Sasser Worm Sassing Millions of PCs

A new worm known as Sasser and first spotted late in the final week of April has sassed at least 6 million computers around the world including some belonging to heavy corporate players like Delta Airlines.

"Our estimate," said F-Secure anti-virus research chief Mikko Hyppoenen May 3, "is that at least hundreds of thousands of computers have been infected worldwide, and that the number is growing. Looking at network traffic, maybe up to 1 percent of all computers worldwide - some 6 million - could be infected."

At least four variants of Sasser have been identified as of this writing.

Hyppoenen would not name specific large corporations F-Secure identified as having been hit by Sasser, but other reports indicated Delta Airlines spotted enough computer glitches May 1 to cancel several flights. "There are some large outbreaks in international companies," Hyppoenen told one news wire service. "There is more going on than is reported." He offered no further confirmed details.

But other anti-virus and security experts reportedly believe Sasser has been sassing wider than F-Secure has estimated so far. Panda Software, for example, is said to believe just over 3 percent of the world's computers (an estimated 18 million) have been hit with the bug. "Compared to other viruses which have appeared on weekends when activity is low - doubly so now that May 1 is a holiday in many countries - this one has positioned itself as one of the quickest-spreading and most virulent ones," Panda spokesperson Luis Corrons told Agence France Presse.

Sasser exploits a Microsoft vulnerability and spreads itself by scanning randomly-chosen Internet protocol addresses on unpatched Microsoft systems, according to Norton Antivirus makers Symantec. Microsoft had issued a weekend security warning for Sasser, reiterating an earlier report that a then-unidentified worm was out to exploit a hole in the Local Security Authority Subsystem Service (LSASS) element of Windows. The software giant said versions of Windows XP and Windows 2000 were vulnerable, but last year's 64-bit edition version of Windows XP was not.