Accessibility links

World: Spreading Sasser Computer Worm Might Have Origin In Russia

  • Breffni O'Rourke

A voracious computer worm nicknamed "Sasser" is causing problems for computer users around the world. Since it first came to light last weekend, an estimated 1 million PCs using the Microsoft Windows system have been infected -- and there is no end in sight. Sasser is a particular nuisance because it can invade an individual computer without any action by the user.

5 May 2004 (RFE/RL) -- Has your Internet access been slow and shaky in the past few days? Has your PC suddenly started rebooting uncontrollably without you knowing why?

If so, these are signs that you may have been invaded by a new and hungry computer worm called Sasser.

The term "worm" is used for a subset of computer viruses that spread automatically either though e-mail connections or through direct network connections.

The worm has forced some bankers to use paper and pencil to do their accounting.
Sasser, which first came to light last weekend, is infecting Microsoft's Windows 2000 NT and XP operating systems. And it is still out of control, according to Mikko Hypponen, Anti-Virus Research Director at the Finnish data-security firm F-Secure.

"It is still spreading; we were estimating that it would actually start to level out [on 4 May] but right now the statistics show it is still getting worse. It seems to be spreading now to all places globally -- China, Australia, Europe, as well as the U.S."

It's moving very quickly because it can infect computers without having to wait for the user to perform an action, such as to open up an attachment. It is simply programmed to roam across the Internet looking for PCs to infect.

U.S. computer expert Greg Day of Network Associates, a San Francisco-based company that makes antivirus software, explained that "the consumer and also the corporate user are seeing these attacks. There is no human interaction required for this thing to be able to spread from machine to machine. Because this thing is traveling around stealthily on the network, it's probing other machines, it's creating traffic," Day said.

An excess volume of traffic can lead in turn to an impact on the efficiency of other systems independent of Windows.

Worms like Sasser are obviously a nuisance to private computer users, but they can cause dangerous situations in key economic and public-service sectors.

For instance, bank staff in Australia were reduced to the almost-forgotten art of scribbling with paper and pencil to do their accounting when Sasser froze their systems.

In Britain, the computer mapping system at the coast guard service malfunctioned, sending officers hurrying to dust off their old paper sea charts.

In Germany, the postal service's network of several thousand computers has been badly disrupted, and in Brussels more than 1,000 computers went down at European Commission headquarters.

Hypponen of F-Secure said deliberately releasing worms or viruses like Sasser into computer systems goes beyond a prank.

"It is a very serious problem, because worms like these actually have effects far beyond the normal computer networks," Hypponen said. "Some of those problems are created by the fact that many critical systems nowadays are running on top of Windows, and if Windows machines in such an organization keep rebooting uncontrollably, obviously problems can get pretty big."

Corporate computer users have been busy putting "patches" in place in their systems, and they hope the worst is over for them.

As for private computer users, experts say the machines vulnerable to Sasser are those that are not running a firewall and which have not been updated with the latest Windows updates in the last three weeks. Also susceptible are those connected to the public Internet. Experts say the problem can be overcome by erecting a firewall and installing the updates.

Hypponen of F-Secure said the Sasser worm might well have started in Russia:

"We are actually fairly confident that this is the work of a virus group called Netsky, which is a Russian group," Hypponen said. "We do not know much about the group itself, we don't know how many members it has, we don't know where in Russia they operate from -- but this is a group which has released more than 30 different viruses this year alone."

He says that the most widespread current e-mail worm is also believed to be the work of Netsky.