Sasser an IT “annoyance”

Infecting more than a million machines worldwide, the Sasser worm, by no means as damaging as last year’s Blaster and Welchia worms, has nonetheless been an “annoyance” for Canadian business.

Edmonton and Halifax were among the organizations that fought short but pitched battles against the worm in an effort to contain its spread.

“I wouldn’t say no problems, (but) it wasn’t earth-shattering,” said David Muise, divisional manager, information technology for the City of Halifax. “We had, I think, 280 infections out of…1,800 clients,” he said. “It was mostly an annoyance, the city kept working,” he added.

The City of Edmonton also had to shut down systems including its Web site and e-mail. For several hours, thousands of employees had to rely on faxes and phone calls to communicate, according to a Canadian Press story. The city’s manager of IT refused to go into more detail when contacted by ComputerWorld Canada, although she did not deny the report.

Air Canada, heavily hit by Welchia last summer when reservation and check-in systems were brought to their knees, was unaffected by Sasser, spokesperson Laura Cooke said.

Temple University in Philadelphia also had infections, but they were easily contained. “Our internal network is highly segmented,” said Ariel Silverstone, the University’s chief information security officer. “So an infected machine could only infect those (unpatched) machines in its subnet.” Sasser exploits a recently disclosed hole in a component of Windows called the Local Security Authority Subsystem Service, or LSASS.

Microsoft released the software patch MS04-011 on April 13 that plugs the LSASS hole.

Temple had about 100 infections out of 14,000 machines, half of which were external machines belonging to university staff or students. Silverstone said one of the reasons there were not more problems was a very successful program to warn users of the need to patch their systems. Compliance was over 90 per cent, he said. Silverstone agreed with Muise that Sasser was more of an “annoyance” than anything.

American Express Co. was one of the more high-profile corporations to experience a Sasser infection. Employee desktops were infected, which subsequently disrupted the company’s internal networks. It did not have an impact on customer services, according to Judy Tenzer, a company spokeswoman.

External machines connecting to internal corporate networks were suspected to have caused some of the infections, since a properly maintained firewall at the network level will prevent Sasser’s attempt to enter via port 445. “I suspect that it came in…when somebody brought their laptop from home, plugged it in behind the firewall,” Muise said. “We don’t use personal firewalls on our private networks.”

Silverstone said desktop firewalls, though a nice security feature, are not even in the discussion phase at the university. A major limiting factor is the inevitable increase in help desk calls, he said.

The Sasser worm hit networks only 17 days after Microsoft released a patch on April 13. For many, the increasingly small window between patch and attack (Blaster had a 26 day window) is a major cause for concern.

“The problem we have is that we don’t patch [our computers] automatically, because we have to test [the patches] because quite often Microsoft patches step on other applications,” Muise said. “And we hadn’t had time to complete all the testing before we got hit,” he added. “So we were between a rock and a hard place…(but) fortunately all of our major applications, like SAP, run on Unix,” he said.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now