chicagotribune.com
May 3, 2004


45 F

Tribune
 Hello, Sauter | MyNews | Log out
Search:      Chicagotribune.com  Web enhanced by Google    
Classified  |  Ads
Find a job
Find a car
Find real estate
Rent an apartment
Find a mortgage
See newspaper ads
White/yellow pages
Personals
Place an ad
Weather  |  Traffic
News/Home page
Today's paper
Special sections
Business
TechnologyYou are here
Business technology
The Digital Page
Trends
Columnists
James Coates
Sports
Leisure  |  Travel
Registration
Contact us

Special reports
Global economy strains loyalty in company town Outsourcing: Pain and Profit

The class action game

Struggle for the soul of Islam

Homicide in Chicago

All special reports



Top technology stories

Microsoft unveils new copyright software

Shield thwarts PC scan attacks



Sasser computer worm spreads worldwide


E-mail this story
Printer-friendly format
Search archives

Stories

Moving files can get tricky if worm lurks
February 23, 2004


MyDoom not living up to name
February 3, 2004


On the Web

McAfee virus profile

Bloomberg News
Published May 3, 2004, 9:14 AM CDT

A computer worm called Sasser is infecting computers worldwide through the Internet and is still spreading, disrupting business at companies from Goldman Sachs Group Inc. in Hong Kong to Sampo Oyj in Finland.

Sasser is spreading by exploiting software security flaws, Microsoft Corp. said on its Web site. The worm causes a computer to shut down and reboot several times, apparently without causing permanent damage, said Mikko Hyppoenen, director of virus research at Helsinki-based security software maker F-Secure Oyj.

The worm, which is different from a virus because it doesn't need to be attached to an e-mail to spread, has infected hundreds of thousands of systems using Microsoft's Windows 2000 and Windows XP, the most common operating systems, since it was detected Saturday, Hyppoenen said. Increased network traffic generated by Sasser, which is similar to the Blaster worm that spread in August, may slow other systems as well, he said.

"We are experiencing disruption to certain of our computer systems," said Edward Naylor, a spokesman for Goldman Sachs in Hong Kong. "We are working to resolve the problem and minimize its impact."

Redmond, Washington-based Microsoft, the world's largest software maker, warned of the flaws on April 13. Microsoft's Web site has tools to check whether a computer is infected and links to sites with software to scan and clean systems.

Sasser Shuts Banks

Sampo, Finland's biggest financial services company, closed all its about 120 bank branches in Finland for an average of four hours today after the worm started spreading.

"We had some problems in the morning, and decided to play it safe," said Hannu Vuola, a spokesman for Sampo. The company's Internet bank service wasn't affected, he said. "Half of our branches are now open and half will open soon."

Hyppoenen said some "large, global companies" have already reported to him that their entire systems have been infected. He declined to name them.

"Sasser is spreading at an increasing pace," Hyppoenen said in a telephone interview. "Still, the situation is not as bad as we feared during the weekend. People and companies have learnt to protect themselves since Blaster."

Goldman's Naylor declined to say how much the worm would cost the bank or give details of potential loss of business.

Infection Spreads

Panda Anti-Virus Software Ltd. estimates that 3 percent of the world's 600 million computers, or 18 million machines, have been infected, Agence France-Presse reported earlier.

More than 200 computers in Hong Kong have been afflicted by Sasser, and the number is increasing, said Leung Siu-cheong, a spokesman for The Hong Kong Computer Emergency Response Team Coordination Center. The center has since Saturday received calls from home computer users and businesses seeking help against the worm, he said.

The Panda estimate "looks a bit high," Leung said. "It's not as serious as the Blaster virus last year, but we're taking it seriously, because infections are set to rise."

Blaster infected hundreds of thousands of computer systems in August, causing problems to cash machines and train and air- travel systems. It prompted the Federal Reserve Bank of Atlanta to shut down its computer system and caused a network overload at Sweden's TeliaSonera AB, the largest Nordic phone company.

Junk Mail

Sasser scans the Internet for vulnerable computers and systems. Infections can grow exponentially, because each infected system can potentially be used to search for other vulnerable systems, said Joe Hartmann, a virus researcher and analyst for Trend Micro Inc., in an e-mailed release.

Hackers use viruses to see what's stored on computers or to use the machines to send junk e-mails. Microsoft offered $5 million in rewards in November to help catch hackers, after attacks by worms including Sobig and Blaster affected business and home computers worldwide last year.

Network Associates Inc., which makes McAfee anti-virus software, said the Sasser worm hasn't spread as much as other computer infections such as Sobig.

"It has an increasing prevalence, but it's not as severe yet," said Lim Ai Ling, a Network Associates market manager based in Singapore. "We haven't quite felt the impact."

She didn't say how many customers have been infected. Network Associates rates the worm "medium risk," Lim said.

Other anti-virus companies include Symantec Corp. and Norman ASA.

Copyright 2004, Chicago Tribune



>> Save 47% off the newsstand price - Subscribe to the Chicago Tribune


Home | Copyright and terms of service | Privacy policy | Subscribe | Contact us | Archives |  Advertise