RealNews

Sasser worm exposes patching failures

Organizations that evaded last week’s Sasser worm infestation credited vigilant patching processes and preventative measures such as installing server-based behavior-blocking software and worm filtering gateways. Anti-virus software, on the other hand, was of limited use in stopping the four known variants of Sasser because the worm could re-infect machines even with the most up-to-date virus signatures, says Vincent Gullotto, vice president at Network Associates’ Avert Labs. “If you don’t have the [Windows] patch in place, this can happen,” he says. According to Mikko Hypponen, head of anti-virus research at F-Secure in Helsinki, Finland, the Sasser worm variants don’t delete files or leave Trojans. This makes it a fairly benign worm and a lot like the Blaster worm of last August. Like Blaster, damage stems from Sasser’s intense network scanning, which can paralyze networks. Among those experiencing Sasser’s sting last week were American Express, Goldman Sachs, Air Canada, British Airways, Germany’s Deutsche Post, the European Commission and several schools, including the University of California, Irvine and University of Massachusetts at Amherst. Full Story

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.