BANKING TECHNOLOGY ADVISORY: Sasser Worm Update

Sasser Worm Update
by Patricia Schoepke, Webmaster, Bankers Information Network

CNN Reports:
"It's still going steady. It will be a big problem for a day or two, then it will linger on the Internet for weeks, and likely years," said Finnish data security firm F-Secure. Among its victims are banks, travel-booking systems, European Commission offices and Britain's 19 Coastguard stations. In just three days, four variants have emerged, each capable of causing machines that run on Microsoft's Windows operating systems XP, NT and 2000 to reboot without warning and knocking out some computer reservation systems. Victims include Goldman Sachs, Australia's Westpac Bank and Finnish financial company Sampo. It has also hit about 300,000 computers at Germany's Deutsche Post. Source

InfraGard - reporting in The Australian:
Sasser does not travel by e-mail or attachments and spreads itself to any unprotected computer linked to the internet. While it slows down computers, it is not believed to cause long-term damage to the hard drive. Internet security company Trend Micro on Monday, May 3, upgraded Sasser to a "red alert" -- its highest warning level. Westpac confirmed Monday it was investigating network problems caused by Sasser. Branches had switched to pen and paper manual systems to allow them to keep trading, but the bank's ATM and internet banking networks were not hit. Source

Agence France-Presse
Sampo, Finland's third largest bank, closed its 130 branch offices across the country on Monday, May 3, to prevent the Sasser Internet worm from infecting its systems. The Sasser bug has so far contaminated millions of computers worldwide, making them shut down and restart in an endless loop. Source

For more information:
Sasser Worm Strikes Thousands of PCs
PC World
Symantec: Norton Anti-Virus
McAfee
RAV
Sophos