Sasser spreads worldwide, slowing trains, mail, post
The Sasser Net worm picked up pace on Monday infecting millions of computers, slowing train and postal services.
The Sasser internet worm picked up pace on Monday at the start of the workweek, infecting millions of computers, slowing train and postal services and even bogging down Spanish judges investigating the March 11 train bombings.
The worm, which began to spread on Saturday, does not travel like a virus through e-mails or attachments. It can spread by itself to any unprotected computer linked to the Internet.
The Sasser worm attacks through a flaw in recent versions of Microsoft Windows operating systems -- Windows 2000, Windows Server 2003 and Windows XP -- and causes the computer to shut down, then rebooting it, repeating the process continuously. But it appears to do no lasting damage.
Internet experts varied widely in their assessment of the total worldwide infection, with estimates ranging from 6 to 18 million machines sent into Sasser's start-up and shut-down spiral.
Finnish Internet security firm F-Secure said up to six million computers had been infected, adding that some of their large corporate clients had been forced temporarily to shut down their services.
The anti-virus company Panda Software on Sunday gave the figure of slightly more than three percent of the world's computers, or around 18 million out of the estimated 600 million operating worldwide.
In Spain, judges at the national courthouse, including those investigating the March 11 bombings, were blocked by the worm Monday.
Judge Teresa Palacios could not send police an electronic authorization to destroy explosives they had found in the Madrid apartment of suspected terrorists responsible for the bomb attack, judicial sources said.
A third of Taiwan's national post office was also paralyzed by the Sasser worm, which put 1,600 work stations out of operation, the company said.
Hardest hit was the banking-related business of the state-run company, which has about 1,300 offices in Taiwan.
In Australia's New South Wales, train traffic was disrupted on Sunday when drivers were prevented from talking to rail traffic controllers, in what reports said was the work of the Sasser worm, and 300,000 passengers were left stranded on their platforms.
Finland's third-largest bank, Sampo, shut its 130 branch offices across the country Monday in a preventive move to keep the worm from infecting its computers, officials said.
"We decided to close our offices as a precaution, since we knew that our virus protection hadn't been updated," Sampo spokesman Hannu Vuola told AFP.
Companies were braced for a massive jump in infection rates at the start of the workweek, when people brought their laptops back to the office.
Since laptops are not protected by company firewall systems if used on a server other than the company's, they run the risk of being infected and in turn infect the company's network when used in the office.
But Loucif Kharouni, technical director at anti-virus firm Trend Micro, said that while the Sasser spread could become "exponential in the days to come", most companies had armed themselves with anti-virus software and updated their Microsoft systems in time.
Sasser, unlike previous Internet viruses Mydoom.A in January and Bagle.B in February, is not seen as a serious hazard.
Alfred Huger, head of engineering at California-based computer security firm Symantec, said it was started deliberately by an individual.
"Of that much we're sure," he said on Sunday. "What we're not sure of is that individual's motives, because the virus is not doing any damage, and it's not installing a backdoor" which would give future access to other viruses.
"We'll just have to wait and see," he said.
"This worm is unlike previous ones in that it does not appear to be causing any damage to computers," said Huger. "It will slow your computer down, but there does not appear to be any direct damage to the hard drive."
Teddy Lacerda, European technical director for McAfee, agreed. "Customer contacts haven't reached the level of alert that we consider to be important," he said.