Sasser infections hit Amex, others
A number of U.S. universities also report being hit by the worm
IDG News Service - Security experts continue to issue warnings about the Sasser Internet worm as organizations struggled to clean up the damage caused by infected hosts.
American Express Co. joined a number of U.S. universities in reporting infections from the Sasser worm yesterday, and the SANS Institute's Internet Storm Center (ISC) maintained a "yellow" warning level today despite earlier expectations that the Sasser outbreak would wind down yesterday.
Sasser exploits a recently disclosed hole in a component of Microsoft Corp.'s Windows operating system called the Local Security Authority Subsystem Service, or LSASS. Microsoft released a software patch, Security Bulletin MS04-011, on April 13.
The ISC said yesterday that it was maintaining its yellow alert, indicating a "significant new threat" on the Internet due to "the continuing spread of Sasser and other malicious code targeting the MS04-011 vulnerabilities."
Among other things, modifications in new Sasser variants Sasser.C and Sasser.D, which appeared yesterday (see story), prompted the ISC to maintain the yellow alert. ISC Chief Technology Officer Johannes Ullrich had said he expected Sasser to die down yesterday and thus allow a return to the "green" status by the end of the day.
New York-based Amex experienced Sasser infections on employee desktops beginning Sunday that disrupted the company's internal networks, but they didn't affect customer services, according to Judy Tenzer, an Amex spokeswoman.
Amex refused to reveal how many computers were affected or how the worm penetrated its network, but the company said the infections were limited to employee desktops and didn't affect its critical servers.
Reports also surfaced of unexplained computer problems at other companies.
Delta Air Lines Inc. experienced technical difficulties on Saturday that forced the cancellation of some flights (see story). The computer problems began at 2:50 p.m. local time and were fixed by 9:30 p.m. that same day, said Katie Connell, a Delta spokeswoman.
Connell wouldn't comment on the cause of the problems or which systems were affected, citing a continuing investigation. Atlanta-based Delta does use Microsoft products and the Windows operating system, she said.
In Boston, colleges and universities felt the effects of the worm, according to David Escalante, director of computer policy and security information technology at Boston College in Chestnut Hill, Mass.
Around 200 machines on BC's campus network were infected with Sasser, most of them laptop and desktop computers owned by students, he said.
BC blocked traffic on Port 445, which is used by the Sasser worm to spread, before the outbreak. IT staffers are analyzing the infections, which may have come from students who brought infected laptops back onto campus from home, Escalante said.
The college's staff is also
- Fight Malware, Malfeasance and Malingering Every year brings more extreme sets of threats than the last. The good news is that there are a range of mitigation options....
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Malware and Vulnerabilities White Papers | Webcasts