IDG News Service - Security experts continue to issue warnings about the Sasser Internet worm as organizations struggled to clean up the damage caused by infected hosts.
American Express Co. joined a number of U.S. universities in reporting infections from the Sasser worm yesterday, and the SANS Institute's Internet Storm Center (ISC) maintained a "yellow" warning level today despite earlier expectations that the Sasser outbreak would wind down yesterday.
Sasser exploits a recently disclosed hole in a component of Microsoft Corp.'s Windows operating system called the Local Security Authority Subsystem Service, or LSASS. Microsoft released a software patch, Security Bulletin MS04-011, on April 13.
The ISC said yesterday that it was maintaining its yellow alert, indicating a "significant new threat" on the Internet due to "the continuing spread of Sasser and other malicious code targeting the MS04-011 vulnerabilities."
Among other things, modifications in new Sasser variants Sasser.C and Sasser.D, which appeared yesterday (see story), prompted the ISC to maintain the yellow alert. ISC Chief Technology Officer Johannes Ullrich had said he expected Sasser to die down yesterday and thus allow a return to the "green" status by the end of the day.
New York-based Amex experienced Sasser infections on employee desktops beginning Sunday that disrupted the company's internal networks, but they didn't affect customer services, according to Judy Tenzer, an Amex spokeswoman.
Amex refused to reveal how many computers were affected or how the worm penetrated its network, but the company said the infections were limited to employee desktops and didn't affect its critical servers.
Reports also surfaced of unexplained computer problems at other companies.
Delta Air Lines Inc. experienced technical difficulties on Saturday that forced the cancellation of some flights (see story). The computer problems began at 2:50 p.m. local time and were fixed by 9:30 p.m. that same day, said Katie Connell, a Delta spokeswoman.
Connell wouldn't comment on the cause of the problems or which systems were affected, citing a continuing investigation. Atlanta-based Delta does use Microsoft products and the Windows operating system, she said.
In Boston, colleges and universities felt the effects of the worm, according to David Escalante, director of computer policy and security information technology at Boston College in Chestnut Hill, Mass.
Around 200 machines on BC's campus network were infected with Sasser, most of them laptop and desktop computers owned by students, he said.
BC blocked traffic on Port 445, which is used by the Sasser worm to spread, before the outbreak. IT staffers are analyzing the infections, which may have come from students who brought infected laptops back onto campus from home, Escalante said.
The college's staff is also
Free Insider GuideCopyright © 1994 - 2013 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
