Your Ad Here Your Ad Here
Page 1 of 3 123 LastLast
Results 1 to 10 of 25

Thread: Sasser Worm - Highly Infectious

  1. #1
    If you havn't already got the Sasser worm you will unless you get a patch.

    The Sasser worm is not spread by email and an infected machine can scan up to 200 other machines for weaknesses per second. The worm has so far been found to be harmless (i.e. it won't wipe your HD) but it will continually restart your computer, sometimes so quickly that you won't be able to download the fix.

    If it does re-boot to quickly for you to get the patch, click on START, then RUN and type command.com .when the command prompt appears type shutdown -a this will abort the shutdown.

    Microsoft Windows update

    Edit: Fixed the link.

  2. The Drawing Room   -   #2
    lynx's Avatar .
    Join Date
    Sep 2002
    Location
    Yorkshire, England
    Posts
    9,810
    A friend got this on Sunday within about 2 mins of booting his pc, before he had chance to update his pc. It only seems to reboot your machine after you've been on the internet for about 1 minute (so it has time to replicate itself).

    It is actually very simple to kill it. All you have to do is kill off processes called avserve(2).exe or *****_up.exe (where ***** is 4 or 5 numbers) before you attempt to connect to the internet. You can then download the updates and cleaners and you should be safe again.

    But it all comes down to the old question - why does Microsoft directory services (port 445) need internet access? Microssoft should be made to answer this question.
    .
    Political correctness is based on the principle that it's possible to pick up a turd by the clean end.

  3. The Drawing Room   -   #3
    A router with ports 1000 < * will block most worm. On second thought it better to open oprts that you only use + software firewall.

  4. The Drawing Room   -   #4
    Note: the link above does not contain any info on this worm and should be removed

    Microsoft teams have confirmed that the Sasser worm (W32.Sasser.A and its variants) is currently circulating on the Internet. Microsoft has verified that the worm exploits the Local Security Authority Subsystem Service (LSASS) issue that was addressed by the security update released on April 13 in conjunction with Microsoft Security Bulletin MS04-011.



    information on this worm can be found here

    http://www.microsoft.com/security/incident/sasser.asp

    or here

    http://www.symantec.com/avcenter/venc/data...asser.worm.html

    Removal tools here

    http://securityresponse.symantec.com/avcen...moval.tool.html

  5. The Drawing Room   -   #5
    Poster
    Join Date
    Mar 2003
    Posts
    367
    Stinger is another free removal tool. It includes all current variants.

  6. The Drawing Room   -   #6
    MagicNakor's Avatar On the Peripheral
    Join Date
    Nov 2002
    Posts
    5,401
    AlexH typoed when he posted the link. He missed a C. He wasn&#39;t trying to be malicious, he&#39;s trying to help people who may not have known about it.

    things are quiet until hitler decides he'd like to invade russia
    so, he does
    the russians are like "OMG WTF D00DZ, STOP TKING"
    and the germans are still like "omg ph34r n00bz"
    the russians fall back, all the way to moscow
    and then they all begin h4xing, which brings on the russian winter
    the germans are like "wtf, h4x"
    -- WW2 for the l33t

  7. The Drawing Room   -   #7
    Hehe, yeah&#33; Like Westpac Banking Corperation here in Australia, who had their entire network crash yesterday...

    Thanks for the extra info delphin.

  8. The Drawing Room   -   #8
    lynx's Avatar .
    Join Date
    Sep 2002
    Location
    Yorkshire, England
    Posts
    9,810
    Microsoft aanounced the problem and released the fix on April 13.

    They then re-issued the warning on April 28, and the Sasser worm was released into the wild on April 29. Anyone else think this sounds suspicious?

    The worm exploits a hole in Local Security Authority Subsystem Service. Why does this service have ANY access to the internet?

    Quite frankly, the whole thing stinks.
    .
    Political correctness is based on the principle that it's possible to pick up a turd by the clean end.

  9. The Drawing Room   -   #9
    4play's Avatar knob jockey
    Join Date
    Jan 2003
    Location
    London
    Age
    35
    Posts
    5,530
    @ lynx lsass is used by internet explorer, thats why it can be remotely exploited.

    the original sasser worm was meant to be very poorly written. Even if it found a vulnerable machine it was not always able to infect the machine. these new variants are meant to be alot more efficient.

  10. The Drawing Room   -   #10
    a fine example of why it pays sometimes to install Windows patches without being prompted by a major virus/worm threat like this one. if you make a habit of updating Windows every several days, you&#39;d have gotten the anti-Sasser fix before the variants were even released.

Page 1 of 3 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •