Computer worm snarls machines; SLCC infected

NEW YORK — A pesky computer worm snarled hundreds of thousands of machines worldwide — from Finland to Salt Lake City — Monday in the latest virus-like outbreak to take advantage of a known flaw with the Windows operating system.

Because the new worm, dubbed "Sasser," does not require users to click on an e-mail attachment to activate, it spreads more rapidly than most viruses. It was discovered late Friday and spread as employees returned to work and booted their machines.

The worm caused some computers to continually crash and reboot, apparently the result of bad programming by the virus writer rather than intent, security experts said. Sasser does not cause any permanent damage to files or machines, they added.

In Utah, some 2,000 of Salt Lake Community College's 5,000 computers were hit Monday morning, and infected for about two hours, said Joy Tlou, SLCC communications director. One computer was reported infected at the University of Utah.

"We are using push technology to send the antidote out to our servers," Tlou said of an infrastructure allowing machines to be fixed in bulk, rather than one by one. "We had 40 people working on it all day long, trying to keep on top of it."

Tlou said more machines may have been hit and will be fixed as they are turned on.

Tlou said the impact was minimal, in part because the college is in its final exam period and many students and professors were not on campus.

Other victims were large companies in Germany, Britain and the United States that are clients of Network Associates Inc., said Vincent Gullotto, a vice president at the company's anti-virus research lab. He would not name the companies.

A large television network in Europe also was hit, two security sources said, speaking on condition of anonymity and refusing to elaborate.

Finland's third largest bank, Sampo, closed 120 of its offices for a few hours as a precaution Monday while technicians updated anti-virus programs. E-banking services and the bank's automated teller machines worked normally.

Keynote Systems Inc., which tracks Internet performance, reported no traffic degradation, but security experts say some users could experience slowdowns if machines running Web sites or key Internet gateways are infected.

Though Microsoft Corp. announced three weeks ago the flaw that Sasser exploits — it's a Windows function called Local Security Authority Subsystem Service — many computer owners had yet to apply the software fix the company had released.

Microsoft recommended that owners of Windows 2000 and XP computers install software patches by visiting windowsupdate.microsoft.com. Firewall and anti-virus programs that have the latest updates can also help contain or prevent infection. Sasser does not affect older versions of Windows.

---

Contributing: Deborah Bulkeley.