Sasser (computer worm)
The computer worm Sasser (The name is a play on words composed of the English verb "to sitting " - " naughty to give answers " and the fact that he exploits the LSASS service) spread beginning of May 2004 at high speed on computers running the Microsoft operating systems Windows 2000 and Windows XP.
The "official" name of the worm is W32.Sasser. Among the affected systems were computer at banks, travel companies and public institutions. Affected the computers of the German Postbank, the Finnish Sampo Bank, Delta Air Lines and the European Commission as well as other businesses and government agencies worldwide were. The programmer of Sasser, Sven Jaschan, a then 17 - year-old student from Waffensen, a district of Rotenburg ( Wumme), was temporarily arrested on 7 May 2004. The computer science students ( vocational school ) is also responsible for the viruses of the Netsky series.
Sasser is not sent as an email attachment. As soon as a user connects to the Internet, the worm uses an error in a Windows system service named Local Security Authority Subsystem Service (LSASS ). If it finds a vulnerable computer, it infects it with a code that copies the actual worm from an infected machine. To this end, it starts on port 5554 an FTP server.
The infected computer is switched off by the worm at irregular intervals. The material damage is difficult to measure because it is a general loss of productivity in companies or to defects in the accessibility and usability of web pages by the customer at the damage substantially.
Within a short time appeared on several variants of the worm: Sasser.B, Sasser.C and Sasser.D ( the original is called Sasser.A ). An e -mail worm known Netsky.AC uses the fear of users before Sasser from: The sender it claims to be a manufacturer of antivirus software and camouflages itself among other things as a program to remove Sasser.B.
Another worm known Phatbot normally closes the back doors that have opened other worms, and deletes for example, in the Bagle worms or Mydoom the pest. Sasser, however, is changed from Phatbot to find out all the IP addresses of the worm and Sasser follows according to infect the newly infected computer. It is this infection in a file named wormride.dll in the Windows directory recognize. If this file is present, the computer is infected with two worms.
Sasser has infected an estimated two million computers. The worst ever attack by the worm W32.Blaster, which is also called Lovsan had infected 9.5 million computers, according to estimates by Microsoft and causing significant financial damage to the world.
To make the Sasser programmers locate, put the software giant offered a reward of $ 250,000, which led to the seizure of the offender.
The developer of computer worms was sentenced on 8 July 2005 to a youth sentence of one year and nine months probation and 30 hours of community service by the youth jury court of the District Court of Verden.