PDA

View Full Version : Worm Strikes Hundreds of Thousands of Computers


MacNut
May 3, 2004, 07:14 PM
Worm Strikes Hundreds of Thousands of Computers
By Brett Young, Reuters

HELSINKI (May 3) -- The fast-spreading ''Sasser'' computer worm has infected hundreds of thousands of PCs globally and the number could soon rise sharply, a top computer security official said on Monday.

''If you take a normal Windows PC and connect to the Internet, you will be infected in 10 minutes (without protection),'' Mikko Hypponen, Anti-Virus Research Director at Finnish data security firm F-Secure, told Reuters.

''It seems to be gradually getting worse, but it could jump as the United States wakes up,'' he said.

F-Secure says the worm, which surfaced at the weekend, automatically spreads via the Internet to computers using the Microsoft Windows operating system, especially Windows 2000 and XP.

The spread of the virus had been muted so far, Hypponen said, as it emerged on a weekend, and holidays closed offices in places like the United Kingdom and Japan on Monday. But the spread was expected to worsen as the working week hits its stride.

''We have already seen three versions of Sasser during the weekend, and we could see more today,'' Hypponen said, adding he believes the worm originated in Russia.

Finnish bancassurer Sampo temporarily closed all of its branch offices, some 130 in all, on Monday as a precaution against Sasser.

In Australia, Westpac Bank said it was hit by the worm, and branches had to use pen and paper to allow them to keep trading, The Australian newspaper reported.

Delta Air Lines suffered a computer glitch on Saturday that caused delays and cancellations of certain flights across its system, but a spokesman said there was no information yet as to the cause.

''With Sasser it seems that companies are (using software) patches better and more quickly than last year (with virus ''Blaster''), but for those that are hit, they are hit hard,'' Hypponen said.

Blaster infected computers around the globe last year.

NO NEED TO CLICK

The current worm does not need to be activated by double-clicking on an attachment, and can strike even if no one is using the PC at the time. When a machine is infected, error messages may appear and the computer may reboot repeatedly.

''Compared to what happened with Blaster ... last August ... this virus has all the same features,'' Hypponen said, noting that both worms exploited relatively new holes in Windows and frequently caused computers to reboot.

Microsoft said Blaster cost it ''millions of dollars of damages,'' and has issued a $250,000 bounty for information on the whereabouts of its author.

F-Secure said corporate networks should be protected against Sasser and its variants by firewalls -- Internet road blocks that separate internal from public networks.

F-Secure said the worm emerged 18 days after Microsoft posted a corrective-code software patch on its Web site. This continues a common pattern with viruses whereby firms announce flaws in their software and hackers race to exploit them.

For home computer users, people should make sure they have downloaded the patch from Microsoft to fix the breach. If their computer is infected, must first be downloaded before the virus is removed or else the PC could catch the worm again.

Hypponen said he was not sure there was a better way for firms to alert users to software problems.

''There are always going to be security holes in mainstream products,'' he said. ''Even if these are not made public, the bad boys will find out about them anyway.''

baby duck monge
May 3, 2004, 09:26 PM
wow. that is pretty hardcore. a number of people have been hit by some virus in the past week at my school - a good friend of mine seems to be among them. the symptoms his computer was showing sound a lot like the ones listed here (what with the restarting and the errors and all). we could not figure it out (and he could not update virus definitions), so he spent the morning wiping his HD and starting over with everything. at least he had good backups. oh well, he needed to do it anyway, the system was getting wonky. :o

jaesk8er
May 3, 2004, 09:37 PM
That sucks but...

One more reason I am a very happy owner of a few MAC's
:rolleyes:

dethl
May 4, 2004, 01:17 AM
Thankfully, our campus has incoming connections locked down...For once, I'm actually glad that the campus ISP does this.

SiriusExcelsior
May 4, 2004, 04:23 AM
apparently our school's computers (the pcs anyway) caught a virus and so for the whole computer lesson we copied notes... :) :mad:

PickledSquirrel
May 4, 2004, 04:48 AM
Makes me appreciate my mac even more....
In the words of Rincewind the wizzard: It could have been worse. It could have been me.

King Cobra
May 4, 2004, 05:39 AM
The one thing that seems to happen with every recent major virus outbreak is the either the inability to get online, or the inability to check my mail. So far, since Sasser has been set loose, neither has happened....(waiting)

Comic relief:
WTH? I just got disconnected... oh, right, I have my connection set to terminate after 4 minutes of inactivity.



One more reason I am a very happy owner of a few MAC's

Mac, not MAC...or, given its plural form: Macs, not MAC's.

wPod
May 4, 2004, 07:31 AM
ah. . . how nice it is to use a mac.

virividox
May 4, 2004, 07:38 AM
most of the schools netowrk is down. but im still fine :)

jbembe
May 4, 2004, 09:34 AM
We have a pretty irritating firewall on our campus: apparently its function is to prevent users from doing many things they could want because we saw this virus cripple many computers yesterday.

