Did Sasser worm strand 300,000 train travellers? Sophos reports

May 03, 2004 Sophos Press Release

According to Australian media reports, the new Sasser internet worm may be being blamed for 300,000 train travellers being stranded in Sydney yesterday.

A failure of Sydney's train radio network left many railway stations closed, with only 20% of trains running.

RailCorp apologised for the inconvenience to customers, explaining that it could have been the Sasser worm which disrupted communications between train drives and signal boxes.

"It could very well be a matter related to a virus getting into the system," said Vince Graham, CEO of RailCorp, "There's no evidence that hacking is an issue here, the viral infection could very well have been introduced by our own people not taking sufficient care."

"It's hard to know whether the Sasser worm was responsible for the disruption to the Australian railway system this weekend," said Graham Cluley, senior technology consultant for Sophos. "What is clear is that all companies should put measures in place to properly secure their systems from Sasser and other malicious attacks."