Sasser virus strikes back despite arrest

Link: Microsoft issues Sasser worm patch

Microsoft said it ‘commended German law enforcement for its prompt arrest relating to the Sasser worm’ and said the company?s anti-virus reward programme investigators had worked with informants on the case during the past week.

Microsoft said the investigation over the past week has allegedly led to information relating to all four variants of the Sasser worm, and to the Netsky worm.

‘Ultimately there were 28 variants of the Netsky worm, and German authorities are alleging that all these variants are connected to the individual arrested yesterday,’ Microsoft said in a statement.

Graham Cluley, senior technology consultant at Sophos, said in a statement: ‘If you scrutinise the most recent Netsky worm, you can see that the author embedded a taunt to anti-virus companies, bragging that he also wrote the Sasser worm. If this is the case, this could be one of the most significant cybercrime arrests of all time.’

Cluley added: ‘The international authorities have moved fast in arresting this teenage suspect. Seizing this man’s computers could provide the vital clues which may break open the underground worm-writing network which has been responsible for not only Sasser, but the Netsky worms too.’

Even so, a new variant (E) has already emerged since the arrest.

Like the other Sasser variants, Sasser.E exploits a security gap of Microsoft Windows known as LSASS, documented in its MSO4-011 bulletin. In addition Sasser.E has been programmed to erase from the system variants of the Bagle worm.

Luis Corrons, head of security firm PandaLabs said in a statement: ‘This seems to indicate that there is a kind of cyber war being waged among the creators of the Bagle, Mydoom, Netsky and Sasser worms, and it will continue to cause many more variants of the virus.’

Related reading

HMRC banknotes