As computer systems administrators worked to clean up the damage done by the fast-spreading “Sasser” internet worm in early May, security experts noted that the attack could have been minimized had more people downloaded a software patch made available by Microsoft Corp. just three weeks before.

Launched on April 30, Sasser took advantage of a known flaw with the Windows operating system, snarling as many as 1 million computers worldwide as of May 4 and causing internet traffic to slow. Though Microsoft had announced the flaw with its so-called Local Security Authority Subsystem Service April 13, many computer owners had yet to apply the fix that the company had released.

Unlike most outbreaks, the Sasser worm does not require users to activate it by clicking on an eMail attachment. Sasser is known as a network worm because it can scan the internet for computers with the security flaw and send a copy of itself there automatically.

The worm caused some computers to continually crash and reboot, apparently the result of bad programming by the virus writer rather than intent, security experts said. Sasser does not cause any permanent damage to files or machines, they added.

David Perry, director of public education with security vendor Trend Micro, said Sasser continues a trend in which virus writers take advantage of announced flaws more and more rapidly.

In the past, he said, it would take months or even years to widely exploit a vulnerability—not the weeks it took writers of Sasser. The trend underscores the need for school network administrators and individual computer users to apply patches as soon as they are announced.

Schools and universities were among those who felt the effects of the worm, IDG News Service reported May 4.

Approximately 200 machines on Boston College’s campus network were infected with Sasser, most of them laptop and desktop computers owned by students, according to David Escalante, director of computer policy and security for the college. Other schools also reportedly faced large-scale outbreaks, including more than 1,000 machines at Boston University.

Microsoft recommended that owners of Windows 2000, NT, and XP computers install software patches by visiting the company’s Windows Update web site (see link below). Firewall and anti-virus programs that have the latest updates also can help contain or prevent infection. Sasser does not affect older versions of Windows.

The web sites of anti-virus vendors have instructions for removing the worm from machines already infected.

See these related links:

Microsoft Windows Update
http://windowsupdate.microsoft.com

Sasser information from Microsoft
http://www.microsoft.com/security/incident/sasser.asp

Sasser information from Trend Micro
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SASSER.A