[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Wednesday, 5 May, 2004, 09:37 GMT 10:37 UK
Home users hit by Sasser worm
Discarded computers, AP
Hundreds of thousands of PCs have been hit by Sasser
Home computer users are the main victims of the Sasser Windows worm, according to anti-virus firm Network Associates.

Up to 80% of those hit have been home users and students, it reports.

About 1.5 million people visited Microsoft's Sasser clean-up web page in the first 48 hours of its availability, the software giant said.

The effects of the worm could be felt for many months, believes anti-virus firm Sophos.

New victims

"There is a fear that background radiation of the Sasser worm could be felt for months to come," said Graham Cluley, senior technologist at Sophos.

"The big danger is a raft of new computers that are not protected," he added.

According to Mr Cluley new computers often do not have protection for up to nine months worth of virus outbreaks.


The Sasser worm first appeared on 1 May and estimates vary widely on how many Windows PCs have been infected by it.

Some reports suggest that up to a million machines are infected.

Computer network connections, Eyewire
With Sasser you have to go and stick the patch in yourself
Richard Archdeacon, Symantec

Whatever the final numbers the worm's four variants have racked up an impressive list of victims between them.

The virus was reported to have hit up to 300,000 machines at Deutsche Post making it impossible for staff to hand over cash.

Machines at investment bank Goldman Sachs, the European Commission and British Airways and 19 regional offices of the UK Maritime and Coastguard Agency all fell victim to Sasser.

Up to 500 hospitals in New Orleans were shut down for several hours and social and health services in Washington state were also hit by the worm.

Half of British Airway's computers at the check-in desks in Terminal Four were put out of action leading to delays for customers on Tuesday evening.

One customer of a Perth-based branch of WestPac bank threatened to charge it reconnection fees because he was unable to get his hands on cash ear-marked to pay telephone and electricity bills.

Protect yourself

Sasser spread rapidly in the first few days said Richard Archdeacon, technical services director from security firm Symantec.

"The fact that there have already been four variants tends to indicate that they are refining the code and looking for a way to spread it before the patches are in place," he told BBC News Online.

Mr Archdeacon said worms like Sasser could potentially do more damage than many other recent viruses.

Loveletter virus in e-mail inbox, Ap
Sasser struck almost exactly 4 years after the Iloveyou bug
"Mass-mailing [viruses] are not as potentially dangerous because they can be cured with anti-virus software," said Mr Archdeacon. "But with Sasser you have to go and stick the patch in yourself".

The vulnerability that Sasser exploits was first identified on 8 October last year by security firm eEye Digital Security.

However the first code to exploit the vulnerability only appeared a few days after the first patch for the loophole was released by Microsoft on 13 April.

The virus can infect PCs running Windows 2000 and XP that are not patched against the loophole it exploits or do not have a firewall to protect themselves.

According to anti-virus firms machines running Windows 95, 98 and Millennium Edition can help spread Sasser even though they cannot be infected by it.

Virus chase

The virus is called a worm because it searches out machines to infect by itself without any help from users.

The latest version, Sasser.D, scans so aggressively for new computers to infect that it may cause networks to become congested with packets of data and slow down.

Windows XP on sale, PA
Unpatched versions of Windows XP are vulnerable
Poor programming by Sasser's creator makes infected machines shut down.

Microsoft and many security firms have released tools that help people find out if they are infected and to help them remove the virus from their system.

Microsoft played down reports that millions were being infected by Sasser.

It reported that almost four times as many PC owners were downloading patches for security problems now compared to autumn in 2003.

Holidays in the UK, parts of Europe and Japan may also help to limit the spread of the worm.

Creators of other malicious programs are trying to cash in on the success of Sasser.

The latest version of the Netsky virus, the 29th variant, travels with a file that claims to be a cure for Sasser sent out by anti-virus firms.

Inside this version the creators of Netsky claim that they were responsible for making Sasser too.

The BBC's Fergus Walsh
"It's likely to hang around the web for years"


The BBC is not responsible for the content of external internet sites


News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific