Just how bad was Sasser? Here’s a list, courtesy of F-Secure, of places and companies affected by the worm:
- County hospital in Lund, Sweden (5000 computers and X-ray equipment offline)
- European Commission in Brussels (1200 machines offline)
- Coastguard in UK (19 regional offices offline)
- British Airways in UK (flights delayed)
- Westpac Bank in Australia (offices and call centers closed)
- Post Office systems in Taiwan (1600 machines offline, 400 offices affected)
- Heathrow airport in UK (computers at one terminal offline)
- Public courts in Cantabria, Spain
- Hong Kong government systems
- State hospital of Hong Kong
- Suntrust Bank in USA
- American Express in USA
- Nova University in USA
In other words, quite a lot. Part of the problem is that it hit at the weekend — probably deliberately. Very few institutions keep their tech support at full levels then — some don’t have any at all. That, or they use weekends to perform upgrades, which leaves systems even more vulnerable.
The Australian Financial Review quoted David Morgan, chief executive of Westpac Bank, as saying that the bank was in the midst of installing the three-week old patch which would have protected it against Sasser when the worm hit. “The perpetrators of the virus moved more quickly than us . . . and caused that disruption to our network,” David Morgan was quoted as saying. Result: 800 computers knocked offline and staff forced back to pen and paper for nearly two days.
F-Secure should check their facts before repeating misleading reports.
See Rob’s take on Sasser.
Panicky firms have damaged themselves over the years in a trend known as “precautionary disconnects.” In the latest example, an AFP newswire revealed “Sampo, Finland’s third largest bank, closed its 130 branch offices across the country to prevent the Sasser Internet worm from infecting its systems… ‘We decided to close our offices as a precaution, since we knew that our virus protection hadn’t been updated,’ Sampo spokesman Hannu Vuola [said].” In other words, Finland’s third-largest bank voluntarily made itself Finland’s smallest bank — because they didn’t trust their “antivirus solution” to protect them in a time of crisis.
Contrary to widespread reports, Australia’s “RailCorp” railway system may not have been hampered by the Sasser worm. CEO Vince Graham was quoted as saying the company’s most recent woes “could very well be a matter related to a virus getting into [RailCorp’s] system.” Graham did not confirm anything, and other officials conceded they didn’t really know what caused RailCorp’s most recent problem. This is an important distinction. Vmyths readers may recall security experts incorrectly blamed a computer worm for the U.S. electrical blackout of 2003.
On the contrary, I should have checked my facts, not F-Secure. They refer to neither Sampo, Sweden, nor RailCorp, Australia. Should have gone for the second cup of coffee before firing off, half asleep.