Sasser computer worm spreads worldwide
Published May 3, 2004, 9:14 AM CDT
A computer worm called Sasser is infecting computers worldwide through
the Internet and is still spreading, disrupting business at companies
from Goldman Sachs Group Inc. in Hong Kong to Sampo Oyj in Finland.
Sasser is spreading by exploiting software security flaws,
Microsoft Corp. said on its Web site. The worm causes a computer to
shut down and reboot several times, apparently without causing
permanent damage, said Mikko Hyppoenen, director of virus research at
Helsinki-based security software maker F-Secure Oyj.
The worm, which is different from a virus because it
doesn't need to be attached to an e-mail to spread, has infected
hundreds of thousands of systems using Microsoft's Windows 2000 and
Windows XP, the most common operating systems, since it was detected
Saturday, Hyppoenen said. Increased network traffic generated by
Sasser, which is similar to the Blaster worm that spread in August, may
slow other systems as well, he said.
"We are experiencing disruption to certain of our computer
systems," said Edward Naylor, a spokesman for Goldman Sachs in Hong
Kong. "We are working to resolve the problem and minimize its impact."
Redmond, Washington-based Microsoft, the world's largest software
maker, warned of the flaws on April 13. Microsoft's Web site has tools
to check whether a computer is infected and links to sites with
software to scan and clean systems.
Sasser Shuts Banks
Sampo, Finland's biggest financial services company, closed all
its about 120 bank branches in Finland for an average of four hours
today after the worm started spreading.
"We had some problems in the morning, and decided to play it
safe," said Hannu Vuola, a spokesman for Sampo. The company's Internet
bank service wasn't affected, he said. "Half of our branches are now
open and half will open soon."
Hyppoenen said some "large, global companies" have already
reported to him that their entire systems have been infected. He
declined to name them.
"Sasser is spreading at an increasing pace," Hyppoenen said in a
telephone interview. "Still, the situation is not as bad as we feared
during the weekend. People and companies have learnt to protect
themselves since Blaster."
Goldman's Naylor declined to say how much the worm would cost the bank or give details of potential loss of business.
Panda Anti-Virus Software Ltd. estimates that 3 percent of the
world's 600 million computers, or 18 million machines, have been
infected, Agence France-Presse reported earlier.
More than 200 computers in Hong Kong have been afflicted by
Sasser, and the number is increasing, said Leung Siu-cheong, a
spokesman for The Hong Kong Computer Emergency Response Team
Coordination Center. The center has since Saturday received calls from
home computer users and businesses seeking help against the worm, he
The Panda estimate "looks a bit high," Leung said. "It's not as
serious as the Blaster virus last year, but we're taking it seriously,
because infections are set to rise."
Blaster infected hundreds of thousands of computer systems in
August, causing problems to cash machines and train and air- travel
systems. It prompted the Federal Reserve Bank of Atlanta to shut down
its computer system and caused a network overload at Sweden's
TeliaSonera AB, the largest Nordic phone company.
Sasser scans the Internet for vulnerable computers and systems.
Infections can grow exponentially, because each infected system can
potentially be used to search for other vulnerable systems, said Joe
Hartmann, a virus researcher and analyst for Trend Micro Inc., in an
Hackers use viruses to see what's stored on computers or to use
the machines to send junk e-mails. Microsoft offered $5 million in
rewards in November to help catch hackers, after attacks by worms
including Sobig and Blaster affected business and home computers
worldwide last year.
Network Associates Inc., which makes McAfee anti-virus software,
said the Sasser worm hasn't spread as much as other computer infections
such as Sobig.
"It has an increasing prevalence, but it's not as severe yet,"
said Lim Ai Ling, a Network Associates market manager based in
Singapore. "We haven't quite felt the impact."
She didn't say how many customers have been infected. Network Associates rates the worm "medium risk," Lim said.
Other anti-virus companies include Symantec Corp. and Norman ASA.
Copyright © 2004, Chicago Tribune