A new worm raced across the internet on Monday, leaving millions of computers infected and disrupting systems controlling trains, banks and even the European Commission government offices.
The Sasser worm, which began to spread on Saturday, was seen as a major threat because it does not travel like a virus through e-mail, but can spread by itself to any unprotected computer linked to the internet.
The Sasser worm attacks through a flaw in recent versions of Microsoft Windows operating systems — Windows 2000, Windows Server 2003 and Windows XP — and causes the computer to shut down, then rebooting it, repeating the process continuously. But it appears to do no lasting damage.
Internet experts varied widely in their assessment of the total worldwide infection, with estimates ranging from six-million to 18-million machines sent into Sasser’s start-up and shut-down spiral.
Moreover, new versions of the worm were being created, compounding the problem for security firms.
“The Sasser worms are particularly dangerous for corporate environments as they can spread across networks in a matter of seconds,” said California-based Panda Software.
Luis Corrons, head of PandaLabs warns that some 300-million computers worldwide are vulnerable to attack by the Sasser worm.
“New variants are also likely to emerge and for this reason, even though we launched a pre-alert at the weekend, we have now declared a red alert,” he said.
Finnish Internet security firm F-Secure said up to six-million computers had been infected, adding that some of their large corporate clients had been forced temporarily to shut down their services.
In Spain, judges at the national courthouse, including those investigating the March 11 bombings, were blocked by the worm on Monday.
A third of Taiwan’s national post office was also paralysed by the Sasser worm, which put 1 600 work stations out of operation, the company said.
Hardest hit was the banking-related business of the state-run company, which has about 1 300 offices in Taiwan.
In Australia’s New South Wales, train traffic was disrupted on Sunday when drivers were prevented from talking to rail traffic controllers, in what reports said was the work of the Sasser worm, and 300 000 passengers were left stranded on their platforms.
Sasser infected about 1 200 of the 25 000 machines at the EU executive arm, a spokesperson said.
“We are in the process of taking control of the situation”, said Michael Mann, spokesperson for commissioner for administrative reform Neil Kinnock.
Finland’s third-largest bank, Sampo, shut its 130 branch offices across the country on Monday in a preventive move to keep the worm from infecting its computers, officials said.
“We decided to close our offices as a precaution, since we knew that our virus protection hadn’t been updated,” said Sampo spokesperson Hannu Vuola.
Companies were braced for a massive jump in infection rates at the start of the workweek, when people brought their laptops back to the office.
“We expect to see a significant number of variants to follow,” said Alfred Huger, senior director of engineering at antivirus software-maker Symantec.
“The original authors and other people are improving the virus as time goes on, and it becomes quicker and more effective.”
The danger is that future variants will include code that can allow hackers access to networks, where they can see sensitive data, or download damaging code.
Microsoft said it is working closely with law-enforcement authorities, including the Northwest Cybercrime Task Force, to analyse the malicious code in Sasser and to identify those responsible.
“The worm doesn’t take a specific malicious action at this time, other than to spread,” said Stephen Toulouse, manager of the Microsoft Security Response Centre. “But at the same time, we’re very concerned. It’s impacting our customers, and it’s a criminal act.” – Sapa-AFP
How to stop Sasser