Sasser infections hit Amex, others
A number of U.S. universities also report being hit by the worm
IDG News Service - Security experts continue to issue warnings about the Sasser Internet worm as organizations struggled to clean up the damage caused by infected hosts.
American Express Co. joined a number of U.S. universities in reporting infections from the Sasser worm yesterday, and the SANS Institute's Internet Storm Center (ISC) maintained a "yellow" warning level today despite earlier expectations that the Sasser outbreak would wind down yesterday.
Sasser exploits a recently disclosed hole in a component of Microsoft Corp.'s Windows operating system called the Local Security Authority Subsystem Service, or LSASS. Microsoft released a software patch, Security Bulletin MS04-011, on April 13.
The ISC said yesterday that it was maintaining its yellow alert, indicating a "significant new threat" on the Internet due to "the continuing spread of Sasser and other malicious code targeting the MS04-011 vulnerabilities."
Among other things, modifications in new Sasser variants Sasser.C and Sasser.D, which appeared yesterday (see story), prompted the ISC to maintain the yellow alert. ISC Chief Technology Officer Johannes Ullrich had said he expected Sasser to die down yesterday and thus allow a return to the "green" status by the end of the day.
New York-based Amex experienced Sasser infections on employee desktops beginning Sunday that disrupted the company's internal networks, but they didn't affect customer services, according to Judy Tenzer, an Amex spokeswoman.
Amex refused to reveal how many computers were affected or how the worm penetrated its network, but the company said the infections were limited to employee desktops and didn't affect its critical servers.
Reports also surfaced of unexplained computer problems at other companies.
Delta Air Lines Inc. experienced technical difficulties on Saturday that forced the cancellation of some flights (see story). The computer problems began at 2:50 p.m. local time and were fixed by 9:30 p.m. that same day, said Katie Connell, a Delta spokeswoman.
Connell wouldn't comment on the cause of the problems or which systems were affected, citing a continuing investigation. Atlanta-based Delta does use Microsoft products and the Windows operating system, she said.
In Boston, colleges and universities felt the effects of the worm, according to David Escalante, director of computer policy and security information technology at Boston College in Chestnut Hill, Mass.
Around 200 machines on BC's campus network were infected with Sasser, most of them laptop and desktop computers owned by students, he said.
BC blocked traffic on Port 445, which is used by the Sasser worm to spread, before the outbreak. IT staffers are analyzing the infections, which may have come from students who brought infected laptops back onto campus from home, Escalante said.
The college's staff is also
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Malware and Vulnerabilities White Papers | Webcasts