Silent Storm, Spring 2004, the day Sasser struck the world.

Silent Storm, Spring 2004, the day Sasser struck the world.

At the end of April 2004, the world was hit by a new threat creeping silently from the bottom of the ocean known as the Internet. Its name was Sasser. It was a worm-type virus that had a very unusual characteristic among computer viruses: it exploited a vulnerability in Microsoft Windows - a buffer overflow flaw in the Local Security Authority Subsystem Service (LSASS) - and exploited it without requiring any user action at all. The existence of this worm, which exploited a vulnerability in Microsoft Windows - a buffer overflow flaw in the LSASS (Local Security Authority Subsystem Service) - and spread through the network autonomously, without requiring any user intervention, shook the conventional wisdom of security to its very foundations.

Starting from a single infected terminal, the virus spread around the world in the blink of an eye, as if it were a firestorm running through a dry forest. No e-mail or attachments were needed. Infected terminals became new attackers themselves, scanning countless IP addresses and sending the virus to its next target. Soon, the PCs became unstable and repeatedly rebooted with error messages. The "unexplained reboots" wreaked havoc in offices and homes around the world.

In Europe, Finland's Sampo Bank was forced to suspend operations at all its branches, Delta Air Lines' domestic flights were severely delayed due to a faulty reservation system, and the British Coast Guard had to suspend some operations. Japan was no exception. Infection was confirmed at companies, universities, and government offices, resulting in network shutdowns, simultaneous reboots of computers, and a number of business interruptions. In many organizations, the source of infection was Windows 2000 and XP environments that had not yet been patched, and the inadequacy of virus countermeasures became a public concern.

The economic damage caused by this virus is incalculable. According to a report by Microsoft, the total damage worldwide was estimated to be up to 1 billion dollars, or 18 billion Japanese yen. This includes the enormous amount of labor costs spent on system restoration, rebuilt network infrastructure, and lost business due to the shutdown. In Japan, there are many confirmed cases of damage in the tens of millions of yen per company, and the Ministry of Economy, Trade, and Industry (METI) has called for the early application of patches and reconfirmation of network defense measures through urgent alerts.

Behind this unprecedented incident was a surprising truth. Sasser's author was Sven Yashan, an 18-year-old high school student living in a small German town at the time. It turns out that he had also developed another virus, NetSky, which was circulating at the same time. Yashan was arrested and convicted in 2005, but his youth and use of his talents astonished the world. The case brought the risk of cybercrime among young people to the forefront as a reality, and highlighted the challenges of both ethical and technological education in society.

The Sasser case left us with a serious lesson. It is not enough to simply install antivirus software, but a system that constantly pays attention to vulnerabilities in operating systems, which are updated on a daily basis, and immediately applies patches - in other words, "vulnerability management" - is the last fortress to protect cyberspace. This event also triggered a full-fledged discussion of new defense concepts, such as network isolation and the introduction of zero-trust.

In the spring of 2004, Sasser knocked on the world's door. Like a silent storm, it shook society noiselessly but deeply. Our greatest defense may be to keep the memory of the event from fading away and to pass it on as a lesson for the future.