
	Where results make sense

Topic: Sasser worm

Related Topics

Blaster worm

Notable computer viruses and worms

SQL slammer worm

Sobig worm

Morris worm

Mydoom

Sven Jaschan

List of computer viruses

Windows Update

Code Red worm

Melissa worm

Microsoft Windows

VBScript

Therianthropy

3D computer graphics

In the News (Wed 2 Dec 09)

Northern Trust

Marvin Harrison

Peter Chernin

Gary Locke

Match Play

Penelope Cruz

Mickey Rourke

AR Rahman

Danny Boyle

Hugh Jackman

	Viruslist.com - Net-Worm.Win32.Sasser.a
		Sasser is an Internet worm that exploits the MS Windows LSASS vulnerability described in Microsoft Security Bulletin MS04-011.
		Sasser functions on all other versions of Windows but is unable to infect them by attacking via the vulnerability.
		Sasser creates the file 'win.log' in the C drive root directory where the worm records the IP-addresses of all attacked machines.
	www.viruslist.com /viruses/encyclopedia?virusid=50204 (407 words)

	Sasser Worm Impacted Businesses Around the World - Technology News by TechWeb
		The Sasser worm attacks of last weekend and early this week sent IT staffs around the world scuttling to patch vulnerable Windows systems, dealing with network slow-downs, and switching to old-fashioned paper to handle business.
		Although by Friday the Sasser worms had dramatically tailed off -- security firm Panda Software reported that Sasser accounted for just 13 percent of all tracked malware Friday, compared with a high of 40 percent on Sunday -- the attacks took their toll in the U.S. and overseas.
		In Taiwan, one of the countries hit hardest early in the worm's rampage, some 1,600 computers in its postal service were infected, forcing about a third of the branches to move to paper.
	www.techweb.com /wire/story/TWB20040507S0008 (1050 words)

	Hard-hitting Sasser Worm Dubbed MSBlast Of 2004 - Technology News by TechWeb
		The Sasser worm -- the fourth variant, tagged as Sasser.d, appeared Monday, and followed the original, Sasser.a, and two copycats, dubbed Sasser.b and Sasser.c -- can infect Windows 2000, Windows XP, and Windows Server 2003 machines without resorting to e-mail, and the associated file attachments that users must open to spread the malicious code.
		Dunham and others said that the Sasser worm may be the work of the same group that crafted a recent Netsky worm.
		One of the Netsky worm family's distinguishing traits is its numerous variations, with new copies released weekly, and in some cases, daily.
	www.techweb.com /wire/story/TWB20040503S0005 (701 words)

	New worm targets Sasser code flaw - Network World
		The new worm, tentatively named Dabber, takes advantage of a vulnerability in an FTP server component in the Sasser worm and may have infected thousands of computers infected with Sasser.
		Dabber is believed to be the first worm that spreads specifically by targeting a flaw in another worm's code, according to an advisory published by LURHQ, a Chicago managed security services company.
		The worm uses code written to exploit the FTP flaw and was recently released on the Internet, scanning the Internet on port 5554 for computers running Microsoft's Windows operating system and infected with Sasser, LURHQ said.
	www.networkworld.com /news/2004/0513newworm.html (722 words)

	A tool is available to remove the Sasser worm variants
		After you install the 835732 (MS04-011) security update on a computer that is already infected with the Sasser worm, the computer may continue to generate network traffic on the affected Transmission Control Protocol (TCP) ports to try to spread the worm infection to other vulnerable computers.
		If a Sasser registry value no longer points to a file on the hard disk, the removal tool does not remove the "orphaned" registry value because the registry value will not cause any damage if the associated file does not exist on the hard disk.
		However, if the Sasser worm infected your computer before an up-to-date antivirus program was installed, and scheduled virus scanning or background virus scanning is disabled, your antivirus program might not detect the worm until the Sasser Worm Removal Tool tries to remove the worm.
	support.microsoft.com /?kbid=841720 (3016 words)

