Sasser worm - TechRepublic
General discussion
May 2, 2004 at 01:25 AM
joseph moore

Sasser worm

by joseph moore . Updated 22 years, 2 months ago

Ok, so a worm exploiting the Windows problem in LSASS.EXE process (that was patch a couple weeks ago in MS04-011) is out, called Sasser. Here’s the MS page on it:
http://tinyurl.com/39hae
The antivirus companies all have updates for it by now (3AM CST Sunday morning; can’t sleep, so I thought I would read up on it). There are links and article popping up on it all over.
Just wanted to throw a heads up out there.
The current reports (again, at this late hour here) state that it’s not spreading insanely fast (no Blater or — even worse, Slammmer — speeds), but it is moving around.
It attacks TCP port 445 (SMB port), so it is Win2K/XP/2K3 only. No 9x line, nor NT4. So, that alone will make its impact less than Blaster. But it’s still moving out there.
I’m worried about work on Monday, those laptop users coming into the office in the morning, plugging in, bypassing the firewalls and virus scans and IDS egress filters, etc.
I don’t expect to have a good day Monday.
This patch, MS04-011, has some documented problems (you can read about the problems here: http://support.microsoft.com/?kbid=841382), so I know my company has NOT rolled this patch out full-scale yet. My web servers are patched (due to the SSL vulnerability the patch also fixes), but that’s about it.
Ok. Good luck to all! I hope you are more patched against this one then my machines are!

This discussion is locked

All Comments