The Sasser worm is spreading quickly, automatically infecting Windows systems that are not protected by Microsoft's latest patches. Similar to the Blaster worm that hit last August, Sasser uses a known defect in Windows that allows it to scan for other vulnerable machines without any intervention from the user.
Antivirus firm Panda said that companies are running for cover as all four of Sasser's variants charge up the company's "top ten" most detected viruses chart. According to Panda, Sasser has infected a third of the Taiwan postal service's computers, and the UK Coastguard has reported that its network is under attack from the worm.
Antivirus firm Sophos' senior technical consultant Graham Cluley said new laws have also helped, which means it's harder for the bad guys to get away:
"More countries have introduced computer crime laws," said Cluley, who pointed out that the author of the LoveBug virus, a student from the Philippines, was never prosecuted: "He got away scot free because the crime laws in the Philippines were not strong enough."
Ben Nagy, senior security engineer at eEye, the company responsible for discovering the Windows vulnerability exploited by the Sasser worm, agrees that virus and worm writers are much cleverer than they were four years ago: "Four years ago, your average hacker may have been able to exploit a simple stack-based buffer overflow, but now we are seeing exploits that require a deep understanding of the Windows architecture," he said.
And although virus writers have improved their skills over the past four years, so has the security industry. This means users are actually much safer -- as long as they keep their security software updated. Nagy said the main problems are caused by a lack of patching, not because attackers getting smarter.
"People need to understand that although these exploits are hitting known vulnerabilities, they are not being patched in time because users are not yet accustomed to thinking in that way -- they always want to put it off till tomorrow," said Nagy.
Sophos' Cluley said that although Sasser does not require user intervention to spread, the vast majority of viruses spread because users continue to click on attachments.
"Four years ago, LoveBug didn't rely on any Microsoft vulnerabilities, it relied on the bug in people's brains -- and I don't think we have upgraded enough people's brains yet. If an attachment's name is attractive enough, a large percentage of people will still click on it and get infected," he said.