First, a history refresher from: http://www.pcworld.com/news/article/0,aid,115979,00.asp Sasser Infections Hit Hard

Colleges and financial firms, including American Express, are cleaning up after the worm. Paul Roberts, IDG News Service Tuesday, May 04, 2004 Security experts are continuing to issue warnings about the Sasser Internet worm as organizations struggle to clean up the damage caused by infected hosts.

American Express joined a number of U.S. universities in reporting infections from the Sasser worm this week. Meanwhile, the SANS Institute's Internet Storm Center (ISC) maintained a yellow warning Tuesday despite expectations earlier in the day that the Sasser outbreak would wind down Monday, according to interviews.

Sasser exploits a recently disclosed hole in a component of Microsoft's Windows operating system called the Local Security Authority Subsystem Service, or LSASS. Microsoft released a software patch, MS04-011, on April 13. [...]

....then, the current update on this story:

Sasser Worm Trial Set to Begin on July 5 (1 June/31 May 2005) The trial of Sven Jaschan, who has been accused of creating the Sasser worm, is scheduled to begin July 5 in Germany. Jaschan has reportedly confessed to authoring both Sasser and NetSky. He faces charges of computer sabotage and disruption of business. Jaschan will be tried in juvenile court because he was a minor when the alleged offenses took place.

http://www.theregister.co.uk/2005/05/31/sasser_trial_date_set/print.html http://software.silicon.com/malware/print.htm? TYPE=story&AT=39130878-3800003100t-40000041c

....on a related note: --Microsoft Removes Malicious Code from MSN Korea Web Site (3 June 2005) Microsoft has removed malicious code from its MSN web site in Korea, www.msn.co.kr. The company that hosts the site had neglected to apply necessary patches; a vulnerability allowed the placement of the Trojan horse code. http://www.cnn.com/2005/TECH/06/02/ms.hack.ap/index.html http://news.zdnet.com/2102-1009_22-5731460.html?tag=printthis

================================ --CitiFinancial Blames UPS for Tape Loss (7/6 June 2005) Citigroup Inc. subsidiary CitiFinancial says a box of computer tapes being transported by United Parcel Service has been lost. The missing tapes hold unencrypted data, including names and Social Security numbers, for approximately 3.9 million customers. The company has sent letters to all affected customers, warning them to pay special attention to their accounts for suspicious activity. CitiFinancial videos show the UPS driver failing to observe the agreed upon "special security procedures." The tapes were sent in early May; there have been no reports of unauthorized account activity. CitiFinancial has been planning to switch to encrypted data sent electronically in July of this year. The Secret Service is investigating. http://www.washingtonpost.com/wp-dyn/content/article/2005/06/06/ AR2005060601682_pf.html http://www.nytimes.com/2005/06/07/business/07data.html?pagewanted=print http://news.yahoo.com/s/nm/20050606/bs_nm/ financial_citigroup_tapes_dc&printer=1