New Sasser Virus Worm Attacks Windows Computers 5/3/2004 - 1,890 views, 10 Comments
|
Previous Article « Dear Aunty Spam: Is the FTC Going to Come After Me?
Read Next Article » Dear Internet Patrol: Love/Hate Relationship with WinXP SP1
The newest of the sinsister worm types of viruses, Sasser, has attacked Windows-based computers around the world. Even more insidious than its earlier siblings, Sasser scans the Internet for computers with the Microsoft security flaw which allows it to do its dirty work, and then Sasser installs a copy of itself there. And Sasser does not need the user to activate it by opening an email attachment, running a program, or anything else like that. It arrives and runs all by itself! Sasser has been responsible for impeding and impairing hundreds of thousands of computer systems around the world, including at airports and security points. Microsoft announced the security hole in the Local Security Authority Subsystem Service (LSASS.EXE), and an update, last month, but many computers still have not been upgraded. Users can get more information about the Microsoft security hole and fix at: Just one more reason why Aunty is happy to be using only OSX and other flavours of *nix and BSD. More information about LSASS.EXE can be found here.
http://www.microsoft.com/technet/security/CurrentDL.aspx
Previous Article « Dear Aunty Spam: Is the FTC Going to Come After Me?
Read Next Article » Dear Internet Patrol: Love/Hate Relationship with WinXP SP1
|
|
Email the link for this page to a friend! |
Read more:
» Sasser Suspect Sven Speaks (and Confesses)
» Sasser Suspect Scores Suspended Sentence
» Lebreat “Breatle AntiVirus” Actually Double-Edged Worm for Windows
For additional similar stories check out our archives on Around the World, Virus & AntiVirus, Windows, Worms
What a coincidence: Win XT an Win2000 are beeing used since about 4 years and Sasser appears just 20 days after Micrsoft makes public the security issue…
So, seriously, I’m sure Sasser is the by-product of Microsoft and It was developed by a hacker who just “disassembled” the Microsoft patch and discovered the security hole.
Thank you, Microsoft, thak you Billy Gates, for a more secure Internet environment.
Comment by Luisa Monserrat — 5/3/2004 @ 7:43 pm
Now, now Luisa, just because you think someone is following you doesn;t mean they aren’y;-)
Seriously I got McAfee several years ago and once I iinstalled it I suddenly had a boot sector vrus. Now I could say it was McAfee trying to sell more software, but I guess it just isn’t my nature.
Connie
Comment by Connie Devine — 5/3/2004 @ 7:51 pm
Just wondering. The ‘fixes’ seem to be just for computer servers. Not stand alone home PCs. Since Sasser travels via the net from server to server it seems it could hit a home PC as well. w98se, at least, has a special folder in windows that allows your internet connection to interconnect to other servers. You can actually ’save’ a server domain in Windows and have access to it while online. With w98se just goto path C:\servers…you’d be surprised how many ’server’s you are hooked up to. Couldn’t this new virus download there and from there spread to other servers? I’d love to know just what the filename for sasser is!
Comment by Martin Jones — 5/4/2004 @ 1:08 am
Actually, the patch stops the attack of Sasser. The people getting hit are the people who did not install the patch. Microsoft released this well before anyone exploited the flaw. The hackers are just taking advantage of laziness.
Comment by Ben Sanders — 5/4/2004 @ 7:49 am
Here’s the latest word on Sasser and it’s removal:
http://www.washingtonpost.com/wp-dyn/articles/A62330-2004May3.html
(NOTE: may require registration with the Washington Post)
Comment by Scott Knowles — 5/4/2004 @ 9:39 am
CORRECTION : here’s a better link … direct to Microsoft (sorry) - http://www.microsoft.com/security/incident/sasser.asp
Comment by Scott Knowles — 5/4/2004 @ 9:54 am
Just a heads up, there is now a public proof of concept and exploit code available for Microsoft Windows Private Communications Transport Protocol.
This exploit of Microsoft Windows Private Communications Transport Protocol allows remote parties/worms to execute arbitrary code gaining complete control of the target system. This affects all NT/XP/Server distributions of Windows.
Applying the necessary patches will of course prevent this from occurring, and users of these operating systems are encouraged to block access to (or disable) services and only provide local access to trusted users.
I predict we’ll see this exploit wormed up within 72 hours.
Comment by Tremaine — 5/4/2004 @ 11:46 am
Thank you Copper.net and PC cillin for keepin’ all these wolves from the door of my XP system. If I don’t know from whence it comes, it goes straight into my shredder and is rendered into a harmless cyberfart.
Comment by Jeff Baker — 5/4/2004 @ 3:02 pm
Two weeks ago I ran a complete check of all the work machines for the new patches, and the only machines reported as vulnerable were those that hadn’t been rebooted that week. :)
We run SUS (software update services), basically Automatic Updates for large networks, but the principle is the same with the standard Automatic Updates: you should set them up so that you are always AT LEAST NOTIFIED of new updates. That way, you have no excuse if you get bitten through a hole that you could have plugged.
Comment by Revenant — 5/4/2004 @ 4:06 pm
Comment by Anonymous — 5/4/2004 @ 8:22 pm