Tuesday, May 4

Sasser Worm


This worm infects computers by exploiting a flaw in Microsoft's Windows operating system. Once inside, the worm scans the internet for others to attack, causing some computers to continually crash and reboot. It has severly hit asian region - Taiwan, Hongkong and India.

Sasser Worm - Info :

First Detected on Friday 4/29, 2004 with Worm with Variants – Sasser.A/B/C/D . It exploits law in Windows Local Security Authority Service Server (LSASS) and is spreading worldwide


Effects of Sasser

* Crashes infected devices

* Causes systems to reboot continuously

* Can scan for 1,024 separate IP addresses simultaneously

* Taiwanese Post Office, Sydney Australia Train System and several Scandinavian Banks reported infections – among other organizations


How Sasser Works :

* Exploits vulnerability in Windows Local Security Authority Service Server (LSASS)

* Vulnerability allows remote attacker to execute arbitrary code with System privileges

* Affected systems include: Microsoft Windows XP and Windows 2000

* Patch is available from Microsoft

* Worm executes code and installs a copy of itself into the infected computer’s memory – which infects other hosts.


Related Links :

* What You Should Know About the Sasser Worm and It Variants | Microsoft

* On the Worm Watch: Sasser

* Sasser Worm Analysis - LURHQ

* Sasser : Virus Profile

* How to Rid Your PC of 'Sasser' Infection

* Symantec Security Response - W32.Sasser Removal Tool

* Microsoft's Recommendations for the Sasser Worm and Its Variants