'Sasser' worm strikes computers globally
By Brett Young
Updated: 8:53 a.m. ET May 03, 2004
Helsinki - A fast-spreading computer worm similar to last year's massive
"Blaster" has struck hundreds of thousands of PCs globally and it remains
unclear how many will be infected, a top computer security official said on
Data security firm F-Secure says the worm, which surfaced at the weekend and
is known as "Sasser", automatically spreads via the Internet to computers
using the Microsoft Windows operating system, especially Windows 2000 and
XP. ( is a Microsoft-NBC joint venture.)
"We'll be in the dark for quite a while as to how many computers have been
affected," said Mikko Hypponen, Anti-Virus Research Director at F-Secure. "With Sasser it seems that companies are (using software) patches better and more quickly than last year (with Blaster), but for those that are hit, they are hit hard," he told Reuters, adding he believes Sasser originated in Russia.
The worm does not need to be activated by double-clicking on an attachment,
and can strike even if no one is using the PC at the time. When a machine is
infected, error messages may appear and the computer may reboot repeatedly. "Compared to what happened with Blaster...last August... this virus has all the same features," Hypponen said, noting that both worms exploited relatively new holes in Windows and frequently caused computers to reboot.
Finnish bancassurer Sampo said on Monday it had closed all of its branch
offices, some 130 in all, as a precaution against Sasser. Spokesman Hannu Vuola, however, said all of the offices would soon be reopened. Blaster infected computers around the globe. Microsoft said the virus cost it "millions of dollars of damages", and has issued a $250,000 bounty for information on the whereabouts of its author.
F-Secure said corporate networks should be protected against Sasser and its
variants by firewalls -- Internet road blocks that separate internal from
public networks. For home computer users, people should make sure they have downloaded a
corrective-code software patch to fix the breach. If their computer is infected, the patch must first be downloaded before the virus is removed or else the PC could catch the worm again.
F-Secure said the worm emerged 18 days after Microsoft posted the software
patch on its Web site. This continues a common pattern with viruses whereby
companies announce flaws in their software and hackers race to exploit them. By Hypponen said he was not sure there was a better way for firms to alert users to problems with their software. "There are always going to be security holes in mainstream products," he said. "Even if these are not made public, the bad boys will find out about them anyway."
Story by:By Bob Sullivan
© 2004 MSNBC Interactive