- What does Cisco have against Quebec?
- Attrition.org nails another nitwit
- Diary of a deliberately spammed housewife
- Seven cloud-computing security risks
- 20 great Windows open source projects
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Organizations that evaded last week's Sasser worm infestation credited vigilant patching processes and preventative measures such as installing server-based behavior-blocking software and worm filtering gateways.
Anti-virus software, on the other hand, was of limited use in stopping the four known variants of Sasser because the worm could re-infect machines even with the most up-to-date virus signatures, says Vincent Gullotto, vice president at Network Associates' Avert Labs. "If you don't have the [Windows] patch in place, this can happen," he says.
According to Mikko Hypponen, head of anti-virus research at F-Secure in Helsinki, Finland, the Sasser worm variants don't delete files or leave Trojans. This makes it a fairly benign worm and a lot like the Blaster worm of last August. Like Blaster, damage stems from Sasser's intense network scanning, which can paralyze networks.
Among those experiencing Sasser's sting last week were American Express, Goldman Sachs, Air Canada, British Airways, Germany's Deutsche Post, the European Commission and several schools, including the University of California, Irvine and University of Massachusetts at Amherst.
"It affected some of our support systems and caused a degree of disruption internally," says Lucas Banpraag, a Goldman Sachs spokesman. "It delayed processing of some orders."
The Sasser worm infested the financial firm's network a week after hitting its offices in Asia. Goldman Sachs is reviewing how it prioritizes patch management and wants better guidance from Microsoft, the spokesman says.
Microsoft had made the patch available more than two weeks ago for the so-called Local Security Authority Subsystem Service (LSASS) vulnerability that Sasser exploits, giving it a critical rating.
But the sheer size of some organizations makes it hard for them to patch all systems, says Alfred Huger, senior director of engineering for security response at Symantec.
Wolters Kluwer, an 18,500-employee firm in Amsterdam that provides legal information services, got hit with Sasser.
"It was only half a dozen PCs out of hundreds," says Mike Antico, CTO for the firm's North American divisions. "How did these people escape being patched? We think it's because they bring in portable computers."
Rss FeedRss Feed
SpamBully and SpamBayes do a great job on my home and office machines.- Anonymous
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Comment