WORM_SASSER.A Virus Alert!

RASTABT

RASTABT

1
Just notice this on my travels...
Virus type: Worm
Aliases: W32/Sasser-A, Sasser, W32/Sasser.worm, Win32.Sasser.A, W32.Sasser.Worm
Description:

As of May 1, 2004 4:15 AM (PST), TrendLabs has declared a Yellow alert to control the spread of this malware. Infection reports have been received from Europe, Asia and the US.

This worm exploits the Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system. This vulnerability is discussed in detail in the following pages:

* MS04-011_MICROSOFT_WINDOWS
* Microsoft Security Bulletin MS04-011

To propagate, it scans the network for vulnerable systems. When it finds a vulnerable system, this malware sends a specially crafted packet to produce a buffer overflow on LSASS.EXE.

It creates the script file CMD.FTP, which contains instructions for the vulnerable system to download and execute a copy of this malware from a remote infected system using FTP on TCP port 5554.

Since this malware produces a buffer overflow in LSASS.EXE, it causes the said program to crash and will consequently require Windows to reboot.

Important: Trend Micro advises users to apply the critical patch related to the Windows LSASS vulnerability, which is available at the following Microsoft page:

Microsoft Security Bulletin MS04-011

Solution: Click here for full info.
 
banzibaby

banzibaby

1
Cheers for the news Bud :)

I got a little niggle with this patch, i got all the patches M$ released near the begining of April, including this one, now everytime i go check at windowupdate, it still lists this update, i have also downloaded the updated version from M$ site & installed it & again the same, when i check at windowsupdate, it still says i got it?

Avast, NOD & KAV5 have all told me i clean :confused:

Does this patch need any specific services running, as i have a lot of unneeded ones disabled :)

BaNzI :D
 
PC-GUY

PC-GUY

1
banzibaby said:
Cheers for the news Bud :)

I got a little niggle with this patch, i got all the patches M$ released near the begining of April, including this one, now everytime i go check at windowupdate, it still lists this update, i have also downloaded the updated version from M$ site & installed it & again the same, when i check at windowsupdate, it still says i got it?

Avast, NOD & KAV5 have all told me i clean :confused:

Does this patch need any specific services running, as i have a lot of unneeded ones disabled :)

BaNzI :D
Click to expand...
You have to love MS. :rolleyes::eek::p Is it no wonder why they don't use their os to run their servers. Sorry to say I don't know why you have a problem my updates took. Your idea sounds about right but I don't have clue which ones you need on. :( Hopefully someone else does. :)
 
Duracell

Duracell

1
banzibaby said:
Avast, NOD & KAV5 have all told me i clean :confused:
Click to expand...
sorry Banzi i never install any M$ update beside SPs, so i didn't tried the online updates;
if one of "Avast, NOD & KAV5" is a firewall, then you probably are clean, because the worm cannot FTP itself due the fact the port is closed;
 
You must log in or register to reply here.
Top