New Sasser Virus Worm Attacks Windows Computers

The Internet Patrol default featured image
Share the knowledge

The newest of the sinsister worm types of viruses, Sasser, has attacked Windows-based computers around the world.

Even more insidious than its earlier siblings, Sasser scans the Internet for computers with the Microsoft security flaw which allows it to do its dirty work, and then Sasser installs a copy of itself there. And Sasser does not need the user to activate it by opening an email attachment, running a program, or anything else like that. It arrives and runs all by itself!

Sasser has been responsible for impeding and impairing hundreds of thousands of computer systems around the world, including at airports and security points.

Microsoft announced the security hole in the Local Security Authority Subsystem Service (LSASS.EXE), and an update, last month, but many computers still have not been upgraded.

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

 

Users can get more information about the Microsoft security hole and fix at:
http://www.microsoft.com/technet/security/CurrentDL.aspx

Just one more reason why Aunty is happy to be using only OSX and other flavours of *nix and BSD.

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

 


Share the knowledge

9 thoughts on “New Sasser Virus Worm Attacks Windows Computers

  1. Just a heads up, there is now a public proof of concept and exploit code available for Microsoft Windows Private Communications Transport Protocol.

    This exploit of Microsoft Windows Private Communications Transport Protocol allows remote parties/worms to execute arbitrary code gaining complete control of the target system. This affects all NT/XP/Server distributions of Windows.

    Applying the necessary patches will of course prevent this from occurring, and users of these operating systems are encouraged to block access to (or disable) services and only provide local access to trusted users.

    I predict we’ll see this exploit wormed up within 72 hours.

  2. Two weeks ago I ran a complete check of all the work machines for the new patches, and the only machines reported as vulnerable were those that hadn’t been rebooted that week. :)

    We run SUS (software update services), basically Automatic Updates for large networks, but the principle is the same with the standard Automatic Updates: you should set them up so that you are always AT LEAST NOTIFIED of new updates. That way, you have no excuse if you get bitten through a hole that you could have plugged.

  3. Thank you Copper.net and PC cillin for keepin’ all these wolves from the door of my XP system. If I don’t know from whence it comes, it goes straight into my shredder and is rendered into a harmless cyberfart.

  4. Here’s the latest word on Sasser and it’s removal:

    http://www.washingtonpost.com/wp-dyn/articles/A62330-2004May3.html

    (NOTE: may require registration with the Washington Post)

  5. Actually, the patch stops the attack of Sasser. The people getting hit are the people who did not install the patch. Microsoft released this well before anyone exploited the flaw. The hackers are just taking advantage of laziness.

  6. Just wondering. The ‘fixes’ seem to be just for computer servers. Not stand alone home PCs. Since Sasser travels via the net from server to server it seems it could hit a home PC as well. w98se, at least, has a special folder in windows that allows your internet connection to interconnect to other servers. You can actually ‘save’ a server domain in Windows and have access to it while online. With w98se just goto path C:servers…you’d be surprised how many ‘server’s you are hooked up to. Couldn’t this new virus download there and from there spread to other servers? I’d love to know just what the filename for sasser is!

  7. Now, now Luisa, just because you think someone is following you doesn;t mean they aren’y;-)
    Seriously I got McAfee several years ago and once I iinstalled it I suddenly had a boot sector vrus. Now I could say it was McAfee trying to sell more software, but I guess it just isn’t my nature.
    Connie

  8. What a coincidence: Win XT an Win2000 are beeing used since about 4 years and Sasser appears just 20 days after Micrsoft makes public the security issue…
    So, seriously, I’m sure Sasser is the by-product of Microsoft and It was developed by a hacker who just “disassembled” the Microsoft patch and discovered the security hole.
    Thank you, Microsoft, thak you Billy Gates, for a more secure Internet environment.

Leave a Reply

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.