The Sasser Virus of 2004 in Action
The impact of discovering the Sasser virus
This was a computer worm which particularly targeted vulnerable versions of the Microsoft operating systems. You would be in the high risk group if you were running XP and 2000. A vulnerable network port would act as the entry point for the malware. There were specific problems related to the fact that it was able to spread without the intervention of its originator. On the positive side you could easily avoid the risk by configuring your computer effectively and taking up the Windows updates that arise from time to time. In its bulleting MS04-011, the brand explained the considerable risks that are associated with this malware.
A precautionary approach to the Sasser virus
When Microsoft released a patch with reference to this risk, some users ignored it and they paid a heavy price in terms of the actual management of their networks. On the 30th of April, advanced users started noting that there was something fundamentally wrong about the way in which their machines were operating. A buffer overflow component which is known as LSASS is responsible for the impact that this malware had. It is known as the Local Security Authority Subsystem Service which has to be configured accurately. The TCP port 445 was the entry point after scanning the IP addresses. When further analysis was undertaken by Microsoft it was discovered that the worm could also be spread through port 139.
Variants of the Sasser virus
As is often the case, there was some mutation in terms of the operations associated with the worm. It could become the Sasser B, C and D. These appeared within a few days of the original. The monthly security packages had been patched earlier on but some networks missed it. Some people claimed that the writers reverse-engineered the patch so that they could work out the vulnerable parts of the system. Millions of computers which had not implemented the upgrade would then be perfectly open to the intrusion of the worm. One of the famous victims for this virus was the AFP news agency which was based in France. All its satellite communications were down for many hours.
Spreading specific signs of the Sasser virus
At one point Delta Airlines had to cancel some trans-Atlantic journeys due to faulty booking systems. Likewise the Nordic Insurance company was having significant problems. Even Goldman Sachs felt the impact of the worm. The lesson which ought to have been learnt is the need to ensure that there were regular upgrades on the computers.
Call Toll Free: 1- 888- 901- GEEK (4335)
Leave a Reply