Monday, May 24, 2004
Sasser worm
The sasser worm is causing all sorts of difficulties around the world. However, it seems from information posted on a number of technical forums I have been looking at that Australia may well have been one of the first countries to experience the havoc caused by this little beastie.
The “Sasser worm” as its called as a number of variants the orignal worm w32.sasser and then w32.sasser.b and w32sasser.c. Currently sasser.c is the most aggressive spreader.
These three viruses other than spreading and multiplying don’t really cause to much damage to our computer systems. However, they do make a significant degradation in system performance and causes a fault which has the machine automatically rebooting around 5 minutes of operation on the internet.
It is surposed to be blocked by having a software firewall, and from what I can see the firewall built into xp service pack 1 does nothing to stop this feral beastie.
Sasser is a virus you simply cannot wait around till you get it. Because you will eventually end up with it. You need to do something to avoid that. And how you do that is make sure you have a firewall either hardware or software. This virus spreads via the same ways the welshire and the blaster worm did but in on different ports.
W32.Sasser.C.Worm is a minor variant of W32.Sasser.B.Worm. It attempts to exploit the LSASS vulnerability described in Microsoft Security Bulletin MS04-011, and spreads by scanning randomly-chosen IP addresses for vulnerable systems. This particular variant spawns 1024 threads for the infection routine, where as previous variant W32.Sasser.B.Worm uses 128 threads.
How do I stop Sasser from sassing - very simply
If I have the virus - Firstly disconnect from the internet immediately then get one someone elses computer and go to www.symantec.com and click on the downloads section and go to removal tools you’ll find in there a download section for the removal of the sasser worm. Save the file to a floppy disc and transport it to your computer and run it. Then go to Microsoft and download the patch to block it.
If I don’t have the virus – firstly download a firewall from www.download.com try tiny personal firewall. Its good or try zonealarm of which you set it to block traffic on a couple of ports 5554, 9996 and 445 this will then block off the virus from getting in. go to windowsupdate.Microsoft.com and then download the patches to keep your machine safe. Keep your software firewall active.
The “Sasser worm” as its called as a number of variants the orignal worm w32.sasser and then w32.sasser.b and w32sasser.c. Currently sasser.c is the most aggressive spreader.
These three viruses other than spreading and multiplying don’t really cause to much damage to our computer systems. However, they do make a significant degradation in system performance and causes a fault which has the machine automatically rebooting around 5 minutes of operation on the internet.
It is surposed to be blocked by having a software firewall, and from what I can see the firewall built into xp service pack 1 does nothing to stop this feral beastie.
Sasser is a virus you simply cannot wait around till you get it. Because you will eventually end up with it. You need to do something to avoid that. And how you do that is make sure you have a firewall either hardware or software. This virus spreads via the same ways the welshire and the blaster worm did but in on different ports.
W32.Sasser.C.Worm is a minor variant of W32.Sasser.B.Worm. It attempts to exploit the LSASS vulnerability described in Microsoft Security Bulletin MS04-011, and spreads by scanning randomly-chosen IP addresses for vulnerable systems. This particular variant spawns 1024 threads for the infection routine, where as previous variant W32.Sasser.B.Worm uses 128 threads.
How do I stop Sasser from sassing - very simply
If I have the virus - Firstly disconnect from the internet immediately then get one someone elses computer and go to www.symantec.com and click on the downloads section and go to removal tools you’ll find in there a download section for the removal of the sasser worm. Save the file to a floppy disc and transport it to your computer and run it. Then go to Microsoft and download the patch to block it.
If I don’t have the virus – firstly download a firewall from www.download.com try tiny personal firewall. Its good or try zonealarm of which you set it to block traffic on a couple of ports 5554, 9996 and 445 this will then block off the virus from getting in. go to windowsupdate.Microsoft.com and then download the patches to keep your machine safe. Keep your software firewall active.
# posted by Peter Saville - IT Consultant @ 8:23 PM 
