International Railroad Discussion > Aussie rail system disrupted by Worm

Name: Sasser Malware Type: Internet Virus Known Alias: W32.Sasser.Worm
Place of Origin: Germany First Violation: 4/30/2004 Wanted For:
Exploiting a Microsoft vulnerability, spreading from machine to machine with no user intervention; scanning random IP addresses for exploitable systems; creating a remote shell on TCP ports, then executing a script on the remote host instructing the target to download and execute the worm from the infected host.
Modus Operandi: Unlike many recent worms, Sasser did not spread via e-mail. No user intervention was required to become infected or to propagate the virus. The worm worked by instructing vulnerable systems to download and execute the viral code.
Known Offenses: Sasser is strongly suspected of disrupting the Australian railway system, stranding more than 300,000 train travelers. Disabled all 19 UK coastguard control centers and coastguard control rooms. Infected the departments of South African State Information Technology Agency (SITA), shutting down computers and disconnecting the central government network. Disrupted public hospitals in Hong Kong. Shut down one-third of Taiwan's post offices. Delayed 20 British Airways flights.
H.

Sounds like they didn't have effective Antivirus software loaded in those computers or, if they did, they didn't update the software on a regular basis.