A fast-spreading worm line that some are comparing to Blaster is exploiting a vulnerability in Windows and has infected as many as 1 million machines worldwide.
"Sasser is the MSBlast event of 2004," said Ken Dunham, director of malicious code research at iDefense. "There are lots of parallels between MSBlast and Sasser. Leading up to Sasser, we saw exploit code updated, Trojaning, and hacking of vulnerable computers, and an underground buzz that resembled that of Blast seen in 2003."
The Sasser worm--the fourth variant, tagged as Sasser.d, appeared Monday, and followed the original, Sasser.a, and two copycats, dubbed Sasser.b and Sasser.c--can infect Windows 2000, Windows XP, and Windows Server 2003 machines without resorting to E-mail and the associated file attachments that users must open to spread the malicious code.
Instead, Sasser, like last year's Blaster, exploits a recent vulnerability in a component of Windows by scanning for vulnerable systems. Sasser then creates a remote connection, installs an FTP server, and downloads itself to the new target.
Sasser exploits a vulnerability in the Windows Local Security Authority Subsystem Service (LSASS) component. Since the vulnerability's disclosure on April 13, exploit code has been circulating, and last week, numerous bot-based attacks used the vulnerability to compromise systems.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
