http://www.computerworld.com/securitytopics/security/virus/story/0,10801,92936,00.html by Bernhard Warner and Spencer Swartz MAY 06, 2004 REUTERS Computer security experts warned yesterday that the Sasser worm could merge with earlier viruslike programs to wreak more havoc on the Internet, just as companies and PC users clean up from the last attack and authorities hunt for those responsible. Since appearing over the weekend, the fast-moving Sasser computer worm has hit PC users around the world who run the ubiquitous Microsoft Windows 2000, NT and XP operating systems. It is expected to slow down as computer users download antivirus patches. But Sasser could mutate by combining with the 2-month-old Netsky worm and become a launching pad for further Web attacks, putting it on par with Blaster, the destructive worm that appeared last year and used infected computers to attack Microsoft Corp.'s Web site. For now, the more benign Sasser worm does its harm by duplicating itself and slowing down Internet connections. "My expectation is that Netsky and Sasser variants will merge and become what we call one 'abundant threat' that attacks through e-mail and software vulnerabilities," said Jimmy Kuo, a research fellow at Network Associates Inc.'s McAfee antivirus unit. The fast-moving Sasser worm, which has hit home users, corporations and government agencies throughout Europe, North America and Asia, doesn't appear to wipe out data on disk drives, but it may damage software applications, analysts said. Estimates on how many users have been hit by the virus vary from 150,000 to 1 million, although analysts say the final tally could be in the millions by the time the four Sasser variants work their way through the Internet. Analysts are unsure what economic damage Sasser has caused so far but said the costs associated with things such as installing new software on PCs and labor are likely to make it an expensive cleanup process. If infected computers aren't patched and protected by firewalls and antivirus software, they could be used by virus writers to launch future attacks, experts said. Microsoft said yesterday that it's working with the Northwest Cybercrime Task Force, a joint effort by the FBI and U.S. Secret Service, to hunt down those responsible for the latest worm outbreak. Microsoft created a page, http://www.microsoft.com/sasser, on its corporate Web site to deal with the Sasser threat and is offering a tool to rid infected computers of the worm, said Stephen Toulouse, security program manager at the company's Security Response Center. The origin of Internet threats is notoriously difficult to track, but authorities managed to find teenagers allegedly responsible for creating a copycat version of the Blaster worm. Minnesota teen Jeffrey Lee Parson was arrested in August, followed by the arrest of an unidentified juvenile in Seattle in September. Reed Stevenson contributed to this report. _________________________________________ ISN mailing list Sponsored by: OSVDB.org
This archive was generated by hypermail 2b30 : Fri May 07 2004 - 08:37:52 PDT