[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Tuesday, 4 May, 2004, 12:17 GMT 13:17 UK
Sasser net worm affects millions
Computer network connections, Eyewire
Sasser spreads through networks by itself
The Sasser worm is continuing to cause disruption for large numbers of Windows PC users.

The first version of the malicious program was discovered on 1 May and since then has spread widely across the internet.

Some security experts estimate it has infected more than a million PCs and knocked out many computer systems.

Unlike more recent viruses, Sasser does not travel by e-mail instead it makes its way around the internet unaided.

Shut down

In at least seven cases, disruptions at large companies have been blamed on machines infected by Sasser.

The virus can infect PCs running Windows 2000 and XP that are not patched against the loophole it exploits.

According to anti-virus firms machines running Windows 95, 98 and Millennium Edition can help spread Sasser even though they cannot be infected by it.

The security firms urged users to install the latest security patches from Microsoft and advised home broadband users to install and run a firewall.

The virus is called a worm because it searches out machines to infect by itself without any help from users.

So far four variants of Sasser have been seen in the wild.

Loveletter virus in e-mail inbox, Ap
Sasser struck almost exactly 4 years after the Iloveyou bug
The latest version, Sasser.D, scans so aggressively for new computers to infect that it may cause networks to become congested with packets of data and slow down.

Poor programming by Sasser's creator makes infected machines shut down.

Microsoft and many security firms have released tools that help people find out if they are infected and to help them remove the virus from their system.

Users hit

Early reports suggest that home users will be hit hardest as many broadband users do not have a firewall fitted that would protect them from malicious programs like Sasser.

F-Secure said that many large companies had already installed the patch for the vulnerability Sasser exploits which may limit the ultimate spread of the worm.

Those that had not patched have been hit hard.

The head office and 19 regional offices of the UK Maritime and Coastguard Agency have been hit by the worm. The Agency said the disruption would not affect search and rescue work.

Taiwan's national post office said 1,600 of its machines were hit by the virus which forced more than 400 of its 1200 branch offices to revert to pen and paper.

The disruption left customers queuing in long lines at many of the company's offices, according to television reports.

Windows XP on sale, PA
Unpatched versions of Windows XP are vulnerable
Two Hong Kong government departments and some hospitals on the island were hit by the virus.

In Australia Railcorp trains were halted apparently because a virus disrupted the radio systems and stopped drivers talking to signalmen.

Also in Australia Westpac Bank staff were forced to use manual methods to record transactions as the virus made computers unusable. Two other banks reported infections.

Finnish bancassurer Sampo said it had temporarily closed all its 130 branch offices as a precaution against Sasser.

US airline Delta would not comment on reports that the virus caused disruption to its schedule.

Patch available

Microsoft played down reports that millions were being infected by Sasser.

It reported that almost four times as many PC owners were downloading patches for security problems now compared to autumn in 2003.

A patch for the vulnerability Sasser exploits was first released on 13 April and then updated on 28 April.

Holidays in the UK, parts of Europe and Japan may also help to limit the spread of the worm.

Some security experts said that using Sasser removal tools may not end the trouble because many of those caught out by it have also been infected by other viruses.

Creators of other malicious programs are trying to cash in on the success of Sasser.

The latest version of the Netsky virus, the 29th variant, travels with a file that claims to be a cure for Sasser sent out by anti-virus firms.

Inside this version the creators of Netsky claim that they were responsible for making Sasser too.


Have you been affected by the Sasser worm? What can be done to stop the spread of of worms and viruses like this one? Send us your comments on the form below.

Always taken IT for granted and assumed viruses attacked corporations etc when individuals have a vendetta. Never considered firewalls etc for home PC. Not quite sure what to do next or indeed how much it will cost to fix. You see all these downloadable fixes but the problem with my PC is that it is running far too slow to download anything anyway, shuts down before download is complete, or simply does not let me get on to the appropriate screens. Anyone got any tips? - fortunately can maintain my internet access from work!
O, Wales

Cause: Windows is very sick! Prediction: This is not the last attack. You will hit again and again and again. Temporary Solution: Install the patch for this from Microsoft and patch for next after next attack and so on. Permanent Solution: Drop the sick Windows completely. Switch to a Linux based computer or install Linux Desktop on your existing computer and have peace in mind and in the world. Good luck.
Sagara Wijetunga, Singapore

Why do we always only hear about new Windows vulnerabilities when they are exploited
Colin McKenzie, London UK
Why do we always only hear about new Windows vulnerabilities when they are exploited? If the issue of the patch got the news coverage that the worm has, many more people would be protected in time. I update Windows regularly, but no more than monthly. If I didn't have a firewall, Sasser would have caught me by now.
Colin McKenzie, London UK

A fried of mine was infected with the Sasser virus, I removed it using Norton's removal tool, the pc is now updated and is running sweet, but it was quite a pain to remove it. Had to use Safe Mode on XP to remove some of it, then had to create a new account on the pc to enable the rest of the removal as in the standard account the pc would keep shutting down. Not much fun.....
Robert J Wilson, Herne Bay, Kent

Oh for goodness sake, pay peanuts, get monkies. Buy an Apple Mac and remain totally immune to all this rubbish. Factor in the cost of rebuilding,reformating, security updates, time wasted, data and documents lost, cost of virus checkers and AppleMacs complete with Microsoft Office for the Mac are VERY cost effective. Companies and Businesses that follow the herd instinct and stay with Windows deserve all they get.
Arthur Lowe, Melbourne, Australia

Pretty primitive worm really. Spotted within a minute of it first running - easily detected due to ADSL connection activity when no programs open. Check Task Manager processes, a process called avserve.exe (which I don't recognise) is running. Stop the process, locate and delete the file, download Microsoft patch to prevent re-infection.
Graham Fewster, Huntingdon, UK

Patch, or face the consequences
James Atack, Paris, France
We should think ourselves lucky that once again the writer of this virus let us off the hook. Despite the high number of infections, the virus has a relativley benign payload. If ever a similar virus appears on the scene that actively destroys data, then the financial loss will be huge. Patch, or face the consequences.
James Atack, Paris, France

Common sense prevails here, buy a firewall, or download a free one of of the net and run Windows update often. Take 5 minutes out of your day, run Windows Update, update your firewall and antivirus definitions, and you'll be fine.
Blair, Edinburgh, Scotland, UK

No comment on the 'poor programming' by Microsoft that caused this vulnerability in the first place?
Alex Hawdon, Huddersfield, UK

Name
Your E-mail address
Town & Country
Comments

Disclaimer: The BBC may edit your comments and cannot guarantee that all e-mails will be published.




WATCH AND LISTEN
The BBC's Kevin Anderson
"Computers only need to be switched on and online to become infected"



RELATED INTERNET LINKS:
The BBC is not responsible for the content of external internet sites


PRODUCTS AND SERVICES

News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific