News - New victims for Sasser net worm

Computers at the UK Coastguard, British Airways, Goldman Sachs and Deutsche Post were all affected by the worm.

Security experts fear that the next wave of people to fall victim will be broadband users switching on their computers.

Home users are being urged to patch their machines to avoid being infected by the malicious program.

Casualty list

The Sasser worm first appeared on 1 May and estimates vary widely on how many Windows PCs have been infected by it.

Some firms report that only about 300,000 machines have been caught out by the worm while others believe that up to a million machines are infected.

With Sasser you have to go and stick the patch in yourself Richard Archdeacon, Symantec Q&A: The Sasser worm

Whatever the final numbers the worm’s four variants have racked up an impressive list of victims between them.

The virus was reported to have hit up to 300,000 machines at Deutsche Post making it impossible for staff to hand over cash.

Machines at investment bank Goldman Sachs, the European Commission and British Airways and 19 regional offices of the UK Maritime and Coastguard Agency all fell victim to Sasser.

The coastguard said rescue work remained unaffected by the virus outbreak even though staff were forced to use paper charts rather than digital maps.

Previously disruption at Taiwan’s national post office, Hong Kong government departments and hospitals, Australian railways and the Westpac bank were all blamed on Sasser.

Protect yourself

Richard Archdeacon, technical services director from security firm Symantec, said the next 24 hours would reveal how far the worm would spread.

“The fact that there have already been four variants tends to indicate that they are refining the code and looking for a way to spread it before the patches are in place,” he told BBC News Online.

Mr Archdeacon said worms like Sasser could potentially do more damage than many other recent viruses.

Sasser struck almost exactly 4 years after the Iloveyou bug

“Mass-mailing viruses are not as potentially dangerous because they can be cured with anti-virus software,” said Mr Archdeacon. “But with Sasser you have to go and stick the patch in yourself”.

The online christian dating advices sites
that Sasser exploits was first identified on 8 October last year by security firm eEye Digital Security.

However the first code to exploit the vulnerability only appeared a few days after the first patch for the loophole was released by Microsoft on 13 April.

The virus can infect PCs running Windows 2000 and XP that are not patched against the loophole it exploits or do not have a firewall to protect themselves.

According to anti-virus firms machines running Windows 95, 98 and Millennium Edition can help spread Sasser even though they cannot be infected by it.

Virus chase

The virus is called a worm because it searches out machines to infect by itself without any help from users.

The latest version, Sasser.D, scans so aggressively for new computers to infect that it may cause networks to become congested with packets of data and slow down.

Unpatched versions of Windows XP are vulnerable

Poor programming by Sasser’s creator makes infected machines shut down.

Microsoft and many security firms have released tools that help people find out if they are infected and to help them remove the virus from their system.

Microsoft played down reports that millions were being infected by Sasser.

It reported that almost four times as many PC owners were downloading patches for security problems now compared to autumn in 2003.

Holidays in the UK, parts of Europe and Japan may also help to limit the spread of the worm.

Creators of other malicious programs are trying to cash in on the success of Sasser.

The latest version of the Netsky virus, the 29th variant, travels with a file that claims to be a cure for Sasser sent out by anti-virus firms.

Inside this version the creators of Netsky claim that they were responsible for making Sasser too.

Have you been affected by the Sasser worm? What can be done to stop the spread of of worms and viruses like this one? Send us your comments on the form below.

I’d just like to point out that there is a general consensus and misconception that firewalls are the answer to all these problems when they aren’t. A firewall can block unused ports to stop some exploits but any viruses that are downloaded via HTTP/FTP or SMTP will pass right through if you use these ports. You need anti-virus software or better still avoid Windows. Also, script viruses (and I use the world tentatively) are caused by abuse of features built-in to Microsoft Products. And I have yet to see these features used legitimately.
Paul, Manchester

To stop pc shutting down after 60 seconds
click on start then run then type shutdown -a
and hit return, this will stop computer shutting down and allow users time to get rid of virus
Dave Anthony, Newcastle -