	Fast-Spreading Worm Has Infected As Many As 1 Million PCs - News by InformationWeek
		The infection, known as Sasser, exploits a Windows vulnerability and is being compared to last year's Blaster worm.
		A fast-spreading worm line that some are comparing to Blaster is exploiting a vulnerability in Windows and has infected as many as 1 million machines worldwide.
		The Sasser worm--the fourth variant, tagged as Sasser.d, appeared Monday, and followed the original, Sasser.a, and two copycats, dubbed Sasser.b and Sasser.c--can infect Windows 2000, Windows XP, and Windows Server 2003 machines without resorting to E-mail and the associated file attachments that users must open to spread the malicious code.
	www.informationweek.com /story/showArticle.jhtml?articleID=19400229 (683 words)

	Viruslist.com - Net-Worm.Win32.Sasser.d
		Sasser works in a similar way to Lovesan, although Lovesan exploited a vulnerability in the RPC DCOM service.
		The worm is written in C/C++ in a Visual C++ environment.
		The worm deletes entries from the registry which have been created by versions of Email-worm.Win32.Bagle and Trojan-Proxy.Win32.Mitglieder.
	www.viruslist.com /en/viruses/encyclopedia?virusid=50554 (308 words)

	Sasser - ZDNet: Reviews
		Sasser and its variations are network-aware worms that do not require e-mail or user interaction to spread.
		Sasser (w32.sasser.a) and Sasser.b (w32.sasser.b) are both 15,872 bytes long, and they randomly scan local networks and the Internet to look for additional systems to infect.
		However, simply removing the Sasser worm infection is not enough; an infected system will remain vulnerable to attack until the LSASS vulnerability itself has been patched.
	review.zdnet.com /4520-6600_16-5133023.html (606 words)

	Author leaves warning in latest Sasser worm \| Tech News on ZDNet
		While antivirus experts are not positive whether Sasser.E started spreading before or after the arrest, Microsoft believes that the fifth version of the worm was released four days before the teenager was arrested, according to a representative of the software giant.
		Sasser.E is currently rated a low security threat by antivirus firm Network Associates and rates a "2" on rival Symantec's five-point scale.
		Earlier versions of Sasser received a medium threat rating, with some estimates putting the level of attacks at 500,000 computer systems in the first several days.
	news.zdnet.com /2100-1009_22-5209459.html (1042 words)

	eEye Digital Security - Research
		The "Sasser" LSASS worm discovered April 30, 2004 is a self-propagating executable written in Microsoft Visual C. It exploits the LSA buffer overflow vulnerability reported to Microsoft by eEye and patched in the MS04-011 security bulletin released on April 13, 2004.
		The public exploit used by the "Sasser" worm was released Thursday by "houseofdabus", and is confirmed to work against Windows 2000 Professional, Windows 2000 Server, and Windows XP Professional, in English and Russian languages.
		The worm attempts to connect to TCP port 445 on the system at the generated IP address, and if successful, it sends a sequence of packets in order to retrieve the host's SMB banner, which gives a hint at what version of Windows the system is running.
	research.eeye.com /html/advisories/published/AD20040501.html (1657 words)

	Wired News: Sasser Worm Snakes Into Windows
		A pesky computer worm snarled hundreds of thousands of machines worldwide Monday in the latest virus-like outbreak to take advantage of a known flaw with the Windows operating system.
		The worm caused some computers to continually crash and reboot, apparently the result of bad programming by the virus writer rather than intent, security experts said.
		Once Sasser infects a computer, it automatically scans the Internet for other computers with the flaw and sends a copy of itself there.
	www.wired.com /news/infostructure/0,1377,63320,00.html (819 words)

	W32.Sasser.B.Worm
		The worm locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and copies itself to that location.
		If a connection is made to a computer, the worm sends shellcode to that computer which may cause it to run a remote shell on TCP port 9996.
		The worm then uses the shell to cause the computer to connect back to the FTP server on port 5554 and retrieve a copy of the worm.
	www.upenn.edu /computing/virus/04/w32.sasser.b.worm.html (522 words)

	'Sasser' Worm Tip of the PC Bug Invasion
		The Microsoft software tool designed to rid computers of the fast-spreading "Sasser" worm has been downloaded nearly 2 million times since it was made available earlier this month, the company said.
		Security experts say many computers infected by the Sasser worm were also hit by a prolific family of programs known variously as "Agobot," "Gaobot" and "Phatbot." They are difficult to detect because some of them shut down or disable antivirus and firewall software running on targeted computers.
		Three days before the Sasser worm surfaced the school quarantined about 400 computers that had been infected with the latest version of Agobot, Anderson said.
	www.securityfocus.com /news/8573 (742 words)

	Sasser Worm Softrim Virus News
		The Worm surfaced May 1, 2004 and automatically spreads via the Internet to computers using Microsoft Windows 2000 and XP.
		Delta Air Lines may have been hit by the Worm, which may have caused delays and the cancellation of flights across its systems during the May 1st weekend.
		This Worm does not need to be activated by double-clicking on an attachment and can strike even if no one is using the PC at the time.
	www.softrim.com /Virus_article_sasser.asp (189 words)

	German teenager admits creating Sasser computer worm (Site not responding. Last check: 2007-10-11)
		The worm raced around the world over the past week, exploiting a flaw in Microsoft's Windows operating system.
		Sasser also affected computers at Delta Air Lines, forcing it to ground flights last weekend, and the European Union's executive Commission, said Ruediger Butte, the director of the state criminal office in Hanover.
		Sasser is known as a network worm because it can automatically scan the Internet for computers with the security flaw and send a copy of itself there.
	www.post-gazette.com /pg/04130/313505.stm (692 words)

	USATODAY.com - German net worm writer may have been helping mom (Site not responding. Last check: 2007-10-11)
		Sven Jaschan, an 18-year-old who has just graduated from vocational school, was detained on Friday and admitted to being the mastermind behind the fast-spreading Sasser worm.
		In a search of the suspect's home, they confiscated his customized computer, which was believed to contain the worm's source code, the state criminal office said in a statement.
		Authorities said on Saturday they were looking at the possibility that the youth may have been trying to top the efforts of other programmers by creating a superior worm but had been surprised by the damage it had caused.
	www.usatoday.com /tech/news/2004-05-08-sasser-arrest_x.htm (967 words)

	Wired News: Sasser Worm Suspect Confesses
		Sasser, a tenacious computer worm, is expected to infect millions of machines before it runs its course.
		The prevailing theory was Sasser was written by the same gang behind the prevalent 2-month-old Netsky virus.
		If the Sasser author is part of the Netsky group, which calls itself the "Skynet antivirus group," this could be the most important arrest yet in cracking virus-writing crime.
	www.wired.com /news/infostructure/0,1377,63393,00.html (802 words)

	F-Secure Computer Virus Information Pages: Sasser
		Sasser generates traffic on TCP ports 445, 5554 and 9996.
		Sasser was written in Visual C++ and it spreads in a single executable which is packed and protected with several envelopes.
		When attacking the worm first determines the version of the remote operating system then uses the appropriate parameters to attack the host.
	www.f-secure.com /v-descs/sasser.shtml (495 words)

	Win32.Sasser.B
		Win32.Sasser.B is a worm that spreads by exploiting a vulnerability in the LSASS service on Windows 2000, XP and 2003 server.
		The worm uses this to open a remote shell, listening on port 9996.
		There is a 25% chance it will generate addresses with the first octect the same as the host, and a 25% chance it will use the first two octets from the host address.
	www3.ca.com /threatinfo/virusinfo/virus.aspx?id=39021 (466 words)

	The new Sasser.D worm aggravates the epidemic that is sweeping across the Internet
		Besides, some 300 million computers worldwide are vulnerable to attack by the Sasser worm, which gives an idea of the potential scale of the threat.
		There can be no doubt about the intentions of the creators of these worms: to put as many viruses as possible in circulation in order to multiply the probability of infection.
		The vulnerability exploited by this worm was reported by Microsoft recently in bulletin MS04-011 (http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx), along with the patch.
	www.pandasoftware.com /about/press/viewNews.aspx?noticia=5046 (572 words)

