:: Deepquest ::

A worm, dubbed Sasser by antivirus firms, was spreading slowly throughout the Internet on Saturday, taking advantage of a vulnerability in unpatched Windows systems to infect new hosts.

The Sasser worm began spreading Friday night and seems to be moving at a pace far slower than previous worms such as MSBlast and Code Red, said Alfred Huger, senior director of security firm Symantec’s response team.

“It is a slow burn,” he said. “It is picking up speed, but right now we aren’t seeing to much activity.”

Symantec initially rated the Sasser worm as a two on its five-point scale of threats. A five is the highest danger rating on the scale. Rival antivirus firm Network Associates rated the threat a medium danger, and the Internet Storm Center, which monitors network threats, raised its general Internet danger level to yellow, essentially a medium rating as well.

“Due to the release of this worm, we moved to infocon yellow for the next 24 hrs,” the Internet Storm Center site said. “The exact impact is not clear at this point.”

Security experts did not know how far the worm had spread, but many companies reported some infections, said Vincent Gullotto, vice president of Network Associates’ antivirus emergency response team.

“We have had 25 to 50 reports from companies that have had up to a few hundred machines infected,” he said. “One company wanted to patch this weekend, but the worm infected their network first.”

The creation of the worm didn’t surprise the Internet’s security community. Security experts widely predicted that a worm would soon start spreading using that particular flaw by exploiting a recent vulnerability in a component of Microsoft Windows known as the Local Security Authority Subsystem Service, or LSASS.

more from
[url=http://news.com.com/2100-7349_3-5203764.html?part=rss&tag=feed&subj=news]News dot com[/url] or [url=http://quote.bloomberg.com/apps/news?pid=10000085&sid=aYq8eqBCqpOw&refer=europe]Bloomberg[/url]