FYI;


Advisory
This is a Medium Threat Advisory for W32/Sasser.worm

Justification
W32/Sasser.worm has been deemed Medium due to prevalence

Read About It
Information about W32/Sasser.worm is located on VIL at:
http://vil.nai.com/vil/content/v_125007.htm

Detection
W32/Sasser.worm was first discovered on 30/04/2004 and detection will be added to the 4355 dat files (Release Date: 01/05/2004). The EXTRA.DAT is available.


This exploits a hole covered in the latest MS patch - MS04-011.

Thanks for the heads up. I've really got to watch the viruses at the moment because someone who has me in their address book has got a NetSky & i keep being gifted with them

Well, Sasser's in my normal virus update i got today from norton, so no need to manually install the extra definitions.

This Link (http://www.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html) may be useful to someone :0)

hi all....apologies if this is being discussed elsewhere...but couldnt find the subject when searched the forums.

just a queery really regarding the sasser alert on the ntl homepage
http://www.ntlworld.com/help/aup/virus_sasser.php

going by the wording of the alert...it sounds as if the relevant ports have been blocked??

more info here on sasser http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html

only reason i'm askin is cos of a thread on the computeractive forums.....where a poster has accused ntl of crass incompetance and stupidity for informing thier customers that they are not susceptible to sasser. (this aint what is stated in the alert though !!!!) the alert states that MOST ntl cusomers SHOULD not be susceptible to it due to proactive measures.

I know M$ have a patch but i can't find it.

Patch from Microsoft (http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx) :shocked:

And Here (http://www.microsoft.com/security/incident/sasser.asp) is quite useful too

And what a pain this virus is, it infected the uni computer system this morning just as I was giving a demonstration of my dissertation project so the computer kept crashing :(

hi all....apologies if this is being discussed elsewhere...but couldnt find the subject when searched the forums.

I've merged your thread with the Sasser thread in the Security forum ;) :)

just a queery really regarding the sasser alert on the ntl homepage
http://www.ntlworld.com/help/aup/virus_sasser.php

Don't know if NTL have blocked the ports. Maybe one of our NTL-employed members will be able to answer that.

I know M$ have a patch but i can't find it.

The patches are in the "Latest Microsoft Patches (http://www.cableforum.co.uk/board/announcement.php?f=19)" announcement in the Computers & Technology forums (at the top of the topics list). :)

I got the sassa worm !!! My son wnet onto symantec and downloaded the removal tool for me. I've now got rid of it. I went on to windows update and It said download this update to stay clear of the sassa worm, I checked my history and i'd downloaded it on April 14th !!! Also my son said that I can go into msconfig and get Zonealarm to start earlier in the start up menu ??? how ???

I've noticed CPU Spikes when I am connected to the internet over the last 2 days - any ideas if this is the virus looking for IP Addresses - my machines and clean and all up to date, just can't figure this one out.

I've noticed CPU Spikes when I am connected to the internet over the last 2 days - any ideas if this is the virus looking for IP Addresses - my machines and clean and all up to date, just can't figure this one out.

when you say connecting to the internet, is that using a dial or BB connection? and what exactly do you mean by connecting to the internet? is it opening IE? or any program?

Wireless broadband. Don't have to be running any programs at all for it to show up the problem. if i switch off the wireless connection then everything is fine.

Just heard that someone has been arrested for the Sasser virus....

not much news yet, just breaking on news24. 18 year old from Germany who wrote and activated that virus on his own.

Good to see that the person responsible has been caught :tu:

very quick for the ppl responsible :tu:

more info is now available here:

http://news.bbc.co.uk/1/hi/world/europe/3695857.stm

Bet he's regretting it now. He's 18. It's not going to look great on his first CV.

Bet he's regretting it now. He's 18. It's not going to look great on his first CV.

bet it is... he will score a sweet job with one of the big internet security teams and earn a mint :rolleyes:

bet it is... he will score a sweet job with one of the big internet security teams and earn a mint :rolleyes:

Maybe, but would you really want to employ someone with such a serious lack of judgement? Supposed you ****ed him off. Would he trash your comps? :confused:

bet it is... he will score a sweet job with one of the big internet security teams and earn a mint :rolleyes:

it wouldnt surprise me , in fact hasnt it already happened before ????????

it's happend many times, and will again.....boy all those hours slogging it down the mill...we're doing something wrong...we shd just write a few bytes of code and get employed as an consultant!!! :pp ;)

it's happend many times, and will again.....boy all those hours slogging it down the mill...we're doing something wrong...we shd just write a few bytes of code and get employed as an consultant!!! :pp ;)


i wouldnt fancy the jail term though :Yikes: :disturbd: :Yikes: :disturbd: :Yikes:

I'd do a few years in min security if I'd come out and get employed as a security consultant ;)

I hope he gets what he deserves.......
........and that's not a new job with money and respect!

He should be put to work for the length of his "jail term", and every penny he would have made should go to charity, or helping victims of crime.

Maybe, but would you really want to employ someone with such a serious lack of judgement? Supposed you ****ed him off. Would he trash your comps? :confused:And how long would you keep him for anyway - there's always someone better round the corner.

Notification received tonight about a new varient;

Information about W32/Sasser.worm.e is located on VIL at: http://vil-origin.nai.com/vil/content/v_125091.htm

"I am responsible for most of the Netsky varients" says Sasser author.
Article (http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2004/05/11/wsass11.xml&sSheet=/news/2004/05/11/ixworld.html)

"I am responsible for most of the Netsky varients" says Sasser author.
Article (http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2004/05/11/wsass11.xml&sSheet=/news/2004/05/11/ixworld.html)
I see M$ is putting some of its huge cash pile to good use by paying out $140,000 rewards to those who grassed up this idiot. Nothing like filthy lucre to loosen tongues. I hope the virus writers get put away for a long time. This is an excellent opportunity to show them, and the rest of their lot, that virus writing can destroy lives and livelihoods, and isn't just a bit of harmless Sunday afternoon geek fun.

Grass gets gripped up himself - http://www.theregister.co.uk/2004/05/18/sasser_informant_turns_suspect/
Also big security companies don't care about M$ pot o' gold, for that article and for the real low down on the situation - read el reg -
http://www.theregister.co.uk/security/virus/