Gartner is advising its customers to budget for extra security spending on Windows desktops in the wake of the raft of problems caused by the Sasser worm this week.
The influential analyst group reckons the appearance of another - and perhaps even more devastating - worm is only a matter of time. In the meantime, Users should batten down their security hatches.
Computer security experts warned on Wednesday that the Sasser worm could merge with earlier virus-like programs to wreak more havoc on the Internet, just as companies and PC users clean up from the last attack and authorities hunt for those responsible.
Since appearing on the weekend, the fast-moving Sasser computer worm has hit PC users around the world running the ubiquitous Microsoft Windows 2000, NT and XP operating systems, but is expected to slow down as computer users download anti-virus patches.
The "Sasser" computer worm now plaguing computers around the world was based on a critical software flaw revealed by Microsoft just 17 days before the worm's release.
Microsoft revealed a total of 20 software bugs in a bulletin issued on 13 April and the first version of Sasser appeared on 30 April. Over the next few days this and three variants - tweaked to improve the speed of infection - succeeded in infecting many hundreds of thousands of computers worldwide.
Three new versions of the Sasser worm boosted the infectiousness of the original, spreading to about 500,000 computers by Monday, security researchers said. Like the original worm, the three new programs--Sasser.B, Sasser.C and Sasser.D--take advantage of a vulnerability in unpatched versions of Windows XP and Windows 2000 systems. The worms infect vulnerable systems by establishing a remote connection to the targeted computer, installing a File Transfer Protocol (FTP) server and then downloading themselves to the new host.
Microsoft is considering automating the process of cleaning up systems infected by the Sasser worm, which spread like wildfire across the Internet over the weekend.
The software giant has already released a cleaning tool that can be downloaded manually. Microsoft may put this into automatic updates, depending on the "level of infection and feedback from ISPs," Stuart Okin, Chief Security Officer at Microsoft UK, told El Reg.
Computer security experts are dealing with at least four variants of a worm that is spreading quickly through Windows operating systems.
Known as SasserA, SasserB, SasserC and SasserD, the worm is targeting Windows 2000, Windows XP and Windows 2000 and 2003 servers. Other Windows systems, including Windows 95, 98 and ME, could be indirectly affected.
"It's pretty aggressive, and it's replicating very quickly," said Steven Sundermeier, a security expert at Central Command, a computer security company based in Medina, Ohio.
The security researchers at eEye Digital Security are not impressed with the Sasser worm.
The company, which found the flaws that were exploited by both the MSBlast worm and the Witty worm, on Saturday started analyzing the latest piece of attack code that takes advantage of a Microsoft Windows vulnerability discovered by its researchers. So far, eEye's analysts are surprised that the worm has spread so far.
The University of Calgary is getting a lot of attention these days. The school is offering a course on how to write computer viruses and malware. Story after story has been published in recent days about the pros and cons on the ethics and wisdom of teaching young people how to write malicious code. Chat boards have been alive with reader responses, and in some cases, a little name-calling has erupted. "You're stupid!" "No, you're stupid!" "You're stupider!"
FEAR, uncertainty and doubt swirled through the Macintosh community last week as an antivirus software company said it had uncovered the first Trojan horse software to hit Mac OS X.
Unix-based Mac OS X, released three years ago, has been completely free of viruses, worms and Trojans, in sharp contrast to the infestations that continually sweep the Windows world.
It's a feature that has helped persuade growing numbers of Windows users to switch to the Mac platform.
A new variant of the Phatbot worm may be on the loose and attempting to attack SQL Server ports, according to a warning the SANS Institute issued Monday.
Last month, Phatbot made the rounds, attacking Windows systems by acting as a Trojan horse. Phatbot would then link infected computers into an underground network for sending spam or launching other attacks. SANS is currently in the process of attempting to capture a full packet of data--or an executable file--for further analysis of Phatbot.
