In this week’s edition of Tech Time Warp, we’re traveling back to early May 2004, when computer users worldwide learned a hard lesson: Don’t procrastinate when it comes to installing a security patch. Users at the Taiwanese post office, the train station in Sydney and some of Wall Street’s biggest banks found out that waiting can prove costly. Seven months earlier, experts at eEye Digital Security had discovered a major vulnerability in Windows 2000 and Windows XP security: the Local Security Authority Subsystem Service, or LSASS.
The LSASS was designed to control all aspects of security, but eEye Digital Security found it could be turned off for a period of time—or used to run another program altogether. The company alerted Microsoft, which spent the next six months developing a security patch. The patch was released April 13, 2004.
If you downloaded the patch upon release, good for you; if not, you might have been caught in the worm’s web. Just 16 days later after Microsoft released the patch, a Russian hacker released a proof-of-concept worm he’d received, a worm that exploited the LSASS vulnerability. German teenager Sven Jaschan had read the Microsoft security dispatch that many IT departments had overlooked and used it to his advantage, writing the code for the worm. The worm was discovered May 1 and named Sasser.
The Sasser worm spread through networked computers. Jaschan had thought of everything, however: He also wrote a virus to accompany Sasser. Called Netsky, the virus arrived in an email purporting to offer a fix for Sasser.
Jaschan’s arrogance offered authorities a clue: He couldn’t resist burying a message inside Netsky code claiming responsibility for both Netsky and Sasser.
Within 24 hours of Sasser’s appearance, Microsoft had launched a massive educational campaign to contain the virus, but it’s estimated “hundreds of thousands” of machines were ultimately affected. As for Jaschan, he received a sentence of one year and nine months of probation.
Photo: zannaz / Shutterstock
Did you enjoy this installation of SmarterMSP’s Tech Time Warp? Check out others here.