Comments on: New Sasser Virus Worm Attacks Windows Computers

By: Anonymous

Anonymous — Tue, 04 May 2004 20:22:47 +0000

By: Revenant

Revenant — Tue, 04 May 2004 16:06:33 +0000

Two weeks ago I ran a complete check of all the work machines for the new patches, and the only machines reported as vulnerable were those that hadn’t been rebooted that week. :)

We run SUS (software update services), basically Automatic Updates for large networks, but the principle is the same with the standard Automatic Updates: you should set them up so that you are always AT LEAST NOTIFIED of new updates. That way, you have no excuse if you get bitten through a hole that you could have plugged.

By: Jeff Baker

Jeff Baker — Tue, 04 May 2004 15:02:03 +0000

Thank you Copper.net and PC cillin for keepin’ all these wolves from the door of my XP system. If I don’t know from whence it comes, it goes straight into my shredder and is rendered into a harmless cyberfart.

By: Tremaine

Tremaine — Tue, 04 May 2004 11:46:22 +0000

Just a heads up, there is now a public proof of concept and exploit code available for Microsoft Windows Private Communications Transport Protocol.

This exploit of Microsoft Windows Private Communications Transport Protocol allows remote parties/worms to execute arbitrary code gaining complete control of the target system. This affects all NT/XP/Server distributions of Windows.

Applying the necessary patches will of course prevent this from occurring, and users of these operating systems are encouraged to block access to (or disable) services and only provide local access to trusted users.

I predict we’ll see this exploit wormed up within 72 hours.

By: Scott Knowles

Scott Knowles — Tue, 04 May 2004 09:54:36 +0000

CORRECTION : here’s a better link … direct to Microsoft (sorry) - http://www.microsoft.com/security/incident/sasser.asp

By: Scott Knowles

Scott Knowles — Tue, 04 May 2004 09:39:26 +0000

Here’s the latest word on Sasser and it’s removal:

http://www.washingtonpost.com/wp-dyn/articles/A62330-2004May3.html

(NOTE: may require registration with the Washington Post)

By: Ben Sanders

Ben Sanders — Tue, 04 May 2004 07:49:18 +0000

Actually, the patch stops the attack of Sasser. The people getting hit are the people who did not install the patch. Microsoft released this well before anyone exploited the flaw. The hackers are just taking advantage of laziness.

By: Martin Jones

Martin Jones — Tue, 04 May 2004 01:08:39 +0000

Just wondering. The ‘fixes’ seem to be just for computer servers. Not stand alone home PCs. Since Sasser travels via the net from server to server it seems it could hit a home PC as well. w98se, at least, has a special folder in windows that allows your internet connection to interconnect to other servers. You can actually ’save’ a server domain in Windows and have access to it while online. With w98se just goto path C:\servers…you’d be surprised how many ’server’s you are hooked up to. Couldn’t this new virus download there and from there spread to other servers? I’d love to know just what the filename for sasser is!

By: Connie Devine

Connie Devine — Mon, 03 May 2004 19:51:37 +0000

Now, now Luisa, just because you think someone is following you doesn;t mean they aren’y;-)
Seriously I got McAfee several years ago and once I iinstalled it I suddenly had a boot sector vrus. Now I could say it was McAfee trying to sell more software, but I guess it just isn’t my nature.
Connie

By: Luisa Monserrat

Luisa Monserrat — Mon, 03 May 2004 19:43:58 +0000

What a coincidence: Win XT an Win2000 are beeing used since about 4 years and Sasser appears just 20 days after Micrsoft makes public the security issue…
So, seriously, I’m sure Sasser is the by-product of Microsoft and It was developed by a hacker who just “disassembled” the Microsoft patch and discovered the security hole.
Thank you, Microsoft, thak you Billy Gates, for a more secure Internet environment.