14 May 2004
Dabber worm feeds on Sasser-infected computers, Sophos reports
|The Dabber worm infects computers already struck by the Sasser worm|
Dabber exploits vulnerability in Sasser worm's code
Sophos has advised computer users about a new internet worm which hunts for computers infected by the widespread Sasser worm, and then infects them by exploiting a security vulnerability in Sasser's code.
The W32/Dabber-A worm searches for computers that have already been infected by variants of the Sasser worm. Dabber uploads itself to the infected computers it discovers by exploiting a vulnerability in the FTP server code run by the Sasser worm.
"We're used to hearing about worms exploiting security holes in software code written by operating system and firewall vendors, but in this case it's the Sasser worm's code which contains the bug and can allow Dabber to break in," said Graham Cluley, senior technology consultant for Sophos. "If recently arrested German student Sven Jaschan really did write Sasser he should be sent to the bottom of the class for leaving this bug in his code."
Sophos does not believe Dabber will become as widespread as the Sasser worm family, as users have acted to clean-up their computers and ensure proper firewall and anti-virus protection is in place.
"All home users and businesses should ensure their systems are properly defended with up-to-date anti-virus software, strong firewalls and the latest security patches from Microsoft," continued Cluley.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.