Ø As Sasser causes computers to restart continually, many users have been unable to rid their systems of this malicious code
Ø Users have been downloading, on a massive scale, the Microsoft patch that fixes the vulnerability exploited by this family of worms and this is helping to keep propagation rates in check
Ø Indications are that the epidemic could worsen as more variants look set to appear in the near future
As Sasser continues to spread, the number of organizations affected by the virus continues to rise. These include governmental institutions the world over, such as the European Commission -where 1,200 computers have been affected-, the University of Massachusetts, banking IT systems, travel booking services and companies such as British Airways. In addition to the direct damage caused by Sasser in corporate environments, production is also lost as machines are brought up-to date and the Microsoft patch applied to correct the vulnerability that the worm is exploiting.
Other victims include all those who simply can't use their computers as systems infected by variants of Sasser restart every 60 seconds. This means that there is no time to eliminate the virus from the computer and download the Microsoft patch. One way that users can get round this is by first putting the system clock back, as described below:
- When the window is displayed saying that the system will restart, double-click on the time displayed at the bottom of the screen.
- Once the time settings window opens, put the clock back a few hours.
With respect to the extent of the epidemic, Luis Corrons, head of PandaLabs explains that, "Many users have been installing the patch released by Microsoft to fix the flaw that this worm exploits, which is an indication of increased awareness among the public and should help contain the spread of Sasser. New variants may appear so users should stay on the alert and make sure they have a good updated antivirus."
To mitigate the effects of the Sasser epidemic, Panda Software has made its PQRemove tools available to users. These applications not only disinfect computers but also restore system configurations altered by the worm.
One of the PQREMOVE tools is specifically designed for networks, and removes Sasser and all its variants from any network that could have been affected. Click here to access it. The other PQREMOVE applications can disinfect any computer attacked by any of the variants of the Saaser worms. Click here
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.