Quantcast

Virus alert

The Rocketry Forum

Help Support The Rocketry Forum:

DavRedf

Well-Known Member
Joined
Dec 5, 2003
Messages
290
Reaction score
0
I received this Email from my antivirus software company today.

David
As of May 2, 2004 10:07 PM (PST), TrendLabs has declared a High Risk Virus alert to control the spread of WORM_SASSER.B. Several infection reports have been received indicating that this worm is spreading in the Latin American region.

This variant of WORM_SASSER.A similarly exploits the Windows "Local Security Authority Subsystem Service" (LSASS) vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system.

. http://www.trendmicro.com/vinfo/vir...CROSOFT_WINDOWS
. http://www.microsoft.com/technet/se...n/ms04-011.mspx

To propagate, this worm scans random IP addresses for vulnerable systems. When a vulnerable system is found, the malware sends a specially crafted packet to produce a buffer overrun on LSASS.EXE, which causes the program to crash and eventually require Windows to reboot
 

WiK

Site Admin
Joined
Jan 18, 2009
Messages
2,636
Reaction score
0
Cheers for the heads up :)

Phil
 

Max_Power004

Well-Known Member
Joined
Feb 13, 2010
Messages
198
Reaction score
0
Yeah, I'm in the process of helping a remote user here at work remove that bugger. Symantec has a fix on their website. It's a doozy. It makes your computer restart over and over and over....:rolleyes:
 

cydermaster

Well-Known Member
Joined
Jan 19, 2009
Messages
2,604
Reaction score
0
I've been hearing about this worm.

Right Royal Pain in the Posterior by all accounts.

Netsky has become a bain of my life ... the amount of pcs I've had to clean up from that has been unbelieveable. Just hope Sasser doesn't become so annoying.
 

BlueNinja

Well-Known Member
Joined
Jan 18, 2009
Messages
2,690
Reaction score
1
IS this a thing that is sent by email, or does it just slip onto your computer if you are connected to the Internet and it gets your IP?
 

bmhiii

Well-Known Member
Joined
Sep 15, 2002
Messages
422
Reaction score
0
Blue,

From my understanding, this virus does not come via e-mail or an attachment. If you are hooked up to the internet, it can get you. It doesn't require you to click on anything. It just arrives.

bmhiii
 

Ryan S.

Well-Known Member
Joined
Mar 24, 2003
Messages
3,550
Reaction score
0
yeah they are trying to block this at school, I guess it has crushed a few college campuses. they are afriad someone is going to bring it in through the firewall....so they are trying to get everyone to download the patch.

Max.....love the username
 

solrules

Well-Known Member
Joined
Dec 30, 2003
Messages
363
Reaction score
0
Ahh, the joy of having a hardware firewall. Blocks all incoming data except what I specify. If you ever had a virus destroy data, hardware firewalls seem to be a viable solution (along with not opening attachments, clicking on .exe files from the internet, clicking blindly on 'yes' in internet exploret, etc.) I have a linksys wireles DSL/cable router with a built in firewall. It shares my internet connection to my labtop, and acts as a hardware firewall! All for about $100 when I got it,..with the prices today, its cheaper (to lazy to do a froogle search).

Cool. Im totally protected from all viru ##SIGNAL LOST##
 

sandman

Well-Known Member
Joined
Jan 18, 2009
Messages
10,468
Reaction score
5
Cool. Im totally protected from all viru ##SIGNAL LOST##
I am probably the LEAST computer literate person here but, sol, those sound like famous last words to me!:D

sandman
 

swimmer

Well-Known Member
Joined
Feb 20, 2009
Messages
664
Reaction score
0
I depend on McAfee Security to keep me virus free. So far they have done a first rate job. There has been a lot of update activity lately. Hopefully they have this one under control also.
 

Hospital_Rocket

Well-Known Member
Joined
Dec 25, 2003
Messages
3,990
Reaction score
1
Here are some simple steps you can do to prevent this:\

1) This one is easily prevented make sure you have all critical updates from the Windows update site. The one you need in this case is MS04-011.

2) If you fo get infected, there is a removal tool available at WWW.SARC.COM


Here is some good reading:

http://www.sarc.com/avcenter/venc/data/w32.sasser.d.html

As of the present, there is no payload. It is a worm that looks like some twit thought would be fun ro release

There are multiple variants.









And before you hit send, I know, it does not affect LINUX, MAC, OS390, VMS, OS/2, or any number of other operating systems.
 

solrules

Well-Known Member
Joined
Dec 30, 2003
Messages
363
Reaction score
0
But I just bought a new 3.4Ghz Computer.....It can outrun all the new virui, right?


anyway, don't be cheap. Go out and buy a cheap router/gateway/firewall for $40. Stops many virui in their tracks. Espically (sp.) is you are in business over the net/hold sensitive data on your computer. Its just like having your computer drink an invisible potion (with no weird aftertastes/side effects!), and makes your computer nearly invisiblehackers/crackers/n00bs/script kiddies who want to take your data for fun.

Note: do NOT pour an invisible potion on your computer: it would be bad.

Note #2: I really hope you didn't have to consider note #1.
 
Top