New threat spreading through Internet

`Sasser worm,' like last year's `Blaster,' hits Microsoft gaps


WASHINGTON - A new Internet worm spreading worldwide attacks computers with certain Microsoft operating systems and causes no apparent damage, but closes down the operating system and sends it into a re-boot loop, two U.S. computer security firms said yesterday.

The Sasser worm "breaks into your computer and then attempts to break into others. It chooses its victims randomly," said Alfred Huger, senior director of engineering at Symantec, based in Cupertino, Calif.

The virus affects computers operating Microsoft Windows 2000, Windows Server 2003 and Windows XP, but not Windows 95, Windows 98, Windows Me or Windows NT, according to Symantec.

Nor are computers using the Macintosh, Linux or UNIX systems affected, said the company.

The worm can infect Internet-connected computers, and unlike most previous viruses, it is not spread by e-mail, said Graham Cluley, senior technology consultant for Sophos, another top U.S. software security firm.

"The Sasser worm spreads in a similar way to last year's serious Blaster outbreak," he said, traveling the Internet "exploiting security holes in Microsoft's software."

The worm is "not traveling as fast as Blaster did," but computers that are "not properly protected with anti-virus updates, firewalls and Microsoft's security patch are asking for trouble."

Huger said the worm is particular to Microsoft software and "takes advantage of Microsoft vulnerability."

Microsoft, the Redmond, Wash.-based software giant, has issued a "patch" that protects computers by "patching the hole" in the company's existing security net, and can be accessed through Microsoft's online update service.

"This worm is unlike previous ones in that it does not appear to be causing any damage to computers," said Huger. "It will slow your computer down, but there does not appear to be any direct damage to the hard drive."

Cluley said home users are especially vulnerable "because they are often not running the latest anti-virus protection, haven't downloaded the latest security patches from Microsoft, and may not be running a personal firewall," he said.

Symantec spokesman Mike Bradshaw said the Sasser worm was first discovered late Wednesday, and through yesterday the company had fewer than 100 "suspicious file" reports from its customers, 21 of them from corporations.

"Right now we are not seeing it spread rapidly," he said. "These numbers are quite low. For a virus that is spreading rapidly we would expect to see about 100 reports per hour.

"But we anticipate that the numbers will grow exponentially when people start returning to work" tomorrow, said Bradshaw.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.