Sasser Worm Rips Through Internet

Story Author: Reuters
Publish Date: Not Available
Source Publication: MSNBC

LONDON, England (Reuters) -- The rapidly evolving "Sasser" computer worm tore across the Internet on early May, claiming new scalps among corporate and home computer users as others scrambled to fortify their machines against attack.

First detected over the weekend of the 1st, the worm has already infected, by some estimates, over one million PCs running on Microsoft Windows 2000, NT and XP operating systems in its first few days.

Among its victims are banks, travel-booking systems, European Commission offices and Britain's 19 Coastguard stations. "We've had to go back to plotting on paper charts rather than using the computer mapping system," said a Maritime and Coastguard spokeswoman. But search and rescue operations have not been affected.

Unlike most previous Internet outbreaks, Sasser infects vulnerable PCs without any action by the user like opening attachments, allowing it to spread very quickly.

Computer worms tend to spread faster than the typical e-mail borne virus as they are usually programmed to continuously scan the Internet's global network to hunt for PCs to infect.

Experts said while corporate network technicians had by and large moved to block its further spread by Tuesday, May 4th, infection among home users was spreading.

"Among corporate computer users the impact has dropped off because network administrators have taken time to put patches in place," said Joe Hartmann, director of the virus research group for Trend Micro Inc. in Cupertino, California.

"That's not true for many home computer users where this virus can spread exponentially," Hartmann said. "I don't think this virus has reached its full potential yet."

Businesses in parts of Europe returning from the long weekend gave Sasser an extra boost on Tuesday.

"It's still going steady. It will be a big problem for a day or two, then it will linger on the Internet for weeks, and likely years," said Mikko Hypponen, anti-virus research director at Finnish data security firm F-Secure.

"We do know that once you connect a computer to the Internet you risk being hit in a matter of minutes," said Graham Cluley, senior technology consultant for anti-virus firm Sophos. "Even a new computer you buy in the coming months is vulnerable to infection. This is a real nuisance."

Home users would likely first notice an infection if their computer mysteriously rebooted or their Internet connection slowed dramatically. Security experts were warning users to update their PCs with the latest Microsoft patches and to install a firewall to keep out future infections.

In the space of three days, four variants have emerged, each capable of causing machines that run on Microsoft's Windows operating systems XP, NT and 2000 to reboot without warning. Victims so far include Goldman Sachs, Australia's Westpac Bank and Finnish financial company Sampo. It has also hit about 300,000 computers at Germany's Deutsche Post and 1,200 PCs at the European Commission in Brussels.

Sasser attacks a flaw in a part of Windows known as the Local Security Authority Subsystem Service, or LSASS, which has been known about since April 13.

To update your computer against viruses log onto
windowsupdate.microsoft.com
©2005 The Trustees of Indiana University, All Rights Reserved