The Sasser worm caused significant damage to many computers worldwide recently. In total, it caused between US$14.8 billion and US$18.1 billion of estimated damages to infrastructure and networks globally. This illustrates just how damaging malware attacks can be.
Content Jump:
- What is the Sasser Worm?
- Who created it?
- What kind of damage does it do?
- How widespread was it?
- Can the individual do anything about it?
The Sasser worm is a malicious program that exploits a particular loophole in Microsoft Windows. It is not to be confused with the typical virus which can only travel via email and can be unleashed on one’s PC only after the email attachment is opened. The Sasser worm can spread completely by itself and does not require any human intervention. It is possible to be infected simply by being connected to the Internet. In other words, computers with broadband connection are at greater risk. However, it only affects computers running recent versions of Windows XP and Windows 2000.
18-year-old German high school student Sven Jaschan confessed that he was responsible for creating the Sasser Internet worm. The FBI and Microsoft worked together to apprehend him and he was arrested on 7 th May 2004. He has now been released. During the arrest, i nvestigators seized a number of computers and disks from his home which served to prove that he was working alone even though many postulated that he was working for an international gang.
Under German law, he is sentenced to about five years in prison for causing widespread computer sabotage.
The worm is a nuisance in the sense that it causes computers to continually crash and reboot without causing any form of irreparable damage to machines or even files. However, whatever damage it does is propagated and multiplied as infected computers individually send out the worm and it spreads throughout the Internet looking for more computers to infect.
If you want to know what the error message looks like, go to:
http://www.f-secure.com/v-descs/sasser.shtml for screenshots and detailed information on how it actually affects a computer.
Altogether, four distinct versions of Sasser have been spotted in the “wild”. The latest version is called Sasser D and it is designed to scan for new computers to infect or “victims” so ruthlessly that it is capable of causing entire networks to become absolutely congested with data packets, causing irreplaceable loss of time, which is money.
It has been estimated by security experts that more than one million computers were infected. The damage was so widespread that hospitals in Hong Kong, banks in Australia and post offices in Taiwan were hit and severely affected, causing a ripple effect on the country’s economies. Several large companies across the world have experienced severe network disruptions due to the worm. Individuals all over the world have also had their daily routines affected by malfunctioning PCs.
The individual should ensure that he or she has a personal firewall up and running at all times. Windows XP comes with a built-in software firewall but it is switched off by default. Switching it on will greatly reduce the probability of getting infected and reduce the scope of damage that the worm can do. Alternatively, hardware firewalls can also be installed. Fully up-to-date antivirus programmes should also be in place at all times. Microsoft and many other security firms have taken proactive action by releasing a variety of software tools that identify the worm if it has infected one’s PC and help to remove it.
An excellent place to start looking for more of such information is Microsoft's own security advice page at:www.microsoft.com/security/.
If you wish to keep your Windows software up to date, you can do so by regularly downloading the latest patches for free from Microsoft at: http://v4.windowsupdate.microsoft.com/en/default.asp.
By keeping an up-to-date version of an anti-virus software, your risks of getting affected is considerably lower. Install a personal firewall to protect your computer further from malicious software.
To be on the safe side, use the Microsoft Windows Malicious Software Removal Tool to search your hard disk for and effectively remove any Sasser variants.
Reference
Teen 'confesses' to Sasser worm
http://news.bbc.co.uk/1/hi/world/europe/3695857.stm
The latest news on the Sasser internet worm outbreak
http://www.sophos.com/virusinfo/articles/sasser.html
What you should know about Sasser
http://www.microsoft.com/security/incident/sasser.mspx
W32/Sasser.worm.e
http://support.wow.lk/main.html