12Wonder
May 4th, 2004, 07:44 PM
This just in from TechRepublic, eWeek Security, and Ziff Davis:
VIRUS ALERT: Sasser worm delivers triple trouble
VIRUS METER RATING
Name: Sasser.B, Sasser.C, Sasser.D
Rating: 7 out of 10
Current Status: On the rise
Damage: May damage files and affect networks
Threat: May allow remote users to access your computer
VIRUS BRIEF
Sasser and its variations are network-aware worms that do not require
e-mail or user interaction to spread. The worms use a bootstrap effect
by infecting new machines first and downloading the full code from a
previously infected machine later. Sasser (w32.sasser.a) and Sasser.b
(w32.sasser.B) are both 15,872 bytes in length, and they randomly scan
local networks and the Internet to look for additional systems to
infect. This scanning could slow normal traffic on the Internet.
Vulnerable systems include Windows 2000, Windows XP, and Windows
Server 2003 that have not installed the Microsoft Security Bulletin
patch MS04-011 and are not running desktop firewall software. Sasser
does not affect any other version of Windows, nor does it affect Linux,
UNIX, Mac OS, or any other operating system.
These new versions of the Sasser worm are sweeping into systems
throughout the world, crashing many in their wake.
SASSER PREVENTION AND CURE: Simply removing the Sasser worm
infection is not enough. A desktop firewall should protect
vulnerable systems until the Microsoft security patch can be
downloaded.
http://ct.com.com/click?q=de-7tYkQMWtO~Mjt...ot_AGEGNBJQxo~B (http://ct.com.com/click?q=de-7tYkQMWtO~Mjtot_AGEGNBJQxo~B)
Unlike other worms we've seen recently, this one doesn't even need eMail to spread its malicious payload. Even worse, an email claiming to fix
Sasser actually contains the Netsky worm!
Sasser.D Spreading Rapidly:
http://eletters.wnn.ziffdavis.com/zd1/cts?...1-412775-8486-1 (http://eletters.wnn.ziffdavis.com/zd1/cts?d=75-197-1-1-412775-8486-1)
Sasser.C Worse Than Original:
http://eletters.wnn.ziffdavis.com/zd1/cts?...1-412775-8489-1 (http://eletters.wnn.ziffdavis.com/zd1/cts?d=75-197-1-1-412775-8489-1)
Read the full report for details:
http://ct.com.com/click?q=b4-aJsbQ6ZAxK4kf...x780gEHkXodWCBX (http://ct.com.com/click?q=b4-aJsbQ6ZAxK4kfx780gEHkXodWCBX)
VIRUS ALERT: Sasser worm delivers triple trouble
VIRUS METER RATING
Name: Sasser.B, Sasser.C, Sasser.D
Rating: 7 out of 10
Current Status: On the rise
Damage: May damage files and affect networks
Threat: May allow remote users to access your computer
VIRUS BRIEF
Sasser and its variations are network-aware worms that do not require
e-mail or user interaction to spread. The worms use a bootstrap effect
by infecting new machines first and downloading the full code from a
previously infected machine later. Sasser (w32.sasser.a) and Sasser.b
(w32.sasser.B) are both 15,872 bytes in length, and they randomly scan
local networks and the Internet to look for additional systems to
infect. This scanning could slow normal traffic on the Internet.
Vulnerable systems include Windows 2000, Windows XP, and Windows
Server 2003 that have not installed the Microsoft Security Bulletin
patch MS04-011 and are not running desktop firewall software. Sasser
does not affect any other version of Windows, nor does it affect Linux,
UNIX, Mac OS, or any other operating system.
These new versions of the Sasser worm are sweeping into systems
throughout the world, crashing many in their wake.
SASSER PREVENTION AND CURE: Simply removing the Sasser worm
infection is not enough. A desktop firewall should protect
vulnerable systems until the Microsoft security patch can be
downloaded.
http://ct.com.com/click?q=de-7tYkQMWtO~Mjt...ot_AGEGNBJQxo~B (http://ct.com.com/click?q=de-7tYkQMWtO~Mjtot_AGEGNBJQxo~B)
Unlike other worms we've seen recently, this one doesn't even need eMail to spread its malicious payload. Even worse, an email claiming to fix
Sasser actually contains the Netsky worm!
Sasser.D Spreading Rapidly:
http://eletters.wnn.ziffdavis.com/zd1/cts?...1-412775-8486-1 (http://eletters.wnn.ziffdavis.com/zd1/cts?d=75-197-1-1-412775-8486-1)
Sasser.C Worse Than Original:
http://eletters.wnn.ziffdavis.com/zd1/cts?...1-412775-8489-1 (http://eletters.wnn.ziffdavis.com/zd1/cts?d=75-197-1-1-412775-8489-1)
Read the full report for details:
http://ct.com.com/click?q=b4-aJsbQ6ZAxK4kf...x780gEHkXodWCBX (http://ct.com.com/click?q=b4-aJsbQ6ZAxK4kfx780gEHkXodWCBX)