Menu
Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

New automatic Internet worm spreading at increasing pace

  • 03 May, 2004 09:24

<p>PRESS RELEASE</p>
<p>For release May 2, 2004</p>
<p>New automatic Internet worm spreading at increasing pace
F-Secure issuing a global alert on the Sasser worm</p>
<p>As an Australian Distributor for F-Secure for over 8 years, Open Systems Australia would like to provide you with the following news release.</p>
<p>F-Secure Corporation has been following the spread of the Sasser worm over
the weekend of May 1st. This new worm spreads to Windows PCs automatically,
even if nobody is using the PC at the time. After a machine gets infected,
the worm will start to spread to other computers. As a side effect, users
might see error messages and experience the computer rebooting repeatedly.</p>
<p>The number of affected PCs is already estimated to be in hundreds of
thousands and it will continue to rise as the working week starts. "This case
resembles the Blaster incident from August 2003 a lot", says Mikko Hypponen,
director of antivirus research at F-Secure. "Both were automatic worms using
a relatively new hole in Windows and causing frequent reboots." Together with
Slammer and Sobig.F, Blaster was one of the largest virus incidents of 2003
and even caused problems to infrastructure systems such as ATM networks and
train and air travel systems. "I hope administrators have improved security
since then. Otherwise we might see similar problems again", says Hypponen.</p>
<p>Two slightly different versions of the Sasser worm were discovered on May
1st. These worms spread through the LSASS vulnerability, which was discovered
in mid-April. The Microsoft patch to close the hole had been available for
download for 18 days before Sasser was found. The worm is targetting Windows
2000 and XP machines - the two most common operating systems. However, the
network traffic generated by the worm might slow down other systems as well,
including non-Windows systems.</p>
<p>Corporate networks should be protected against Sasser and its variants by the
corporate firewalls, separating internal networks from public networks.
"We're mostly worried about Monday morning, when hordes of laptop users
return to their workplaces with their machines, possibly carrying the virus
behind the firewall", comments Hypponen.</p>
<p>For home users, the advice is simple: if you're running Windows 2000 or XP
and have not updated your Windows during the last two weeks, do NOT go online
without a firewall.</p>
<p>If your computer is already infected, you need to patch the LSASS hole first,
then remove the worm - otherwise the worm could reinfect you right away.
F-Secure's and Microsoft's websites have detailed instructions on how to do
this.</p>
<p>F-Secure's Viruslab is monitoring the situation in their weblog:
http://www.f-secure.com/weblog/
Technical description of the virus:
http://www.f-secure.com/v-descs/sasser.shtml
F-Secure has released a free tool to remove the Sasser.A and Sasser.B worms.
The tool is available for
download from the above link.</p>
<p>Microsoft has more information on the incident at:
http://www.microsoft.com/security/incident/sasser.aspMailing list policy</p>
<p>About F-Secure</p>
<p>F-Secure Corporation protects individuals and businesses against computer
viruses and other threats coming through the Internet or mobile networks. Our
award-winning solutions include antivirus, desktop firewall with intrusion
prevention and network encryption. Our key strength is the speed of response
to new threats and for businesses our solutions feature centralized
management. Founded in 1988, F-Secure has been listed on the Helsinki
Exchanges since 1999. We have our headquarters in Helsinki, Finland, and
offices in USA, France, Germany, Sweden, the United Kingdom and Japan.
F-Secure is supported by a global ecosystem of value added resellers and
distributors in over 50 countries. F-Secure protection is also available
through major Internet Service Providers, such as Deutsche Telekom and
leading mobile equipment manufacturers, such as Nokia.</p>
<p>About Open Systems Australia</p>
<p>Open Systems Australia, a Canberra based company, was founded 13 years ago with the aim of providing high-end security, computing and data networking solutions for Fortune-500 Corporations, Federal and State Government Departments, Australia-wide.
This has developed into an extensive distribution business servicing over 2000 resellers Australia wide. Open Systems Australia has the in-house project management and technical / engineering capabilities to undertake virtually any I.T. project, anywhere in the Pacific region.</p>
<p>For further information please contact:</p>
<p>Sarah Hawkins
Marketing Manager
Open Systems Australia
02 6261 4900
sarah.hawkins@opensystems.com.au</p>

Most Popular