Sasser worm spreads Internet havoc

The rapidly evolving "Sasser" computer worm has spread across the Internet disrupting corporate and home computer systems stoking fears of more potent outbreaks to come.

    The worm will cause computers to reboot without warning

    First detected over the weekend, the worm on Tuesday had already infected, by some estimates, over one million PCs and knocked out computer systems at banks, transport reservation systems and at European Commission offices.


    Unlike previous Internet worms, Sasser infects vulnerable PCs without any action by the user like opening attachments, allowing it to spread very quickly.


    Home users would likely first notice an infection if their computer mysteriously rebooted or their Internet connection slowed dramatically.


    Because of its nature, security experts were warning users to update their PCs with the latest Microsoft patches and install a firewall to keep out future infections.


    New infections


    With businesses throughout parts of Europe returning from the long holiday weekend on Tuesday, anti-virus technicians were expecting a new wave of infections.


    "It's still going steady. It will be a big problem for a day or two, then it will linger on the Internet for weeks, and likely years," said Mikko Hypponen, Anti-Virus Research Director at Finnish data security firm F-Secure.


    Because Sasser seeks out infectable computers automatically and does not use e-mail to spread, experts said personal machines may be most vulnerable. 


    Security experts are analysing the worm to determine where Sasser might hit next.


    "It's still going steady. It will be a big problem for a day or two, then it will linger on the Internet for weeks, and likely years"

    Mikko Hypponen,
    anti-virus research director, F-Secure, Finland

    "We don't know yet, for example, if it attacks machines running on Windows XP Embedded, which runs ATM machines and cash registers. That would be disastrous for banks and retailers," said Raimund Genes, European president of security software firm Trend Micro.


    In the space of three days, four variants have emerged, each capable of causing machines that run on Microsoft's Windows operating systems XP, NT and 2000 to reboot without warning and knocking out some computer reservation systems.




    Victims include Goldman Sachs, Australia's Westpac Bank and Finnish financial company Sampo.


    US carrier Delta Air Lines also suffered a computer glitch on Saturday, causing delays and cancellations, but the company was unsure whether Sasser was the culprit.


    Sasser attacks an exploit in Windows known as the Local Security Authority Subsystem Service, or LSASS, which had been targeted in a Microsoft security update released on 13 April.


    F-Secure's Hypponen said the emergence of a related e-mail virus on Monday called Netsky.AC may hold clues to the authorship of Sasser. Netsky.AC carries an attachment purporting to fix Sasser infections.


    Since spotting Netsky.AC, Hypponen and other security officials suspect Sasser was programmed by a group believed to be based in Russia calling itself the "Skynet anti-virus group".


    A link on Microsoft's home page instructs users to make sure that they have installed a protective firewall, updated Windows to close the security loophole the worm exploits and then remove the worm from their hard drives.


    Meet the deported nurse aiding asylum seekers at US-Mexico border

    Meet the deported nurse helping refugees at the border

    Francisco 'Panchito' Olachea drives a beat-up ambulance around Nogales, taking care of those trying to get to the US.

    The rise of Pakistan's 'burger' generation

    The rise of Pakistan's 'burger' generation

    How a homegrown burger joint pioneered a food revolution and decades later gave a young, politicised class its identity.

    'We will cut your throats': The anatomy of Greece's lynch mobs

    The brutality of Greece's racist lynch mobs

    With anti-migrant violence hitting a fever pitch, victims ask why Greek authorities have carried out so few arrests.