A "red alert" has been declared by network security firms nationwide after a new version of the deadly Sasser worm that appeared late Friday was circulating on the Internet yesterday.The new variation of the Sasser worm, named Sasser.C was identified by antivirus companies just days after the first version of the new worm appeared.
But patches to guard against the variant have been made available on the Emirates Internet and Multimedia website.
Computer experts say although the worm does not damage data within the computer, it is spreading fast and is "mutating" into different strains.
Trend Micro Inc, a security service provider, warned of a family of Worm_Sasser, which is spread by scanning for random IP addresses and exploiting a buffer overrun vulnerability recently reported by Microsoft for Windows.
The firm said anyone connected to the Internet, including corporate networks and broadband subscribers, could be at risk from the worms. Since May 1, variations of the worm have targeted countries throughout Europe, Asia, Latin America and the US.
Justin Doo, managing director of Trend Micro in the Middle East and Africa region, said: "The virus attacks through ports 555-4 and 999-6 in the firewall."
Doo confirmed that some of his customers had been hit by the worm attack but technology could prevent this. Microsoft also confirmed it was "actively analysing and providing guidance on the worm".
"Millions of Microsoft customers who activated Microsofts automatic update service were protected from this worm, because the vulnerability was fixed by Microsoft Security Update MS04-011 on April 13," said Haider Salloum, marketing manager, Microsoft South Gulf.
"Also, customers who activated the Windows XP Firewall will have been protected from this worm, as will users of most other commercial firewalls," he added.
Software experts also urged home and corporate users to make it a habit update their anti-virus software on a regular basis to prevent attacks from destructive viruses.
"People sometimes get lazy and ask themselves why they should run anti-virus software every day," said Praveen Raghavendran, senior support executive at Sage Software ME, a Dubai-based firm which supports 150 corporate customers in the region.
"Sasser is not a very destructive virus, but it causes computers to continually shut down, virtually preventing users from getting on with their work. "The best defence is to have online anti-virus updates."
While Sasser is not the first worm to take advantage of the Microsoft vulnerability, it uses a method of propagation to spread at an exceptional rate.
Derrick Lewis of Avalon System, a Dubai-based IT solutions provider, said: "Removing the virus alone is not going to work, as it might return. Users must also apply a security patch."
Sreekanth Y., business development manager of RAS Infotech Ltd, a computer security company in Dubai, said: "Sasser has spread in a similar way to last years Blaster worm. It does not spread via email, so e-mail scanning services will not detect it."
Read this before starting your computer* Home users can download patches to protect themselves from the Sasser worm from the Emirates Internet and Multimedia website. The patches are available at www.emirates.net.ae and at www.eim.ae
* They can also download the anti-virus software for free from Sophos.com but have to update the patches manually.
* Home users of Microsoft Windows can visit windows update.microsoft.com to have their systems scanned for critical Microsoft security vulnerabilities. Networking experts recommend that every IT manager should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.asp
Gulf News
