By Will Sturgeon, 5 May 2004 18:05
NEWS The Sasser worm continues to cause problems for computer users worldwide and has claimed more big names - such as British Airways and investment bank Goldman Sachs.
The virus hit a staggering 300,000 machines at Deutsche Post and a number of hospitals in New Orleans were shut down for several hours.
But closer to home the biggest victim so far has been British Airways, which lost the use of around half its check-in desk computers at Heathrow's Terminal Four.
The outage meant delays to 21 British Airways flights and disruption for thousands of travellers.
Elsewhere in Europe, Finnish bank Sampo Bank was reportedly forced to close 130 branches for several hours after the virus struck on Monday morning.
Such widespread, big name virus victims appear to be a throw-back to the dark days of Melissa and the Love Bug, but not everybody is convinced this is the 'end of the world' scenario some media would have users believe - as the Heathrow story hit the front pages of national newspapers.
Simon Perry, divisional vice president of security strategy at Computer Associates, said the impact of Sasser is being blown a little out of proportion.
"All the large UK companies we've spoken to during the last 24 hours tell me that they are actually doing a fantastic job of keeping themselves protected."
However, that's not to say the threat should not be taken seriously and Perry believes there is worse to come.
He said: "I do expect that we'll see a rapid and extensive cycle of variants being produced in the coming few weeks with increasingly dangerous payloads."
However Perry added those will be "more of an immediate threat for home users".
Stuart Okin, UK security chief at Microsoft, said home users have been particularly hard hit by Sasser because they lack the know-how of large firms in dealing with such attacks and may have installed Windows out of the box and never thought to update it.
He added that the large number of home users making do with dial-up internet connections also means many don't download updates because of the time taken to do so.
"The majority of calls into Microsoft about Sasser have predominantly been from home users," Okin told silicon.com.
The more serious long term threat to businesses - as with MyDoom and Bagle - will be if future iterations carry a payload which acts as "a recruitment exercise for another zombie force armed with DDOS intentions," said Perry.
Comments
There are 4 comments. Join the discussion
1. Michael Fischer
Hype!? Gazillions of machines crashing around our ears, and this is hype! Bashing Apple for fixing unexploited holes in OS X is hype. Predicting dire outcomes when one of the dozen or so virii or worms for Linux has been released is hype. Hospitals, coast guards, banks and BA being crippled is not hype.
This is a real problem, which is escalating. I think its about time for legistation to prevent critical services and institutions from using insecure equipment and operating systems. This would not rule out Windows, but it would have to be demonstated that a) all possible measures were being taken (e.g. patching etc up to date) AND b) that the system is secure under conditions of a). Continuing as things are is madness.
2. anonymous
Am I the only one who sees the irony in that fact that Michael's first word is 'hype?' followed by 'Gazillions of machines'...
3. Brian Burkill
Dunno what all the fuss is about??
Havent even had ONE instance of it. Email filters, firewalls AV Software and up to date Windows software has meant it simply has got nowhere near me, my servers, or my colleagues.
In fact, I have not even had a notification that it has been blocked by the filters.
The sad people with no girlfriends/boyfriends who write virus software are simply exploiting those too complacent to apply the software, those too scared, or those who have too much red tape in place.
On of the reasons for the lack of patches with large firms is because they have so much red tape and beaurocracy, that every upgrade needs to be 'impact analysed'.
Each patch or upgrade has to go through a full testing cycle and release mechanism before it even gets to users. This means that an upgrade can take up to six months before it is applied to users machines or servers.
I saw it happen, in several large firms, where the IT department do not release a patch because it has not been tested, leaving machines vulnerable.
The strategy is good for software developed in house, or new third party software that may impact upon other existing applications. But not really appropriate for security upgrades.
4. anonymous
Hype? As always, not all the victims let on they've been hit! It's Friday at my place of contract and the LARGE corporation I work for is just recovering from 4 days of inactivity.