	CNN.com - Teen admits creating Sasser worm - Jul 6, 2005
		The worm spread quickly when it was released earlier that month, slowing to a snail's pace computers around the world.
		The Sasser worm did not have a malicious payload, meaning it did not destroy or alter information within a computer.
		While computer viruses, worms, and Trojans all act a little differently, they are all generally considered "malware" or malicious software.
	edition.cnn.com /2005/LAW/07/05/sasser.court (438 words)

	Technology News: Security: Sasser Worm Prompts New Security Strategies
		Now the Sasser worm -- which could in fact be a clone, at least in its effects, of last year's MSBlaster and Slammer worms -- is said to have affected more than one million systems worldwide so far.
		While the Sasser worms continue to look for new victims to infect, the hunt for their creators has started.
		By applying proprietary forensic IT techniques to the code of these worms, PandaLabs, a security firm, is already on the lookout for clues that could lead to the arrest of their authors.
	www.technewsworld.com /story/33694.html (1171 words)

	Technology News: Security: Sasser Worm Poses New Security Threats
		The Sasser worm exploits the Windows Local Security Authority Subsystem Service (LSASS) vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of an affected system.
		The worm causes a buffer overflow in LSASS.exe.
		A worm is self-propagating code that distributes itself to new hosts and continues the infection process.
	www.technewsworld.com /story/33610.html (1314 words)

	CNN.com - Sasser worm rips through Internet - May 5, 2004
		"Sasser is a successful and widely propagating worm with a somewhat benign impact to the end user," said Chris Rouland of Internet Security Systems.
		Sasser does not have a malicious payload, meaning it does not destroy or alter information within a computer.
		As Sasser moves from machine to machine, it is also possible to create a "back door," leaving open the possibility of later remotely take over control of a user's computer.
	www.cnn.com /2004/TECH/internet/05/05/sasser.worm/index.html (882 words)

	New Worm Targets Sasser-Infected Systems - News by InformationWeek
		Dabber is targeting only systems infected with the Sasser worm, and, according to Joe Stewart, senior security researcher at LURHQ's Threat Intelligence Group, the worm hasn't infected many systems yet.
		What's unusual about the Dabber worm is that it's not using an operating-system vulnerability to spread itself.
		Once a system is infected with Dabber, Stewart says, the new worm takes steps to remove the Sasser worm as well as viruses.
	www.informationweek.com /story/showArticle.jhtml?articleID=20300936 (228 words)

	Sasser Worm Analysis - LURHQ
		The worm utilizes the MS04-011 LSASS exploit released by "houseofdabus" on Thursday April 29 2004.
		The worm executable was compiled on Friday April 30 2004 at 19:23:16 (timezone unknown).
		The F variant is a repack of the A variant binary with the mutex and exe/registry entry strings edited using a hexeditor.
	www.lurhq.com /sasser.html (864 words)

	Sasser worm begins to spread \| Tech News on ZDNet (Site not responding. Last check: 2007-10-11)
		A worm, dubbed Sasser by antivirus firms, was spreading slowly throughout the Internet on Saturday, taking advantage of a vulnerability in unpatched Windows systems to infect new hosts.
		The Sasser worm began spreading Friday night and seems to be moving at a pace far slower than previous worms such as MSBlast and Code Red, said Alfred Huger, senior director of security firm Symantec's response team.
		Symantec initially rated the Sasser worm as a two on its five-point scale of threats.
	news.zdnet.com /2100-1009_22-5203764.html (895 words)

	BBC NEWS \| Business \| Sasser net worm disruption grows
		The Sasser worm is continuing to cause disruption for large numbers of Windows PC users.
		A patch for the vulnerability Sasser exploits was first released on 13 April and then updated on 28 April.
		The latest version of the Netsky virus, the 29th variant, travels with a file that claims to be a cure for Sasser sent out by anti-virus firms.
	news.bbc.co.uk /2/hi/business/3679511.stm (657 words)

Try your search on: Qwika (all wikis)