A new internet computer worm caused disruptions over the weekend but experts warned it may spread rapidly when businesses resume work on Monday morning.
The worm, named Sasser, began to spread on Saturday, and unlike a virus does not travel through e-mails or attachments. It can spread by itself to any unprotected computer linked to the internet.
It attacks through a flaw in recent versions of Microsoft’s Windows — Windows 2000, Windows Server 2003 and Windows XP — and causes the computer to shut down, then rebooting it, repeating the process several times. But it appears to do no lasting damage.
”The problem seems to be getting worse,” said Mikko Hyppoenen, an anti-virus expert at F-Secure, a leading internet security firm, on Sunday from Helsinki, adding that millions of computers worldwide may have been infected.
”We don’t know how big this is going to be [but] we expect things to get much worse on Monday when people bring their laptops in to the office after the weekend,” Hyppoenen said.
Since laptops are not protected by company firewall systems if used on a server other than the company’s, they run the risk of being infected and in turn infect the company’s network when used in the office.
”It seems to me an exaggeration to say that millions of computers have been affected,” said Bernard Ourghanlian, Microsoft’s technical director in France, where work was disrupted by the worm on Saturday night.
But he acknowledged that the worm was spreading on Sunday.
”We are recording at the moment several attacks a minute on ‘honey pots’ [computers deliberately left unprotected so they can monitor viruses]”, he said, adding that France and some southeast Asian countries seemed to be particularly hit.
Microsoft made available a software update last month to fix the flaw exploited by the worm, and since mid April several million copies have been downloaded.
”We have every hope the spreading of this virus will be limited by the many precautions we have taken,” he said.
”It is not possible to give a figure for the spread of the virus, still less the cost of the damage it will do,” he said, adding that many firms never admit being infected and that if small and medium sized businesses did not take precautions on Monday
morning Sasser could spread rapidly.
In Moscow the Russian computer security firm Kaspersky Labs warned of a possible major epidemic when business activity resumes on Monday.
”For the moment the extent of the epidemic isn’t that severe only because most people are not at work” and their computers are shut off, said Denis Zenkin.
For the moment the worm, the third major internet infection this year after Mydoom.A in January and Bagle.B in February, does not appear to be a worldwide phenomenon. One American specialist reported only a few hundred computers infected, another did not rank Sasser in its 10 most common infections.
Experts said they did not know who started the virus, but Alfred Huger, senior director of engineering at California-based computer security firm Symantec, said it was started deliberately by an individual.
”Of that much we’re sure,” he said. ”What we’re not sure of is that individual’s motives, because the virus is not doing any damage, and it’s not installing a backdoor” which would give future access to other viruses.
”We’ll just have to wait and see,” he said.
”This worm is unlike previous ones in that it does not appear to be causing any damage to computers,” said Huger. ”It will slow your computer down, but there does not appear to be any direct damage to the hard drive. – Sapa-AFP