Sasser Worm


Barnett Computer Services

Sasser Worm


Computer experts are saying the Sasser Worm will be around for a long time to come. The actual name of the Sasser Worm virus is Sasser.B, Sasser.D or Worm_Sasser.B. The worm causes computers to unexpectantly reboot. Fortunatly, it doesn’t delete any files.

You can be infected just by being connected to the Internet running a Microsoft Windows operating system and not applying the vulnerability patch Microsoft Security Bulletin MS04-011. This is the vulnerability patch released by Microsoft on April 13, 2004. Microsoft has announced that over 1.5 million people have visted their web site so far to find out how to get rid of the virus. Viruses can go through a long period of cleanup, re-infect, cleanup, re-infect, so it’s important to get the patch installed on your computer.

Sasser was not an e-mail based virus. It exploited a vulnerability in the Windows 32-bit operating system, specifically the Local Security Authority Subsystem Service (LSASS).

Sasser infected hundreds of thousands of computers around the world including hospitals, banks, airlines, government agencies and homes. Maury County School District in Tennessee, had 1,000 of it’s 3000 computers infected. The Sasser worm infected Delta Airlines so badly that it cancelled about 40 flights and delayed many others. The UK Coastguard’s computers and networks were completely offline for several hours. If you’re running an older version of Windows you don’t have to worry. Sasser only infects Windows 2000 and Windows XP operating systems.