I switched to Apple Mac several years ago and now have an iMac operating under Mac OSX. I do not suffer from viruses or worms and my machine never crashes. It is fast, stylish, and far superior to Wintel machines adult dating advices site submit
for graphics applications. Its GUI is far easier to use and I would never switch back. Convert to Mac for a better IT-life.
Ian Henley, UK

Anyone that thinks Linux or Apple Macs are invunerable to viruses and worms really need to wake up and smell the binary. There are just as many flaws in Linux systems as Windows, and there are many Mac based viruses. There are also java-based attacks that can affect many different types of system.
The only real answer is to get a firewall and antivirus system, and learn how to use it!
Steve Lake, Reading, UK

Always taken IT for granted and assumed viruses attacked online dating advices agency
etc when individuals have a vendetta. Never considered firewalls etc for home PC. Not quite sure what to do next or indeed how much it will cost to fix. You see all these downloadable fixes but the problem with my PC is that it is running far too slow to download anything anyway, shuts down before download is complete, or simply does not let me get on to the appropriate screens.

Anyone got any tips? - fortunately can maintain my internet access from work!
O, Wales

Cause: Windows is very sick!

Prediction: This is not the last attack. You will hit again and again and again.

Temporary Solution: Install the patch for this from Microsoft and patch for next after next attack and so on.

Permanent Solution: Drop the sick Windows completely. Switch to a Linux based computer or install Linux Desktop on your existing computer and have peace in mind and in the world. Good luck.
Sagara Wijetunga, Singapore

Why do we always only hear about new Windows vulnerabilities when they are exploited Colin McKenzie, London UK

Why do we always only hear about new Windows vulnerabilities when they are exploited? If the issue of the patch got the news coverage that the worm has, many more people would be protected in time.
I update Windows regularly, but no more than monthly. If I didn’t have a firewall, Sasser would have caught me by now.
Colin McKenzie, London UK

I don’t think Colin McKenzie quite understands. If Microsoft made announcements saying they had spotted a specific vulnerability, the virus writers would have a field day exploiting it. Due to their very nature, these things must be kept under wraps until a fix is produced and then discretely rolled into Windows Update. The best thing to do is run Windows Update in automatic mode so you are always up to date. Or, get a Mac.
Anon, UK

A fried of mine was infected with the Sasser virus, I removed it using Norton’s removal tool, the pc is now updated and is running sweet, but it was quite a pain to remove it. Had to use Safe Mode on XP to remove some of it, then had to create a new account on the pc to enable the rest of the removal as in the standard account the pc would keep shutting down. Not much fun…..
Robert J Wilson, Herne Bay, Kent

Oh for goodness sake, pay peanuts, get monkies. Buy an Apple Mac and remain totally immune to all this rubbish. Factor in the cost of rebuilding,reformating, security updates, time wasted, data and documents lost, cost of virus checkers and AppleMacs complete with Microsoft Office for the Mac are VERY cost effective. Companies and Businesses that follow the herd instinct and stay with Windows deserve all they get.
Arthur Lowe, Melbourne, Australia

Pretty primitive worm really. Spotted within a minute of it first running - easily detected due to ADSL connection activity when no programs open. Check Task Manager processes, a process called avserve.exe (which I don’t recognise) is running. Stop the process, locate and delete the file, download Microsoft patch to prevent re-infection.

Graham Fewster, Huntingdon, UK

Patch, or face the consequences James Atack, Paris, France

We should think ourselves lucky that once again the writer of this virus let us off the hook. Despite the high number of infections, the virus has a relativley benign payload.
If ever a similar virus appears on the scene that actively destroys data, then the financial loss will be huge. Patch, or face the consequences.
James Atack, Paris, France

Common sense prevails here, buy a firewall, or download a free one of of the net and run Windows update often. Take 5 minutes out of your day, run Windows Update, update your firewall and antivirus definitions, and you’ll be fine.
Blair, Edinburgh, Scotland, UK

No comment on the ‘poor programming’ by Microsoft that caused this vulnerability in the first place?
Alex Hawdon, Huddersfield, UK

Disclaimer: The BBC may edit your comments and cannot guarantee that all e-mails will be published.