Net watchers wary of Sasser fallout

Although the damage wrought by Sasser failed to reach the levels of MSBlast and other major infections, security experts are warning that there could still be more trouble to come from the worm.

One researcher said Thursday that the group of online vandals suspected of creating both the Sasser worm and several variations of the Netsky virus could combine the two threats. The resulting blended threat could dodge security inside corporate systems via e-mail messages and then spread quickly, once inside those networks.

"Sasser is inhibited by gateways, and adding the e-mail aspect would bypass the gateways," said Jimmy Kuo, a researcher and a McAfee fellow at security company Network Associates. The technique is "rather obvious," he said, defending the decision to publicize the strategy in an alert. "I don't think I am giving a clue to the virus authors," he said. The 6-day-old Sasser worm has begun to spread more slowly, as companies clean up existing infections, according to security researchers. However, as with previous worm programs, it's unlikely that Sasser and its offshoots will ever truly disappear from the Internet. While new versions of a particular worm tend to have a smaller effect than the original, variants that add different ways to disseminate themselves--whether by exploiting other flaws or by fooling users--could have more impact.