Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Blaster worm: Lessons learned a decade later

Aaron Turner | Aug. 19, 2013
Aaron Turner remembers the frantic days, and sleepless nights, around battling Blaster a decade ago, and reflects on what we've learned, and work still yet to be done.

10 years ago, I had a life-altering work experience. I was on the team at Microsoft that was trying to solve 2 huge problems:

  • 2 Billion computers had been infected with a self-replicating virus (AKA 'worm') now known as Blaster.
  • The NE Power Outage was, for a period of time and by some people, attributed to Blaster.

There are many of my former colleagues who spent literally a year of their lives working with me to fix the aftermath of these problems. There are more friends with whom I later worked with at the Idaho National Lab (INL) that helped me understand the breadth of the problem that was uncovered by Blaster, specifically the reliance of critical infrastructure upon consumer-grade technologies.

Much of my success in my career is due to the people I met (working tremendously long hours) and the lessons I learned (the VERY hard way) from those weeks of toiling to try to understand the scope of the problem and then the months we spent attempting to fix it some way for the following year. It was one of the most-expensive projects I've ever worked on.

Millions upon millions of dollars were spent by Microsoft to improve internal processes and technologies to prevent a similar outcome in the future.

Millions upon millions more were spent by Microsoft to help customers improve their technology infrastructures, and then those customers spent millions upon millions more so that they would be more resilient to future cybersecurity events

But, by far the greatest cost of Blaster was personal toll it took on all of us involved in the response. Work/life balance has always been a problem for me, and when a problem of this magnitude arose, I automatically threw myself into the thick of trying to solve it.

Late-night conference calls, sleeping on the floor of computer labs, eating rushed meals of take-out food in conference rooms and many more hours spent at work than I had spent at a job which was demanding a tremendous amount of my team even before Blaster, resulted in tension in my marriage. Fortunately, my dear wife Holli (with whom I am celebrating 18 years of marriage this month) brought me to my senses in a very-direct conversation in November of 2003 that most definitely prevented a divorce and established a path upon which she and I are still reaping personal, career and economic benefits built upon the foundation of experiences like those of 2003.

The only reason why I was able to re-balance my life was through the hard work and dedication of others. The early days of security efforts were more like a volunteer fire department than a top-down effort. I was on the Microsoft Services team during the Blaster incident. We were responsible for all customer interactions, both measuring the impact of Blaster on our customers and communicating any solutions to them.


1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.