Sasser worm spreads Internet havoc

The rapidly evolving "Sasser" computer worm has spread across the Internet disrupting corporate and home computer systems stoking fears of more potent outbreaks to come.

    The worm will cause computers to reboot without warning

    First detected over the weekend, the worm on Tuesday had already infected, by some estimates, over one million PCs and knocked out computer systems at banks, transport reservation systems and at European Commission offices.

       

    Unlike previous Internet worms, Sasser infects vulnerable PCs without any action by the user like opening attachments, allowing it to spread very quickly.

       

    Home users would likely first notice an infection if their computer mysteriously rebooted or their Internet connection slowed dramatically.

       

    Because of its nature, security experts were warning users to update their PCs with the latest Microsoft patches and install a firewall to keep out future infections.

     

    New infections

       

    With businesses throughout parts of Europe returning from the long holiday weekend on Tuesday, anti-virus technicians were expecting a new wave of infections.

       

    "It's still going steady. It will be a big problem for a day or two, then it will linger on the Internet for weeks, and likely years," said Mikko Hypponen, Anti-Virus Research Director at Finnish data security firm F-Secure.

       

    Because Sasser seeks out infectable computers automatically and does not use e-mail to spread, experts said personal machines may be most vulnerable. 

       

    Security experts are analysing the worm to determine where Sasser might hit next.

     

    "It's still going steady. It will be a big problem for a day or two, then it will linger on the Internet for weeks, and likely years"

    Mikko Hypponen,
    anti-virus research director, F-Secure, Finland

    "We don't know yet, for example, if it attacks machines running on Windows XP Embedded, which runs ATM machines and cash registers. That would be disastrous for banks and retailers," said Raimund Genes, European president of security software firm Trend Micro.

       

    In the space of three days, four variants have emerged, each capable of causing machines that run on Microsoft's Windows operating systems XP, NT and 2000 to reboot without warning and knocking out some computer reservation systems.

       

    Victims

     

    Victims include Goldman Sachs, Australia's Westpac Bank and Finnish financial company Sampo.

       

    US carrier Delta Air Lines also suffered a computer glitch on Saturday, causing delays and cancellations, but the company was unsure whether Sasser was the culprit.

        

    Sasser attacks an exploit in Windows known as the Local Security Authority Subsystem Service, or LSASS, which had been targeted in a Microsoft security update released on 13 April.

       

    F-Secure's Hypponen said the emergence of a related e-mail virus on Monday called Netsky.AC may hold clues to the authorship of Sasser. Netsky.AC carries an attachment purporting to fix Sasser infections.

       

    Since spotting Netsky.AC, Hypponen and other security officials suspect Sasser was programmed by a group believed to be based in Russia calling itself the "Skynet anti-virus group".

       

    A link on Microsoft's home page instructs users to make sure that they have installed a protective firewall, updated Windows to close the security loophole the worm exploits and then remove the worm from their hard drives.


    YOU MIGHT ALSO LIKE

    Survivor stories from Super Typhoon Haiyan

    Survivor stories from Super Typhoon Haiyan

    The Philippines’ Typhoon Haiyan was the strongest storm ever to make landfall. Five years on, we revisit this story.

    How Moscow lost Riyadh in 1938

    How Moscow lost Riyadh in 1938

    Russian-Saudi relations could be very different today, if Stalin hadn't killed the Soviet ambassador to Saudi Arabia.

    We Are Still Here: A Story from Native Alaska

    We Are Still Here: A Story from Native Alaska

    From Qatar to Alaska, a personal journey exploring what it means to belong when your culture is endangered.