Press Releases

Browse our press release archive

02 Feb 2005

53% feel Blaster-B worm author jail sentence was not harsh enough, reveals Sophos poll

Jeffrey Lee Parson
Jeffrey Lee Parson pictured shortly after his arrest in 2003.

A web poll of more than 250 business PC users, conducted by Sophos, has revealed that 53% believe that last week's sentencing of Jeffrey Lee Parson, the teenager found guilty of writing and distributing the Blaster-B internet worm, was not harsh enough.

A further 33% of respondents agreed with the US State District Court's decision to sentence Parson to 18 months in prison. Just 14% felt this jail sentence was too severe.

57% of those surveyed believed a prison term was the most appropriate sentence for anyone who writes and distributes a virus. 12% stated that community service was the most suitable punishment.

"Businesses seem to have little sympathy for Jeffrey Parson - indeed, over half of the survey respondents indicated that his 18 month sentence wasn't tough enough," said Graham Cluley, senior technology consultant at Sophos. "This hardline indicates that companies hold an extremely low opinion of those who engage in cybercrime."

Sophos has questioned whether Parson's Blaster-B worm was as significant a threat as other widespread viruses, including the Blaster-A worm it was based upon.

"Of course I am sympathetic to those companies who got hit by the Blaster-B worm, but I also feel sorry for Jeffrey Parson himself. You can't help but see that he was a young kid with some significant issues, who got involved in a game with enormous consequences," said Cluley. "The identity of the author of the original Blaster worm, who infected many many more PCs than Parson, is still a mystery despite a $250,000 bounty on their head. What's clear is that the average system administrator utterly loathes virus writers and those who engage in the computer underground."

In the past virus writers such as David L SmithSimon Vallor and Christopher Pile have been sentenced to prison for their activities.

Survey results

1. Do you agree with the sentence that was given to Jeffrey Parson?

No, not severe enough
No, too harsh
2. If a virus writer is convicted of cybercrime, what would be an appropriate punishment?

Prison sentence
Community service
Ban from using computers

Many respondents also sent comments to Sophos in reaction to questions asked in the survey. Here is a small selection:

"No person convicted of a crime involving computers should be allowed to access a computer for a period of time determined by the court. No virus writer should be 'rewarded' with employment by an anti-virus software company, or allowed to boast about it."

"The degree of damage and the amount of infected computers has to be judged - the above sentence is too harsh concerning THIS worm..."

"10 minutes jail for every infected PC should set a reasonable tariff. A slap on the wrist is no deterrent. Throw spammers in jail for a LONG time, too :)"

"These are business critical applications that people depend on to make a living and feed their families so the guy deserves SERIOUS punishment."

"They bring harm to other peoples property. We don't ask for this. So take them to prison maybe they learn something from it. Time enough to think about their malicious acts."

"I have the day-to-day responsibility for 500 servers and client computers. One summer, we got infected with Nachi while the school was closed. It took weeks to sort it out. Thanks to Sophos Enterprise Manager, it is now automatically protecting the school."

"Dip [the virus writers] in a vat of weak acid for days until their skin melts. Or remove their fingers so they can no longer type virus code."

"Hundreds of thousands of man-hours wasted, enormous cost and disruption to business globally just to give some lonely saddo geek the satisfaction of sitting back and grinning that he has caused all this mayhem - you bet he should go to jail. There should be international agreements between UN countries to agree a policy on the treatment of people writing and knowingly spreading viruses."

"They should also be made to pay a hefty sum (at least £10,000) to a central compensation fund in compensation for all the (financial among other) loss caused by their malware. This fund could be used to compensate smaller businesses who are badly hit by a virus infection. They write this malware with one reason in mind: the deliberate and premeditated disruption of the lives of law-abiding citizens to gain 'street cred' among their 'underground' so-called friends."

Disclaimer: Please bear in mind that this poll is not scientific and is provided for information purposes only. The comments expressed on this page are those of a subsection of poll participants, and not necessarily those of Sophos. Sophos makes no guarantees about the accuracy of the results other than that they reflect the choices of the users who participated. Sophos reserves the right to edit participants' comments for the purposes of clarity, brevity and decency. Sophos reserves the right not to publish the comments of all participants.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at