NT government reeling as Sasser goes bush

The Northern Territory government has put its hand up as being among the victims of the Sasser worm, which began spreading across global computer networks Saturday. The territory government's IT security manager David Pears said Sasser struck the network at 10 am yesterday.

The Northern Territory government has put its hand up as being among the victims of the Sasser worm, which began spreading across global computer networks Saturday.

The territory government's IT security manager David Pears said Sasser struck the network at 10 am yesterday.

He confirmed that the worm managed to touch every part of the 12,000 seat network which serves the entire territory's administrative departments, which are sprinkled across a vast geographic area from Darwin south, around 1000 kilometres, to Alice Springs.

"The territory is small enough that all the government agencies share the infrastructure; the email system...we have one gateway to the network; one firewall," said Pears.

Pears said it was difficult to assess Sasser's impact on the territory's government agencies during the incident.

"It really depends -- most of the public servants will go do something else if they log on and they can't access their email; a nurse will go help a patient; the police will go and look for some [criminals]," he said.

"Anyone who's completely dependant on the computer would obviously be affected, and reasonably severely, yesterday through to early afternoon".

However Pears gave assurances that critical services such as health and social security would not have been affected significantly as they took priority in the territory's IT disaster recovery plan.

As in other cases where Sasser infection has taken place, the territory's public servants had to contend with infected machines shutting down and restarting continually.

However, there was also a secondary impact from the worm's presence on the network. Sasser, like its ancestral cousins such as Blaster, generates a large amount of network activity as it attempts to spread from infected computers to other vulnerable computers nearby.

Pears compared the effect of the network activity to that of a large Distributed Denial of Service (DDoS) attack.

"What we've been doing patching [our systems] like mad," said Pears.

Government technical staff managed to stabilise the network yesterday afternoon, but it was today still carrying out patching exercises to protect computers in remote regions of the territory.

In other corners of the industry an IT administrator in Pears position might be sharply critical of Microsoft for allowing such vulnerability in its software to go unchecked for so long. However, Pears comments regarding the software giant's security performance, oozing outback stoicism, were almost complimentary.

"I think for the amount of lines of code in Windows XP, they're doing a pretty reasonable job," he said.