A globally unused /8 network was monitored using a packet capture and analysis system to measure the introduction and spread of the Blaster worm. This worm was able to quickly affect over 250,000 systems in the one week period following its August 11, 2003, introduction onto the Internet.

Our data shows the breadth of the affected systems as well as the rate of the worm's spread. Overall, the global Internet community was able to respond and contain the worm's spread. Despite this reaction, several thousand Blaster hosts remain on the Internet.

About the Presenter
Jose Nazario earned a Ph.D. in Biochemistry from Case Western Reserve University in 2002, where he also applied these analysis techniques to the spread of Internet worms. Nazario is a security analyst and software engineer for Arbor Networks in Ann Arbor, MI. He has recently finished a book on worm history, detection techniques, and defense measures to be released in late 2003 through Artech House publishing.