Sasser worm uses new LSASS vulnerability

By on
The vulnerability [URL=http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx]MS04-011[/URL] that eEye reported to Microsoft October 8, 2003. And which Microsoft released a fix for April 13, 2004 took malware writers just 18 days to build a working worm for. It's name is Sasser and it works very similar to the Blaster worm from last year in that it requires no user action to infect a computer. That means that an unpatched Windows 2000 or XP workstation without a firewall has a very high risk of being infected. The Sasser worm scans for it's targets on port 445.

The good news is that this worm causes no damage yet, but it is extremely likely that a variant of it that does will be released very soon, so if you have not patched your systems be sure to [URL=http://windowsupdate.microsoft.com/]update now![/URL]

F-Secure has more [URL=http://www.f-secure.com/weblog/]info[/URL] on this worm.

UPDATE: [COLOR=#1951B9]Microsoft has posted an ActiveX [URL=http://www.microsoft.com/security/incident/sasser.asp]scanning tool[/URL] on their Sasser infopage, which you can use to easily check online if you're infected or not. Then again, if you are infected, you might not make it to that page before you're machine is rebooted again.[/COLOR] Source: [URL=http://www.f-secure.com/]F-Secure[/URL]

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.