Sasser Wreaks Online Havoc

Gretchen Gallen
CYBERSPACE – News of the latest Internet virus was the Monday morning greeting for many companies, network administrators, and individual computer users as the Sasser virus (W32.Sasser.B.Worm) hit the ground running and left a trail of infected computers in its wake.

Taking advantage of a flaw in the Windows operating system, Sasser managed to hit tens of thousands of computers and cause a slowdown in Internet traffic.

According to many security experts, some of whom are advising computer users to stay off the Internet for the next three days, the Sasser worm does not require users to activate it by clicking on an email attachment.

"The majority of the damage that we are going to see is going to be on the internal network," said one expert.

Unlike its equally prolific processors like MyDoom, SoBig, and Bagle, Sasser can automatically scan the Internet for computers with the security flaw and then duplicate itself into the system. The worm is not specifically known by any patterns in the subject line, body of email, or attachment name, and it is designed to permeate within networks once it makes its initial entry.

The new virus is considered a "Category 4" concern (on a five-point scale) and it was first detected on May 2. According to security firm Symantec, it is modeled after an earlier variant that first appeared in July of 2003. As of its return, the virus infected an estimated 10,000 computers over the weekend, although there are estimations that millions might eventually get hit.

Some experts are saying that Sasser's earlier version was poorly written, but that Sasser.B is considerably faster and more lethal. There have also been sightings of Sasser.C and Sasser.D making progress through the Internet.

There are reports that several large companies have already been hit hard by Sasser, including a bank in Finland that was forced to shutter its doors Monday in order to update its anti-virus network program.

Microsoft issued a weekend alert with a warning that the Sasser worm (W32.Sasser.A) and several variants have been unleashed on the Internet. This is only the second time that Microsoft has issued a removal tool to help clean up from a worm attack.