Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Sasser Worm Fairly Benign, Says AT&T Security Manager

The new Sasser worm meandering its way from server to server on the Internet -- it's not passed along via e-mail -- is unlikely to have widespread devastating impact, although new, more onerous variants could develop, said the manager of AT&T's security operation Monday.

"It attacks PCs," said David Cottingham, director of AT&T Managed Security Services in an interview. "And there's a patch for it. If the patch is in place, you'll be protected." Microsoft announced the vulnerability in April, and the writer of the worm moved quickly to exploit it, said Cottingham.

Cottingham said AT&T's customers were sent Sasser alerts via e-mail and pager at noon on Saturday, along with detailed information on how to protect against it. As of early Monday, there were two variants extant. Cottingham said the patch--which has been available from Microsoft since last month--will protect against any variants of the worm. "We'll be on the lookout to see if it changes," said Cottingham.

Cottingham said Sasser is illustrative of a growing trend: worm and virus writers--some are calling them "cyber terrorists"--move quickly to exploit a software vulnerability immediately after it's announced, typically by Microsoft. While Sasser is moving slowly and is considered to be poorly written, it potentially can address a huge population of Windows 98 and XP users.

Whether the worm will continue to replicate itself in different variations remains to be seen, Cottingham said, noting that AT&T Internet Protect and AT&T Personal Firewall are in place to thwart the incursions for AT&T customers. The AT&T system watches threats that sometimes take several days, even weeks, to build up. "With the Slammer [worm] we saw anomalies and spikes by an order of magnitude of 10," he said. "We were able to put appropriate patches in place, so there was essentially zero impact."

  • 1