Luckily our lab is nearly completely mac so the secretary was busy worrying about the virus while the rest of us got some work done! :D

goodwill
May 4, 2004, 10:27 AM
you know what id like to do when they track the guy who sent the virus to begin with. i want to use my Mac right in front of him and about every 94-99 seconds do my condescending voice and go "ha ha ha ha ha ha, game over, try again". however, i might also want to cut off both of his opposable thumbs because the computers we use at work are windows based and i might have to give him a nice schalacking.

clubmedia
May 4, 2004, 04:33 PM
i am virus free and proud to be

Freakk123
May 4, 2004, 06:23 PM
Every single PC at my Highschool is infected, and its next to impossible to get any work done. We have to do a weather thing on the computers in Earth Sciences, and its pretty much impossible. Its sooo annoying. But, thankfully, we also have some macs in other rooms, so my life remains good :p

Sparky's
May 4, 2004, 09:09 PM
ah. . . how nice it is to use a mac.
So, pay attention to King Cobra, it's Mac, not mac.

Anyway has anyone or does anyone know how to rid your system of it? I have 3 PCs (that's PC not pc) connected on my LAN, and all are running Win 2K. I have'nt seen any signs yet but would like to know what to do in case.

bousozoku
May 4, 2004, 09:20 PM
So, pay attention to King Cobra, it's Mac, not mac.

Anyway has anyone or does anyone know how to rid your system of it? I have 3 PCs (that's PC not pc) connected on my LAN, and all are running Win 2K. I have'nt seen any signs yet but would like to know what to do in case.

Wasn't the last one fixed by downloading the fix using a Macintosh and then, transferring the fix to the affected PCs? At least one has been able to be handled that way.

Mav451
May 4, 2004, 09:44 PM
They released a patch for this approximately a few weeks ago.

Of course, no one ever updates, just like in the RPC case, and people are screwed over, again.

It is with a certain irony that M$ has managed everytime to get patches out for these BEFORE they hit (sometimes several weeks like with RPC and Blaster last summer), and yet the viruses still strike well anyway (e.g. corporate offices).

Coolvirus007
May 4, 2004, 10:43 PM
I will personally kill the first person that will make a virus for macs. THis is one of the many things I am greatful for using apple.

Rincewind42
May 4, 2004, 11:16 PM
Makes me appreciate my mac even more....
In the words of Rincewind the wizzard: It could have been worse. It could have been me.

Yea, it was me today. Two machines that are running a simulator at that I work on contracted the damn virus and so I spent 2 hours getting nothing done. I get to clean up the mess tomorrow. All I have to say is that I'm damn glad that when I get home I don't have to deal with crap like this.

Awimoway
May 4, 2004, 11:25 PM
Wasn't the last one fixed by downloading the fix using a Macintosh and then, transferring the fix to the affected PCs? At least one has been able to be handled that way.

That's how I fixed the two PCs my Philistine relatives use here at my house.

stoid
May 4, 2004, 11:32 PM
Well, this would certainly explain all the weird behavior of the school E-mail server. :rolleyes:

bousozoku
May 5, 2004, 12:07 AM
Well, this would certainly explain all the weird behavior of the school E-mail server. :rolleyes:

It looks as though BellSouth's e-mail server has been hit as well. Nice to know that an ISP is right up there. :rolleyes:

Doctor Q
May 5, 2004, 01:08 AM
It is interesting that Sasser affects Windows XP and Windows 2000 but not Windows 2003 Server (nor Windows 3.n, Windows 95, Windows 98, Windows Me, or Windows NT).

Dippo
May 5, 2004, 01:25 AM
It is interesting that Sasser affects Windows XP and Windows 2000 but not Windows 2003 Server (nor Windows 3.n, Windows 95, Windows 98, Windows Me, or Windows NT).

That's good news since I am running Windows 2003 Server, but it is odd.

Of course I hope I updated my Windows 2000 machine at home.....I guess I will find out when I get back home this weekend :(

voicegy
May 5, 2004, 01:46 AM
Well, this would certainly explain all the weird behavior of the school E-mail server. :rolleyes:

We took the proactive step in my district's IT department and heeded the call weeks ago to apply the patching. Imagine - a school district IT Department being proactive! Will we get kudo's? Will we be thanked? Will people notice? Nope...only if the you-know-what hits the fan - only THEN do we hear about it! *sigh* :(

Dippo
May 6, 2004, 07:19 AM
And they just keep on coming...

Sasser keeps squirming into homes, businesses (http://news.com.com/2100-7349_3-5205815.html?tag=nl)

Two new variations of Sasser--Sasser.C and Sasser.D--started spreading Monday. Like the original and the Sasser.B variant, the new worms take advantage of a vulnerability in unpatched versions of Windows XP and Windows 2000 systems. The worms infect vulnerable systems by establishing a remote connection to the targeted computer, installing an FTP (File Transfer Protocol) server and then downloading themselves to the new host. Unlike mass-mailing computer viruses--such as MyDoom and Sobig--Sasser does not spread from computer to computer through e-mail.