From Reuters:
Sasser Worm Strikes Countless PCs Worldwide
By Brett Young
HELSINKI, Finland (Reuters) - The fast-spreading "Sasser" computer worm has infected hundreds of thousands of PCs globally and the number could rise sharply, a top computer security official said on Monday.
"If you take a normal Windows PC and connect to the Internet, you will be infected in 10 minutes (without protection)," Mikko Hypponen, Anti-Virus research director at Finnish data security firm F-Secure (FSC1V.HE: Quote, Profile, Research) , told Reuters.
"It seems to be gradually getting worse, but it could jump as the U.S. wakes up," he said.
F-Secure says the worm, which surfaced over the weekend, automatically spreads via the Internet to computers using the Microsoft (MSFT.O: Quote, Profile, Research) Windows operating system, especially Windows 2000 and XP.
The spread of the virus has been muted so far, Hypponen said, as it emerged on a weekend, and with holidays closing offices in places like the United Kingdom and Japan on Monday.
But the spread was expected to worsen as the work week hits its stride, Hypponen said, adding he believes the worm originated in Russia.
It was not immediately known what impact the worm was having on computer networks of U.S. companies as they started the business day.
U.S. carrier Delta Air Lines (DAL.N: Quote, Profile, Research) suffered a computer glitch on Saturday that caused delays and cancellations of certain flights across its system, but a spokesman said there was no information yet as to the cause.
A Microsoft representative was not immediately available for comment, but said in a statement that customers could protect themselves by erecting personal firewalls that separate internal networks from public networks, and by downloading Microsoft security patches.
The company also said it was working with law enforcement officials, including the Northwest CyberCrime Taskforce, to analyze the worm and to identify those responsible for it.
Finnish bancassurer Sampo (SAMAS.HE: Quote, Profile, Research) temporarily closed all of its 130 branch offices on Monday as a precaution.
In Australia, Westpac Bank (WBC.AX: Quote, Profile, Research) said it was hit by the worm, and branches had to use pen and paper to allow them to keep trading, The Australian newspaper (
http://www.theaustralian.news.com) reported.
"With Sasser it seems that companies are (using software) patches better and more quickly than last year (with virus "Blaster"), but for those that are hit, they are hit hard," Hypponen said.
Blaster infected computers around the globe last year.
NO NEED TO CLICK
The current worm does not need to be activated by double-clicking on an attachment, and can strike even if no one is using the PC at the time. When a machine is infected, error messages may appear and the computer may reboot repeatedly.
"Compared to what happened with Blaster ... last August ... this virus has all the same features," Hypponen said, noting that both worms exploited relatively new holes in Windows and frequently caused computers to reboot.
Microsoft said Blaster cost it "millions of dollars of damages," and has issued a $250,000 bounty for information on the whereabouts of its author.
F-Secure said corporate networks should be protected against Sasser and its variants by firewalls -- Internet road blocks that separate internal from public networks.
F-Secure said the worm emerged 18 days after Microsoft posted a corrective-code software patch on its Web site. This continues a common pattern with viruses whereby companies announce flaws in their software and hackers race to exploit them.
For home computer users, people should make sure they have downloaded the patch from Microsoft to fix the breach. If their computer is infected, it must first be downloaded before the virus is removed or else the PC could catch the worm again.
Hypponen said he was not sure there was a better way for companies to alert users to software problems.
"There are always going to be security holes in mainstream products," he said. "Even if these are not made public, the bad boys will find out about them anyway."