Post by TómmÿGûñz™ \PR/ on May 4, 2004 8:04:34 GMT -5
Security experts were assessing the damage wrought Monday by Sasser, the latest Internet worm, unsure whether the worst is over.
"The virus is certainly prolific and its having an impact," said Alfred Huger, senior director of engineering at Symantec Corp.'s Calgary office.
Launched late Friday into cyberspace, Sasser has already spawned three variations. Mr. Huger fears newer versions of the computer bug will be more virulent and destructive, especially for less-secure consumers.
In Canada Monday, computers at Hudson's Bay Co.'s head office in Toronto blinked on and off and telecom giant BCE Inc.reported problems on its internal network. In Edmonton, city hall and the utility company reported computer problems.
"It is spreading like crazy," said Simon Tang, senior manager of security services at Deloitte & Touche LLP in Toronto. "Over the weekend a lot of people were infected."
Sasser attacks a flaw found in a security application within Microsoft Corp.'s Windows 2000 and Windows XP. Computer users do not have to open an attachment to infect their machine; they just have to have a vulnerable computer that is connected to the Internet. Microsoft posted patches to fix the glitch April 13 but it is expected millions of users failed to download the applications.
Sasser causes an infected computer to continually reboot, causing networks to crash around the world. In Europe, the Paris Bourse and news service Agence France-Presse reported communications problems, and Finnish bank Sampo Oyj temporarily closed 130 branches. In Australia, Westpac Banking Corp. closed branches and communications glitches slowed service by train authority Rail Corp.
To fix an infected computer, users must disconnect from the Internet, find the worm and delete it. Only then can the user go to Microsoft's website and download the Sasser patch to avoid another attack.
The security community was somewhat divided over the extent of the Sasser threat. Panda Anti-Virus Software Ltd. estimated as many as 300 million computers — about half the PCs in use around the world — may be infected. iDefense of Reston, Va., dubbed Sasser "the MSBlast event of 2004," comparing the worm and its variants to last year's Blaster worm that caused a reported $1-billion (U.S.) in lost productivity and damages.
But several security firms described the worm as poorly constructed and predict its long-term impact will be minimal. Symantec, Network Associates Inc. and Computer Associates International Inc. all described the worm as a "medium" to "low risk" threat.
"We're keeping an eye on it and it seems to be under control," said Jack Sebbag, Montreal-based Canadian general manager and vice-president for Network Associates Inc. of Santa Clara, Calif.
Residential users were hit hardest by Sasser, said Jakov Zaidman, a security consultant at T4G Ltd., a Toronto Internet security firm. "People that don't update their security right away are going to be exposed," he said.
There was widespread concern, however, over the shortening time frame between the release of a Microsoft patch and the first bug to exploit the reported flaw. Sasser emerged 18 days after a patch was posted on the software giant's website. In comparison, 26 days passed between notice of vulnerability and the outbreak of last August's Blaster worm.
"It's taken a little more than two weeks to exploit," said Mr. Sebbag. "It's very scary. These guys are getting better at their craft."
"The virus is certainly prolific and its having an impact," said Alfred Huger, senior director of engineering at Symantec Corp.'s Calgary office.
Launched late Friday into cyberspace, Sasser has already spawned three variations. Mr. Huger fears newer versions of the computer bug will be more virulent and destructive, especially for less-secure consumers.
In Canada Monday, computers at Hudson's Bay Co.'s head office in Toronto blinked on and off and telecom giant BCE Inc.reported problems on its internal network. In Edmonton, city hall and the utility company reported computer problems.
"It is spreading like crazy," said Simon Tang, senior manager of security services at Deloitte & Touche LLP in Toronto. "Over the weekend a lot of people were infected."
Sasser attacks a flaw found in a security application within Microsoft Corp.'s Windows 2000 and Windows XP. Computer users do not have to open an attachment to infect their machine; they just have to have a vulnerable computer that is connected to the Internet. Microsoft posted patches to fix the glitch April 13 but it is expected millions of users failed to download the applications.
Sasser causes an infected computer to continually reboot, causing networks to crash around the world. In Europe, the Paris Bourse and news service Agence France-Presse reported communications problems, and Finnish bank Sampo Oyj temporarily closed 130 branches. In Australia, Westpac Banking Corp. closed branches and communications glitches slowed service by train authority Rail Corp.
To fix an infected computer, users must disconnect from the Internet, find the worm and delete it. Only then can the user go to Microsoft's website and download the Sasser patch to avoid another attack.
The security community was somewhat divided over the extent of the Sasser threat. Panda Anti-Virus Software Ltd. estimated as many as 300 million computers — about half the PCs in use around the world — may be infected. iDefense of Reston, Va., dubbed Sasser "the MSBlast event of 2004," comparing the worm and its variants to last year's Blaster worm that caused a reported $1-billion (U.S.) in lost productivity and damages.
But several security firms described the worm as poorly constructed and predict its long-term impact will be minimal. Symantec, Network Associates Inc. and Computer Associates International Inc. all described the worm as a "medium" to "low risk" threat.
"We're keeping an eye on it and it seems to be under control," said Jack Sebbag, Montreal-based Canadian general manager and vice-president for Network Associates Inc. of Santa Clara, Calif.
Residential users were hit hardest by Sasser, said Jakov Zaidman, a security consultant at T4G Ltd., a Toronto Internet security firm. "People that don't update their security right away are going to be exposed," he said.
There was widespread concern, however, over the shortening time frame between the release of a Microsoft patch and the first bug to exploit the reported flaw. Sasser emerged 18 days after a patch was posted on the software giant's website. In comparison, 26 days passed between notice of vulnerability and the outbreak of last August's Blaster worm.
"It's taken a little more than two weeks to exploit," said Mr. Sebbag. "It's very scary. These guys are getting better at their craft."
