Sasser infections hit Amex, others
A number of U.S. universities also report being hit by the worm
IDG News Service - Security experts continue to issue warnings about the Sasser Internet worm as organizations struggled to clean up the damage caused by infected hosts.
American Express Co. joined a number of U.S. universities in reporting infections from the Sasser worm yesterday, and the SANS Institute's Internet Storm Center (ISC) maintained a "yellow" warning level today despite earlier expectations that the Sasser outbreak would wind down yesterday.
Sasser exploits a recently disclosed hole in a component of Microsoft Corp.'s Windows operating system called the Local Security Authority Subsystem Service, or LSASS. Microsoft released a software patch, Security Bulletin MS04-011, on April 13.
The ISC said yesterday that it was maintaining its yellow alert, indicating a "significant new threat" on the Internet due to "the continuing spread of Sasser and other malicious code targeting the MS04-011 vulnerabilities."
Among other things, modifications in new Sasser variants Sasser.C and Sasser.D, which appeared yesterday (see story), prompted the ISC to maintain the yellow alert. ISC Chief Technology Officer Johannes Ullrich had said he expected Sasser to die down yesterday and thus allow a return to the "green" status by the end of the day.
New York-based Amex experienced Sasser infections on employee desktops beginning Sunday that disrupted the company's internal networks, but they didn't affect customer services, according to Judy Tenzer, an Amex spokeswoman.
Amex refused to reveal how many computers were affected or how the worm penetrated its network, but the company said the infections were limited to employee desktops and didn't affect its critical servers.
Reports also surfaced of unexplained computer problems at other companies.
Delta Air Lines Inc. experienced technical difficulties on Saturday that forced the cancellation of some flights (see story). The computer problems began at 2:50 p.m. local time and were fixed by 9:30 p.m. that same day, said Katie Connell, a Delta spokeswoman.
Connell wouldn't comment on the cause of the problems or which systems were affected, citing a continuing investigation. Atlanta-based Delta does use Microsoft products and the Windows operating system, she said.
In Boston, colleges and universities felt the effects of the worm, according to David Escalante, director of computer policy and security information technology at Boston College in Chestnut Hill, Mass.
Around 200 machines on BC's campus network were infected with Sasser, most of them laptop and desktop computers owned by students, he said.
BC blocked traffic on Port 445, which is used by the Sasser worm to spread, before the outbreak. IT staffers are analyzing the infections, which may have come from students who brought infected laptops back onto campus from home, Escalante said.
The college's staff is also
- Deep Security +VMware vSphere with Operations Management Most midsize organizations are highly virtualized on VMware, and while this has produced significant savings, it also has created new challenges when it...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- DDoS Infographic: How Are Attacks Evolving? For the third consecutive year, Neustar surveyed businesses across major industries to track the evolution of DDoS attacks. Are they more frequent? Larger?...
- How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks Threat sharing networks have been around for a long time, however they have typically been "invitation-only", available to only large companies, or those...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Malware and Vulnerabilities White Papers | Webcasts