A new variant of
Sasser reached BitDefender Labs today. Sasser.F was compiled and released after the author of Sasser.A was arrested, prompting
speculation that the author may either have distributed the source code or not been alone in creating the malware.
The new variant has the mutex name changed to "billgate", probably as a reaction to the aid given to German police by Microsoft workers.
"It is definitely a patched version of Sasser.A. Whoever released this had no access to the source code. I think the "VX team" theory is pretty much shot down in flames at this point." declared Sorin Victor Dudea, Head of Virus Research at BitDefender Labs.
The new facts discovered by BitDefender Labs have persuaded the media to
put the theory to restA more detailed writeup on the worm code and capabilities can be found
here.