Computer Crime Research Center


Sasser Computer Worm on the Loose

Date: May 06, 2004
By: Valeria Korchagina

According to TheMoscowTimes, the Sasser worm slipped into tens of thousands of computers around the world over the holiday weekend, slowing down Internet connections and creating a new headache for companies and households.

The worm's origins are unclear, although some cyber sleuths suspect that it came from Russia.

"There are two main ways to trace the origin. First of all, the clues may be found in the code of the worm, and secondly, the locations where the worm first appeared could be indicative," said Denis Zenkin, spokesman for Kaspersky Labs, a leading creator of anti-computer virus software.

With Sasser, however, there are no clear indications yet linking it to Russia, Zenkin said Wednesday.

Virus experts are looking into the possibility that Sasser may have been created by the same individual or group that came up with Netsky, the worm with a Russian-sounding name that first hit computers worldwide in February. They are following a taunt buried in the code of the latest version of the worm, which began infecting computers in recent days.

"Hey av firms, do you know that we have programmed the sasser virus?!? Yeah, thats true," the message says, according to the web site

It remains unclear whether the message is a claim of responsibility or an attempt by Netsky's authors to share in Sasser's fame. Like Sasser, Netsky's origins are unknown.

Sasser, which is being called a moderate threat, uses a hole in Microsoft Windows 2000 and XP software to replicate itself and spread by searching for IP addresses within computers that are vulnerable to the worm. While the new worm appears have no destructive effect on the infected computer, the consequences can still be drastic since it clogs communications routes by spontaneously multiplying and spreading copies of itself. The worm, which like many computer viruses attaches itself to e-mails, is able to spread easily due to its capacity to enter a computer's operating system without the computer user needing to first open the e-mail attachment.

The fact that Sasser does not attempt to destroy the computer indicates that it was probably created as a prank, Zenkin said. "But if you look at the consequences, such as clogged Internet connections and networks, it does look like cyber-terrorism," he said.

Although there is no concrete evidence linking Sasser or Netsky to Russia, Zenkin said Russia is becoming a global leader in the prolificacy of programmers in creating worms and viruses. The established leaders are China and several countries in Latin America.

Computer experts have traced at least one dangerous computer virus, MyDoom, to Russia. But with its creator still unidentified, there is no solid proof that it is indeed Russian. MyDoom swept computers worldwide earlier this year.

But even if a virus is proven to be Russian, prosecution is unlikely to follow. Russia lacks adequate tools to prosecute malicious programmers, Zenkin said.

"In the West, as a rule, the mere appearance of such a problem is enough to open a criminal investigation. But in Russia, a person or a company has to actually file a complaint about the damages caused by viruses or worms," he said.

As a result, he said, complaints are hardly ever filed because companies end up dealing with the problem internally rather than disclosing damages that could potentially harm their business.

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2005-09-02 22:34:05 - u should give us more info Stefanie
2004-05-07 05:02:12 - i code programs in school where all... this guy
2004-05-06 20:45:31 - "communist" virus. "polish" virus, blame... rocoalexisII
2004-05-06 20:42:27 - so it is indeed fatal to some systems, and... rocoalexisII
2004-05-06 16:21:37 - "Netsky, the worm with a Russian-sounding... rock
Total 5 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo