Westpac hit by Sasser worm

The Sasser worm has sent some of Westpac's banking systems into disarray, forcing staff to turn customers away from branches.The worm struck the network underlying the bank's branch system mid-morning forcing staff to switch to "alternative procedures" for handling customers.

The Sasser worm has sent some of Westpac's banking systems into disarray, forcing staff to turn customers away from branches.

The worm struck the network underlying the bank's branch system mid-morning forcing staff to switch to "alternative procedures" for handling customers.

Customers were turned away from Westpac's branches and phone customer contact centre. There was little Westpac could do except redirect them to ATMs and its online banking service.

Westpac was today playing down the incident. A spokeswoman for the bank insisted that it had little impact on customers and gave assurances that their accounts and privacy had not been compromised during security breach.

Reports from Westpac customers affected by the incident offer a worrying illustration of Sasser's power to wreak havoc on systems that millions of people take for granted everyday.

One Westpac customer who contacted to ZDNet Australia reported being told by an operator "every computer in the call centre is black".

The spokeswoman said the bank was in the process of patching systems against the worm to counter-act the infection and that they were expected "to be fine for business tomorrow".

The worm causes components of Windows computers to crash and restart repeatedly, according to security analysts reports.

The worm spreads from infected computer to other vulnerable computers without user intervention, by creating a remote connection and downloading itself onto the new host.

There are worrying indications that Sasser could unleash chaos at a level matching the infamous MSBlaster worm, which is belived to have infected 8 million computers since last August.

Computer Associates senior security analyst, Daniel Zatz, today said that incoming calls to the computer security company's Melbourne response centre concerning Sasser had today reached similar levels as those created by MSBlaster.

Aside from direct damage caused by the worm, Zatz indicated that Sasser's was likely to slow down some corners of the Internet as machines infected with the worm flooded networks with thousands of requests.

Zatz today indicated organisations running large Microsoft-based systems that lay in the path of of the swathe of new worms released each year were now facing a no-win situation.

He said that while Microsoft often releases patches for its software to plug the security holes that worms like Sasser exploit, organisations are contending with increasingly shorter windows of opportunity to test them before new attacks occur.

"What they [organisations] would like to see is that when a patch gets released they know its going to work," said Zatz.

Zatz said Microsoft wasn't wholly responsible for such potential problems, as third-party applications were often the cause of software compatibility failures.

That said Zatz, is because virus writers are taking less time to figure out how to defeat un-patched Microsoft systems once the vulnerabilities are made public. It took miscreants 18 days to create Sasser while previous worms of similar sophistication have taken around 22 days.