Sasser.D Worm Arrives, Ready to Do Damage
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

Sasser.D Worm Arrives, Ready to Do Damage

Written By
Dennis Fisher
Dennis Fisher
May 4, 2004
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

A fourth version of the Sasser worm is now at work infecting Windows machines, and this one has the potential to cause serious network slowdowns and outages, experts say.

The Sasser worm family, like its namesake, journeyman major league catcher Mackey Sasser, who once became so overcome by nerves that he couldnt throw the ball back to the pitcher and tried to reinvent himself as a first baseman/outfielder, is showing signs of changing its stripes in order to survive.

Sasser.D appeared Monday afternoon and is similar to the previous three versions in most respects. The main difference in the new variant is that it uses ICMP echo requests, also known as pings, to look for other machines to infect. The Nachi worm of last summer had the same capability and, on networks with a number of vulnerable machines, the worm caused severe congestion.

/zimages/3/28571.gifFor insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.

The new Sasser variant could cause the same problems, experts warn. And, Sasser.D can scan multicast addresses, which has led to it causing some destabilization of routers that handle multicast traffic, analysts at The SANS Institute in Bethseda, Md., said.

Sasser.D also uses a different name for the file it leaves on infected PCs: Skynetave.exe. And it creates a remote shell on TCP port 9995, instead of 9996, which is used by the other three variants.

/zimages/3/28571.gifFor more details on how Sasser works and how to protect against the worm,click here.

In addition to the new variant, there also is a hoax e-mail circulating that claims to contain a fix for Sasser. The message actually contains a new version of the NetSky worm.

The Sasser worms have infected at least 500,000 machines so far, and perhaps as many as 1 million, security experts say. The original worm is responsible for about 30 percent of those infections, with Sasser.B, Sasser.C and Sasser.D accounting for 40 percent, 10 percent and 20 percent, respectively, according to numbers provided by Network Associates Inc., based in Santa Clara, Calif.

Editors Note: This story was updated to include information on the number of PCs affected by the Sasser worms.

/zimages/3/28571.gifCheck outeWEEK.coms Security Centerat http://security.eweek.com for security news, views and analysis.
Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page:http://us.i1.yimg.com/us.yimg.com/i/us/my/addtomyyahoo2.gif

Dennis Fisher
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information