p2pnet - rss feed: Sasser worm: today is Danger Day
p2pnet.net News:- The day before yesterday, “You would expect a new automatic network worm like Sasser to hit even harder than it seems to be hitting right now,” said Finland’s F-Secure on the arrival of Sasser, a Blaster-like e-worm destined to spread alarm and despondency through the Net.
Then yesterday, it issued a Global Alert.
But today, the real problem could begin.
Sasser finds Windows 2000 and XP machines tasty but the network traffic it generates might slow down other systems as well, including non-Windows systems, says F-Secure.
“The number of affected PCs is already estimated to be in hundreds of thousands and it will continue to rise as the working week starts”, Mikko Hypponen, director of antivirus research, states. “This case resembles the Blaster incident from August 2003 a lot. Both were automatic worms using a relatively new hole in Windows and causing frequent reboots.”
Blaster was one of the most lethal viruses of 2003 causing problems with infrastructures as diverse as ATM networks and train and air travel systems.
“I hope administrators have improved security since then. Otherwise we might see similar problems again”, says Hypponen.
Sasser spreads to Windows PCs automatically, even if no-one’s using the PC at the time.
Once a machine is infected, the e-worm moves on to other computers and as a side effect, users might see error messages and experience the computer rebooting repeatedly, says F-Secure.
Two slightly different versions of the Sasser, which spread through the LSASS vulnerability and which were originally discovered in mid-April, were found yesterday.
A Microsoft patch to close the hole had been available for download for 18 days before Sasser was found.
Corporate networks should be protected against Sasser and its variants by the corporate firewalls, separating internal networks from public networks, says Hypponen, going on:
“We’re mostly worried about Monday morning, when hordes of laptop users return to their workplaces with their machines, possibly carrying the virus behind the firewall.”
Protection for home users who haven’t been bitten relatively simple, says F-Secure.
If you’re running Windows 2000 or XP and haven’t updated Windows during the last couple of weeks, DON’T GO ONLINE WITHOUT A FIREWALL.
“If your computer is already infected, you need to patch the LSASS hole first, then remove the worm - otherwise the worm could reinfect you immediately,” says the firm.
A free tool to remove the Sasser.A and Sasser.B worms is available here. http://www.f-secure.com/v-descs/sasser.shtml
Go here for more info http://www.microsoft.com/security/incident/sasser.aspMailing from Microsoft.
May 3rd, 2004 at 1:53 am
Screw this garbage — sony free to a good home. I’m going out to buy a Mac tomorrow. With Office X, my worry will be my cubemate sending some macrovirus crap to my Excel and that is all. The IT goons can take their ‘only-microsoft’ job security and shove it tomorrow morning.
May 3rd, 2004 at 2:26 am
Quit your whining, you elitist nerd. Go back to /. and rejoin the other original thinkers in the “I’m cool because I talk smack about Microsoft” echo chamber.
May 3rd, 2004 at 2:57 am
u suk cuz u not original thinker - just microserf
May 3rd, 2004 at 3:02 am
heh heh. listen. these viruses are created because they serve a purpose - an alarm clock to wake users up from their false sense of security.
just because you have a firewall sitting in front of your system does not mean that it’s protected. if you’re going to use a computer (with whatever system you choose to use - i don’t particularly care for these debates), then you should at least get a clue and get real about the situation.
i’ve known of many cases where people have opened an email, downloaded the attachment, and actually executed the program even when they’ve been told not to. the point is that technology isn’t going to solve the problem - these viruses should have given enough evidence to suggest this. malicious programs have been around for years and we still see companies profiting from the fear of their users.
why would someone want to use a computer if they’re not prepared to learn how to use it? it isn’t just about knowing how to copy your files from one disk to another, playing your music, writing your emails, and having frag-fests with buddies. you need to be aware of the internals of your system, the kind of code that is used to create the compiled executables, the methods and techniques of virus authors, and the mentality and motivation which comes with it. the world of computers belong to (using your terminonolgy - the ‘elitist nerds’ - i actually disagree with this label, but that’s another issue), but it’s the average user who causes the damage, not the viruses.
if you study the culture, then you can understand the significance of these malicious creations. some are on an ego trip (these are often teenagers with vb scripts), most do it for the challenge, and a few have criminal intent. fear is for the ignorant.
psyphen
May 3rd, 2004 at 4:30 am
Go ahead… buy your mac… and note, how many stores do you know of that sell many mac products? I’d rather take the free security updates and keep windows, which eveywhere you go you can find stuff for windows… and live with microsoft… I may not like them… but their product is more world wide.
May 5th, 2004 at 3:59 pm
I agree, psyphen.
However, give it 10 years. Although we’ll have an increase in teenage crackers in that time, we’ll also have less ignorant computer users (thanks to our “all-computer” upbringing).
June 9th, 2004 at 11:26 pm
Nonsense. Resistance to autocracy never went through complying with the domineering speech and products, even though they obviously are easier to find…