[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Thursday, 6 May, 2004, 10:26 GMT 11:26 UK
Sasser net worm set for long life
Computer keyboard, Eyewire
Sasser will keep on infecting, say experts
The Sasser Windows worm that struck earlier this week is on the wane.

Since its first appearance on 1 May the virus has disrupted work in many organisations and infected hundreds of thousands of Windows PCs.

But as firms patch vulnerable PCs and get back to working normally security experts warn that the worm will be around for a long time to come.

Some fear that future versions of the worm will be much harder to defend against.

Lingering threat

The Sasser worm appeared on 1 May and since then has infected perhaps a million Windows machines all around the world.

Hospitals, banks, airlines, government agencies and many home users have been infected by the worm which makes PCs unusable by making them crash repeatedly.

The virus can infect PCs running Windows 2000 and XP.

Microsoft reported that more than 1.5m people visited the web page detailing ways to get rid of Sasser and close the loophole that it exploits.

Although the worst of the Sasser outbreak is over, anti-virus experts say that it will never entirely disappear.

Richard Archdeacon, technical services director from security firm Symantec, said that many malicious programs follow a cyclical pattern of outbreak and clean-up for a long time after they first appear.

"That's the other argument for patching your machines," he said, "these viruses come back."

Gerhard Eschelbeck, chief technology officer at security firm Qualys, has studied the lifecycle of worms and viruses and found that many enjoy a long productive existence.

Future threats

Some viruses like Code Red (debut in 2001), SQL Slammer, (appeared in January 2003) and Nachi (from August 2003) are still out on the web finding and infecting fresh victims.

He said that although half of all machines vulnerable to a new loophole are patched within 30 days of an outbreak occurring, 50% of the rest take another 30 days and so on and so on.

The result is that there are always some machines on the net that are vulnerable to a particular virus.

The Sans Institute, which monitors net security problems, said that the Sasser worm was an "indicator exploit" used to expose those machines suffering a particular vulnerability.

The Institute thought it likely that future worms and viruses will try to capitalise on the large crop of at risk machines it exposed.

Jimmy Kuo, from security firm Network Associates, said Sasser could mutate and merge with the Netsky virus to become even more of a problem.

"My expectation is that Netsky and Sasser variants will merge and become what we can one 'abundant threat' that attacks through e-mail and software vulnerabilities," he said.


The BBC is not responsible for the content of external internet sites


News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific