|
The UF Office of Information Technology Newsletter | |
|
Blaster Saves The Day? | |
The big news in security during the first week of May was the Sasser worm. Sasser is a worm that attempts to exploit the vulnerability described in Microsoft Security Bulletin MS04-011. It spreads by scanning the randomly selected IP addresses for vulnerable systems. Unlike most worms, Sasser doesn't require any human intervention-such as opening an e-mail attachment-but scans for vulnerable systems and surreptitiously plants its payload. Millions of computers around the world were hit.
The attacks took their toll in the US and overseas. In the US, Delta Airlines, American Express, Associated Press, two major universities, and a leading hospital were among Sasser's victims. The amount of damage it caused is hard to estimate because it didn't cause any direct damage other than the fact that it made computers crash and installed networks. The major damage has been in slowed productivity. Enterprise operations may partially have Blaster to thank for the relative corporate immunity from Sasser.
IT security management practices were tightened considerably after the round of Blaster infections. Microsoft has reported fewer than 2 million downloads of its Sasser fixit tool, where it reported more than 10 million downloads of its Blaster removal tool-a remarkable difference even when taking into account that Sasser only "infects" later versions of the Windows OS.
But while the Sasser problem appears to have slowed down, it has not yet disappeared completely. Five versions of Sasser are known. Police in Berlin have said an l8-year-old German teenager was responsible for all of them in addition to the "Netsky" virus.
The German youth apparently released a new variant of the worm, "Sasser e," shortly before he was arrested last week, investigators said in Berlin. He has now been identified as Sven Jaschan, a technical high school student of Waffensen, Lower Saxony.
The teenager was arrested on May 7 after informants seeking a reward tipped off Microsoft. In a search of his family's home, German investigators confiscated his computer, which contained the worm's source code.
The student is being investigated on suspicion of computer sabotage, which carries a maximum sentence of five years in prison. He was released pending charges after questioning May 7, where he admitted to creating Sasser, police said. And though Jaschan faces up to 5 years' prison under German law for "computer sabotage," he turned 18 on April 29 and was therefore charged as a child, not an adult. He also may be subject to leniency due to the full and detailed written confession he reportedly made to police.