baster / sasser worms? This was early on in my tech career. I remember it well.

Hi, Mike. According to published reports, Jeffrey Lee Parson, an 18-year-old from Hopkins, Minnesota, was arrested at the time for creating the B variant of the Blaster worm. He admitted responsibility and got an 18-month prison term in early 2005.