Throughout this quarter we are dealing with the impact of the Sasser worm, which exploits the LSASS vulnerability (MS04-011) and infects Windows XP and 2000 systems without any user interaction.
The result has been unexpected reboots, high network traffic, and instability across home and corporate networks.
In Portugal, the effects are clear: ISPs such as Netcabo and Clix are reporting traffic spikes caused by infected machines. In some situations, entire networks became inaccessible due to the worm’s automatic propagation.
The absence of structured update policies in many companies is making the situation worse.
This quarter also shows a growing interest in routers with integrated firewalls, since many devices provided by ISPs, such as Telepac’s SpeedTouch 530, arrive configured far too openly. This allows scans and exploitation of vulnerable ports with little resistance.
The impact has been strong enough to push patch management onto the agenda of several administrators who, until now, treated it as a secondary task.
Forecast and recommendations:
If the trend continues, we may see faster variants, possibly combined with techniques used by email worms.
Recommended actions:
– Immediate installation of Microsoft’s critical patches.
– Review of exposed ports on both home and business routers.
– Ensure that antivirus software and firewalls are updating automatically.
For users of SpeedTouch 510/530 or Siemens Santis 100, it is essential to change the default password (many devices are still accessible with “admin/admin”).
