'Sasser' worm's rapid spread worries security experts
Advertiser Staff and Wire Services
A new, insidious worm has infected hundreds of thousands of computers around the world since late Friday, exploiting a security flaw in Microsoft's Windows operating systems.
Windows 2000 and XP computer owners should install software patches by visiting Windows Update. Firewall and anti-virus programs that have the latest updates can also help contain or prevent infection. Anti-virus vendors (www.mcafee.com or www.symantec.com, for example) have instructions for removing the worm. A small percentage of Windows users had problems applying the patch. Go to microsoft.com if you encounter problems, then scroll down to Caveats section and click on Microsoft Knowledge Base Article 835732. Microsoft has a free customer-service phone line, (866) 727-2338.
Unlike previous computer attacks, this new one dubbed "Sasser" doesn't require users to click on an e-mail attachment to launch it. Sasser, a "network worm," can automatically scan the Internet for computers with the flaw and send a copy of itself there.
Stopping the worm
"I got hit this weekend," said John Vallesteros, president of the startup Hawai'i surfware company Bald Clothing. "About 70 percent of my business is online. Potential customers who have been affected by this virus can't purchase online because they would get shut down. Right now I can't do any day-to-day functions other than folding T-shirts or filing."
James Kerr, president and CEO of the computer consulting firm SuperGeeks, cautioned computer users against opening unsolicited e-mails, including those promising a solution to the computer worm problem.
"Other virus writers will take advantage of the paranoia," Kerr said. "Don't be surprised if you see spam that offers a quick fix. But by opening that attachment you're unleashing more problems."
Internet security experts are alarmed that the Sasser worm has appeared only a few weeks after Microsoft announced the discovery of the flaw and released a patch to fix it. In the past, it has taken virus writers a few months to develop an attack to exploit a flaw in an operating system, said David Perry, director of public education with security vendor Trend Micro.
Computer users with high-speed Internet and functioning without a firewall are vulnerable. Sasser will infect any computer with an open gateway to the Internet.
To get rid of the worm, users must check to see if their computers have been infected and then apply the Windows patch Microsoft released three weeks ago. Only Windows 2000 and XP versions are affected by Sasser worm, not older versions of the operating system.
For now, Sasser isn't damaging files on the computers it infects.
Security experts said the Sasser worm, while spreading rapidly initially, is not as widespread as last summer's MSBlaster outbreak that infected millions of computers.
But some Internet security experts are increasingly concerned because Sasser seems to be deliberately slowing its spread with each new variation that has emerged since late Friday when it was first detected.
Paul Henry, chief technology officer at CyberGuard, a computer network security firm in Fort Lauderdale, Fla., said it appears as if the worm is trying to spread itself "under the radar."
Henry said Sasser has another particularly disturbing characteristic each computer it infects creates a list of all the other computers to which it passes on the worm. It also leaves a "back door" open on each infected computer, which the writer of the worm theoretically could use to control all those computers in the future.
So, Henry reasons, Sasser's creator could circulate a malicious program to legions of computers worldwide in a matter of minutes.
There's one more complication for computer users, said Henry. There's a bug in the patch Microsoft released for Windows 2000 and XP, which can cause some computers to lock up and make it impossible to reboot.