Virus alert

[DavRedf]

I received this Email from my antivirus software company today.

David
As of May 2, 2004 10:07 PM (PST), TrendLabs has declared a High Risk Virus alert to control the spread of WORM_SASSER.B. Several infection reports have been received indicating that this worm is spreading in the Latin American region.

This variant of WORM_SASSER.A similarly exploits the Windows "Local Security Authority Subsystem Service" (LSASS) vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system.

. https://www.trendmicro.com/vinfo/vir...CROSOFT_WINDOWS
. https://www.microsoft.com/technet/se...n/ms04-011.mspx

To propagate, this worm scans random IP addresses for vulnerable systems. When a vulnerable system is found, the malware sends a specially crafted packet to produce a buffer overrun on LSASS.EXE, which causes the program to crash and eventually require Windows to reboot

 

[WiK]

Cheers for the heads up

Phil

 

[Max_Power004]

Yeah, I'm in the process of helping a remote user here at work remove that bugger. Symantec has a fix on their website. It's a doozy. It makes your computer restart over and over and over....

 

[cydermaster]

I've been hearing about this worm.

Right Royal Pain in the Posterior by all accounts.

Netsky has become a bain of my life ... the amount of pcs I've had to clean up from that has been unbelieveable. Just hope Sasser doesn't become so annoying.

 

[BlueNinja]

IS this a thing that is sent by email, or does it just slip onto your computer if you are connected to the Internet and it gets your IP?

 

[bmhiii]

Blue,

From my understanding, this virus does not come via e-mail or an attachment. If you are hooked up to the internet, it can get you. It doesn't require you to click on anything. It just arrives.

bmhiii

 

[BlueNinja]

Gah... This is not good.

 

[Ryan S.]

yeah they are trying to block this at school, I guess it has crushed a few college campuses. they are afriad someone is going to bring it in through the firewall....so they are trying to get everyone to download the patch.

Max.....love the username

 

[solrules]

Ahh, the joy of having a hardware firewall. Blocks all incoming data except what I specify. If you ever had a virus destroy data, hardware firewalls seem to be a viable solution (along with not opening attachments, clicking on .exe files from the internet, clicking blindly on 'yes' in internet exploret, etc.) I have a linksys wireles DSL/cable router with a built in firewall. It shares my internet connection to my labtop, and acts as a hardware firewall! All for about $100 when I got it,..with the prices today, its cheaper (to lazy to do a froogle search).

Cool. Im totally protected from all viru ##SIGNAL LOST##

 

[sandman]

Cool. Im totally protected from all viru ##SIGNAL LOST##

I am probably the LEAST computer literate person here but, sol, those sound like famous last words to me!

sandman

 

[swimmer]

I depend on McAfee Security to keep me virus free. So far they have done a first rate job. There has been a lot of update activity lately. Hopefully they have this one under control also.

 

[gerbs4me]

This virus seems bad, thanks for the heads up

 

[Hospital_Rocket]

Here are some simple steps you can do to prevent this:\

1) This one is easily prevented make sure you have all critical updates from the Windows update site. The one you need in this case is MS04-011.

2) If you fo get infected, there is a removal tool available at WWW.SARC.COM


Here is some good reading:

https://www.sarc.com/avcenter/venc/data/w32.sasser.d.html

As of the present, there is no payload. It is a worm that looks like some twit thought would be fun ro release

There are multiple variants.









And before you hit send, I know, it does not affect LINUX, MAC, OS390, VMS, OS/2, or any number of other operating systems.

 

[solrules]

But I just bought a new 3.4Ghz Computer.....It can outrun all the new virui, right?


anyway, don't be cheap. Go out and buy a cheap router/gateway/firewall for $40. Stops many virui in their tracks. Espically (sp.) is you are in business over the net/hold sensitive data on your computer. Its just like having your computer drink an invisible potion (with no weird aftertastes/side effects!), and makes your computer nearly invisiblehackers/crackers/n00bs/script kiddies who want to take your data for fun.

Note: do NOT pour an invisible potion on your computer: it would be bad.

Note #2: I really hope you didn't have to consider note #1.