Millions of computers have already been infected by a new Internet computer worm that caused disruptions over the weekend and may spread rapidly when businesses resume work this week, experts warned.
The worm, named Sasser, began to spread on Saturday, and unlike a virus does not travel through e-mails or attachments. It can spread by itself to any unprotected computer linked to the Internet.
It attacks through a flaw in recent versions of Microsoft's Windows -- Windows 2000, Windows Server 2003 and Windows XP -- and causes the computer to shut down, then rebooting it, repeating the process several times. But it appears to do no lasting damage.
The anti-virus company Panda Software said Sunday slightly more than three percent of the world's computers, around 18 million out of the estimated 600 million operating worldwide, were infected.
"Compared to other viruses which have appeared on weekends when activity is low -- doubly so now that May 1 is a holiday in many countries -- this one has positioned itself as one of the quickest-spreading and most virulent ones," Luis Corrons of PandaLabs, which has offices in Spain and the United States, said Sunday.
"All these signs make for a dark forecast for the beginning of the week when it is expected that the number of incidents will soar at the beginning of the work day."
"The problem seems to be getting worse," Mikko Hyppoenen, an anti-virus expert at F-Secure, a leading internet security firm, told AFP from Helsinki, adding that millions of computers worldwide may have been infected.
"We don't know how big this is going to be (but) we expect things to get much worse on Monday when people bring their laptops in to the office after the weekend," Hyppoenen said.
Since laptops are not protected by company firewall systems if used on a server other than the company's, they run the risk of being infected and in turn infect the company's network when used in the office.
"It seems to me an exaggeration to say that millions of computers have been affected," Bernard Ourghanlian, Microsoft's technical director in France, told AFP, where work was disrupted by the worm Saturday night.
But he acknowledged that the worm was spreading Sunday.
"We are recording at the moment several attacks a minute on 'honey pots' (computers deliberately left unprotected so they can monitor viruses)", he said, adding that France and some southeast Asian countries seemed to be particularly hit.
Microsoft made available a software update last month to fix the flaw exploited by the worm, and since mid-April several million copies have been downloaded.
"We have every hope the spreading of this virus will be limited by the many precautions we have taken," he said.
"It is not possible to give a figure for the spread of the virus, still less the cost of the damage it will do," he said, adding that many firms never admit being infected and that if small and medium sized businesses did not take precautions on Monday morning Sasser could spread rapidly.
In Moscow the Russian computer security firm Kaspersky Labs warned of a possible major epidemic when business activity resumes Monday.
"For the moment the extent of the epidemic isn't that severe only because most people are not at work" and their computers are shut off, Denis Zenkin told AFP.
For the moment the worm, the third major Internet infection this year after Mydoom.A in January and Bagle.B in February, does not appear to be a worldwide phenomenon. One American specialist reported only a few hundred computers infected, another did not rank Sasser in its 10 most common infections.
Experts said they did not know who started the virus, but Alfred Huger, head of engineering at California-based computer security firm Symantec, said it was started deliberately by an individual.
"Of that much we're sure," he said. "What we're not sure of is that individual's motives, because the virus is not doing any damage, and it's not installing a backdoor" which would give future access to other viruses.
"We'll just have to wait and see," he said.
"This worm is unlike previous ones in that it does not appear to be causing any damage to computers," said Huger. "It will slow your computer down, but there does not appear to be any direct damage to the hard drive.
The worm, named Sasser, began to spread on Saturday, and unlike a virus does not travel through e-mails or attachments. It can spread by itself to any unprotected computer linked to the Internet.
It attacks through a flaw in recent versions of Microsoft's Windows -- Windows 2000, Windows Server 2003 and Windows XP -- and causes the computer to shut down, then rebooting it, repeating the process several times. But it appears to do no lasting damage.
The anti-virus company Panda Software said Sunday slightly more than three percent of the world's computers, around 18 million out of the estimated 600 million operating worldwide, were infected.
"Compared to other viruses which have appeared on weekends when activity is low -- doubly so now that May 1 is a holiday in many countries -- this one has positioned itself as one of the quickest-spreading and most virulent ones," Luis Corrons of PandaLabs, which has offices in Spain and the United States, said Sunday.
"All these signs make for a dark forecast for the beginning of the week when it is expected that the number of incidents will soar at the beginning of the work day."
"The problem seems to be getting worse," Mikko Hyppoenen, an anti-virus expert at F-Secure, a leading internet security firm, told AFP from Helsinki, adding that millions of computers worldwide may have been infected.
"We don't know how big this is going to be (but) we expect things to get much worse on Monday when people bring their laptops in to the office after the weekend," Hyppoenen said.
Since laptops are not protected by company firewall systems if used on a server other than the company's, they run the risk of being infected and in turn infect the company's network when used in the office.
"It seems to me an exaggeration to say that millions of computers have been affected," Bernard Ourghanlian, Microsoft's technical director in France, told AFP, where work was disrupted by the worm Saturday night.
But he acknowledged that the worm was spreading Sunday.
"We are recording at the moment several attacks a minute on 'honey pots' (computers deliberately left unprotected so they can monitor viruses)", he said, adding that France and some southeast Asian countries seemed to be particularly hit.
Microsoft made available a software update last month to fix the flaw exploited by the worm, and since mid-April several million copies have been downloaded.
"We have every hope the spreading of this virus will be limited by the many precautions we have taken," he said.
"It is not possible to give a figure for the spread of the virus, still less the cost of the damage it will do," he said, adding that many firms never admit being infected and that if small and medium sized businesses did not take precautions on Monday morning Sasser could spread rapidly.
In Moscow the Russian computer security firm Kaspersky Labs warned of a possible major epidemic when business activity resumes Monday.
"For the moment the extent of the epidemic isn't that severe only because most people are not at work" and their computers are shut off, Denis Zenkin told AFP.
For the moment the worm, the third major Internet infection this year after Mydoom.A in January and Bagle.B in February, does not appear to be a worldwide phenomenon. One American specialist reported only a few hundred computers infected, another did not rank Sasser in its 10 most common infections.
Experts said they did not know who started the virus, but Alfred Huger, head of engineering at California-based computer security firm Symantec, said it was started deliberately by an individual.
"Of that much we're sure," he said. "What we're not sure of is that individual's motives, because the virus is not doing any damage, and it's not installing a backdoor" which would give future access to other viruses.
"We'll just have to wait and see," he said.
"This worm is unlike previous ones in that it does not appear to be causing any damage to computers," said Huger. "It will slow your computer down, but there does not appear to be any direct damage to the hard drive.
