In early May 2004, computer users worldwide learned a hard lesson: Don’t procrastinate when it comes to installing a security patch. Users at the Taiwanese post office, the train station in Sydney, and some of Wall Street’s biggest banks found out that waiting can prove costly.
Seven months earlier, a digital security expert named Yuji Ukai had discovered a major vulnerability in Windows 2000 and Windows XP security: the Local Security Authority Subsystem Service, or LSASS. The LSASS was designed to control all aspects of security, but Ukai found he could turn it off for a period of time—or get it to run a program of his choice. Ukai’s employer, eEye Digital Security, alerted Microsoft, which spent the next six months developing a security patch. The patch was released April 13, 2004.
If you downloaded the patch upon release, good for you. If not, you might have been caught in the worm’s web. Just 16 days after Microsoft released the patch, a Russian hacker released a proof-of-concept worm he’d received, a worm that exploited the LSASS vulnerability. German teenager Sven Jaschan had read the Microsoft security dispatch that many IT departments had overlooked and used it to his advantage, writing the code for the worm. Finnish analysts discovered the worm May 1, naming it Sasser.
Fallout from Sasser
The Sasser worm spread through networked computers. Jaschan had thought of everything, though. He also wrote a virus to accompany Sasser. Called Netsky, the virus arrived in an email purporting to offer a fix for Sasser.
Jaschan’s arrogance offered authorities a clue. He couldn’t resist burying a message inside Netsky code claiming responsibility for both Netsky and Sasser.
Within 24 hours of Sasser’s appearance, Microsoft had launched a massive educational campaign to contain the virus, but it’s estimated “hundreds of thousands” of machines were ultimately affected. As for Jaschan, he received a sentence of one year and nine months of probation.
Photo: Marxstudio/Shutterstock.com