Back in April / May 2004, a worm began to run like wildfire, causing a little window to appear on our computer with a countdown. This vulnerability spread through the Internet and we cannot imagine the impact it could have had today with social platforms such as Twitter. The Sasser worm, although on a technical level it was W32 / Sasser-A, W32 / Sasser.worm, Win32 / Sasser.A, WORM_SASSER.A, and it affected computers with Windows XP, 2000, NT and 2003.
What was the Sasser Worm doing to infected computers
Once inside the machines, it installed an FTP server so that other infected computers could connect and download it. After finding a vulnerable computer, the worm would open a remote shell on the computer, download the virus, and save it in the Windows folder. After downloading the file, the worm created a file called win.log where it stored the computers that could be infected. Finally, it created several entries in the registry to carry out the restart of the machines.
Sasser came to affect several companies and organizations, including the Agence France Presse news agency and the Delta Air Lines flight company, in the latter, the infection was so great that many of its satellites were disabled for hours causing several flights to be canceled.
From the beginning it was always believed that this virus was created in Russia by the same person who created Blaster or Lovsan, but in 2004 a student named Sven Jaschan was arrested for creating the virus. This arrest was carried out due to the information that Sven revealed before a generous offer that Microsoft presented. Sven was treated as a minor by German authorities because it was determined that the worm was created before he was 18 years old.
Other reads:
The Morris Worm – The first self-replicating Malware
What are Worms and what they do?
[…] reads:Sasser Worm – The virus that restarted the computerZLoader – A Dangerous malware […]