[ISN] Security experts warn of nastier Sasser worm

From: InfoSec News (isn@private)
Date: Fri May 07 2004 - 06:50:37 PDT

  • Next message: InfoSec News: "[ISN] WinHEC: Microsoft revisits NGSCB security plan"

    http://www.computerworld.com/securitytopics/security/virus/story/0,10801,92936,00.html
    
    by Bernhard Warner and Spencer Swartz
    MAY 06, 2004 
    REUTERS 
    
    Computer security experts warned yesterday that the Sasser worm could
    merge with earlier viruslike programs to wreak more havoc on the
    Internet, just as companies and PC users clean up from the last attack
    and authorities hunt for those responsible.  Since appearing over the
    weekend, the fast-moving Sasser computer worm has hit PC users around
    the world who run the ubiquitous Microsoft Windows 2000, NT and XP
    operating systems. It is expected to slow down as computer users
    download antivirus patches.
    
    But Sasser could mutate by combining with the 2-month-old Netsky worm
    and become a launching pad for further Web attacks, putting it on par
    with Blaster, the destructive worm that appeared last year and used
    infected computers to attack Microsoft Corp.'s Web site.
    
    For now, the more benign Sasser worm does its harm by duplicating
    itself and slowing down Internet connections.
    
    "My expectation is that Netsky and Sasser variants will merge and
    become what we call one 'abundant threat' that attacks through e-mail
    and software vulnerabilities," said Jimmy Kuo, a research fellow at
    Network Associates Inc.'s McAfee antivirus unit.
    
    The fast-moving Sasser worm, which has hit home users, corporations
    and government agencies throughout Europe, North America and Asia,
    doesn't appear to wipe out data on disk drives, but it may damage
    software applications, analysts said.
    
    Estimates on how many users have been hit by the virus vary from
    150,000 to 1 million, although analysts say the final tally could be
    in the millions by the time the four Sasser variants work their way
    through the Internet.
    
    Analysts are unsure what economic damage Sasser has caused so far but
    said the costs associated with things such as installing new software
    on PCs and labor are likely to make it an expensive cleanup process.  
    If infected computers aren't patched and protected by firewalls and
    antivirus software, they could be used by virus writers to launch
    future attacks, experts said.
    
    Microsoft said yesterday that it's working with the Northwest
    Cybercrime Task Force, a joint effort by the FBI and U.S. Secret
    Service, to hunt down those responsible for the latest worm outbreak.
    
    Microsoft created a page, http://www.microsoft.com/sasser, on its
    corporate Web site to deal with the Sasser threat and is offering a
    tool to rid infected computers of the worm, said Stephen Toulouse,
    security program manager at the company's Security Response Center.
    
    The origin of Internet threats is notoriously difficult to track, but
    authorities managed to find teenagers allegedly responsible for
    creating a copycat version of the Blaster worm. Minnesota teen Jeffrey
    Lee Parson was arrested in August, followed by the arrest of an
    unidentified juvenile in Seattle in September.
    
    Reed Stevenson contributed to this report.
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Fri May 07 2004 - 08:37:52 PDT