“It’s pretty aggressive, and it’s replicating very quickly.” That reads like the words of stressed system administrator affected by last week’s WannaCry (Wanna Decryptor) ransomware – but actually, that’s the reaction of a security expert from 13 years ago to a new variant of the Sasser worm.
WannaCry’s ransomware high jinks apart, the echoes with last Friday’s events are intriguing.
Just as WannaCry targets an oft-unpatched Windows SMB flaw, so in 2004 Sasser picked on the scab of unpatched Windows exploit in Local Security Authority Subsystem Service (LSASS – hence “Sasser”), which is – ironically – a bit of the OS used to manage security settings.