Sasser computer virus hits bank, EU offices

The rapidly evolving "Sasser" computer worm tore across the Internet today, hitting corporate and home computers and stoking …

The rapidly evolving "Sasser" computer worm tore across the Internet today, hitting corporate and home computers and stoking fears worse may be to come.

First detected over the weekend, the worm has already infected, by some estimates, over one million PCs. Among its victims are banks, travel-booking systems, European Commission offices and Britain's 19 Coastguard stations.

Unlike previous Internet worms, Sasser infects vulnerable PCs without any action by the user like opening attachments, allowing it to spread very quickly.

Home users would likely first notice an infection if their computer mysteriously rebooted or their Internet connection slowed dramatically.

READ MORE

Security experts are analysing the worm to determine where Sasser might hit next.

"We don't know yet, for example, if it attacks machines running on Windows XP Embedded, which runs ATM machines and cash registers. That would be disastrous for banks and retailers," said Mr Raimund Genes, European president of security software firm Trend Micro.

In the space of three days, four variants have emerged, each capable of causing machines that run on Microsoft's Windows operating systems XP, NT and 2000 to reboot without warning and knocking out some computer-reservation systems.

Victims include Goldman Sachs, Australia's Westpac Bank and Finnish financial company Sampo. It has also hit about 300,000 computers at Germany's Deutsche Post.

Sasser attacks can exploit a feature in Windows known as the Local Security Authority Subsystem Service, which had been targeted in a Microsoft security update released on April 13th.

Computer security experts think Sasser was programmed by a group believed to be based in Russia calling itself the "Skynet anti-virus group".