/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBrett Young
HELSINKI: The fast-spreading "Sasser" computer worm has infected hundreds of thousands of PCs globally and the number could soon rise sharply, a top computer security official said.
"If you take a normal Windows PC and connect to the Internet, you will be infected in 10 minutes (without protection)," Mikko Hypponen, Anti-Virus Research Director at Finnish data security firm F-Secure, told Reuters.
"It seems to be gradually getting worse, but it could jump as the U.S. wakes up," he said.
F-Secure says the worm, which surfaced at the weekend, automatically spreads via the Internet to computers using the Microsoft Windows operating system, especially Windows 2000 and XP.
The spread of the virus had been muted so far, Hypponen said, as it emerged on a weekend, and holidays closed offices in places like the United Kingdom and Japan on Monday. But the spread was expected to worsen as the working week hits its stride.
"We have already seen three versions of Sasser during the weekend, and we could see more today," Hypponen said, adding he believes the worm originated in Russia.
Finnish bancassurer Sampo temporarily closed all of its branch offices, some 130 in all, on Monday as a precaution against Sasser.
In Australia, Westpac Bank said it was hit by the worm, and branches had to use pen and paper to allow them to keep trading, The Australian newspaper (http://www.theaustralian.news.com) reported.
U.S. firm Delta Air Lines suffered a computer glitch on Saturday that caused delays and cancellations of certain flights across its system, but a spokesman said there was no information yet as to the cause.
"With Sasser it seems that companies are (using software) patches better and more quickly than last year (with virus "Blaster"), but for those that are hit, they are hit hard," Hypponen said.
Blaster infected computers around the globe last year.
NO NEED TO CLICK
The current worm does not need to be activated by double-clicking on an attachment and can strike even if no one is using the PC at the time. When a machine is infected, error messages may appear and the computer may reboot repeatedly.
"Compared to what happened with Blaster...last August... this virus has all the same features," Hypponen said, noting that both worms exploited relatively new holes in Windows and frequently caused computers to reboot.
Microsoft said Blaster cost it "millions of dollars of damages", and has issued a $250,000 bounty for information on the whereabouts of its author.
F-Secure said corporate networks should be protected against Sasser and its variants by firewalls -- Internet road blocks that separate internal from public networks.
F-Secure said the worm emerged 18 days after Microsoft posted a corrective-code software patch on its Web site. This continues a common pattern with viruses whereby firms announce flaws in their software and hackers race to exploit them.
For home computer users, people should make sure they have downloaded the patch from Microsoft to fix the breach. If their computer is infected, the patch must first be downloaded before the virus is removed or else the PC could catch the worm again.
Hypponen said he was not sure there was a better way for firms to alert users to software problems.
"There are always going to be security holes in mainstream products," he said. "Even if these are not made public, the bad boys will find out about them anyway."
© Reuters