Hunt for Sasser worm culprit starts in earnest

LONDON – Security experts yesterday began the daunting task of trying to track down the authors of ‘Sasser’, a tenacious computer worm expected to infect millions of machines before it runs its course.

Since appearing at the weekend, the fast-moving worm has wreaked havoc on personal computers running on the ubiquitous Microsoft Windows 2000, NT and XP operating systems, but is expected to slow down as computer users download anti-virus patches. Home users, corporations, and government agencies throughout Europe, North America and Asia have been hit.Once infected, the vulnerable PC reboots without warning as the compact programme hunts for more machines to infiltrate.Microsoft said yesterday it had not made a decision to issue a reward for information leading to the arrest of the Sasser author.Over the past six months, the software giant has offered three separate US$250 000 rewards for previous outbreaks – so far, with no results.Microsoft said it is working with US law enforcement authorities, including the Federal Bureau of Investigation, to flush out the culprits.”They are forensically analysing the malicious code to help identify and bring to justice those responsible for this,” a Microsoft spokeswoman in Britain said on Wednesday.Sasser has again drawn attention to a murky computing underworld using the latest technologies and programming know-how to commit crimes from fraud to extortion.Police say criminal groups, many of whom are believed to operate from Eastern Europe, have hatched a string of computer viruses and worms capable of taking over unwitting computer users’ PCs.Often, the aim is to launch a variety of digital attacks on Internet businesses and drown Web users in spam e-mails from compromised machines.But because of Sasser’s destructive nature, anti-virus technicians disagree on the motive and identity of its author.One prominent theory is that the creator is part of a Russian group calling itself the ‘Skynet anti-virus group’, the same gang behind the recurring Netsky e-mail virus outbreak.A message found deep in the coding of a recent Netsky variant claimed responsibility for Sasser, experts said.”There’s no 100 per cent proof, but there seems to be a link between the two,” said Graham Cluley, senior technology consultant at the Sophos Anti-Virus firm.The masterminds behind Netsky are believed to be massing an army of compromised computers with which they could trigger a new attack, experts say.The motives behind Sasser remain puzzling.”With Sasser, the author seems to be showing off his coding capabilities, but otherwise I have no idea what the motive is,” said Raimund Genes, European president of anti-virus firm Trend Micro.- Nampa-ReutersHome users, corporations, and government agencies throughout Europe, North America and Asia have been hit.Once infected, the vulnerable PC reboots without warning as the compact programme hunts for more machines to infiltrate.Microsoft said yesterday it had not made a decision to issue a reward for information leading to the arrest of the Sasser author.Over the past six months, the software giant has offered three separate US$250 000 rewards for previous outbreaks – so far, with no results.Microsoft said it is working with US law enforcement authorities, including the Federal Bureau of Investigation, to flush out the culprits.”They are forensically analysing the malicious code to help identify and bring to justice those responsible for this,” a Microsoft spokeswoman in Britain said on Wednesday.Sasser has again drawn attention to a murky computing underworld using the latest technologies and programming know-how to commit crimes from fraud to extortion.Police say criminal groups, many of whom are believed to operate from Eastern Europe, have hatched a string of computer viruses and worms capable of taking over unwitting computer users’ PCs.Often, the aim is to launch a variety of digital attacks on Internet businesses and drown Web users in spam e-mails from compromised machines.But because of Sasser’s destructive nature, anti-virus technicians disagree on the motive and identity of its author.One prominent theory is that the creator is part of a Russian group calling itself the ‘Skynet anti-virus group’, the same gang behind the recurring Netsky e-mail virus outbreak.A message found deep in the coding of a recent Netsky variant claimed responsibility for Sasser, experts said.”There’s no 100 per cent proof, but there seems to be a link between the two,” said Graham Cluley, senior technology consultant at the Sophos Anti-Virus firm.The masterminds behind Netsky are believed to be massing an army of compromised computers with which they could trigger a new attack, experts say.The motives behind Sasser remain puzzling.”With Sasser, the author seems to be showing off his coding capabilities, but otherwise I have no idea what the motive is,” said Raimund Genes, European president of anti-virus firm Trend Micro.- Nampa-Reuters