Virus/Worm Alert Announcement
w32.sasser.b.worm attempts to exploit the lsass vulnerability described in microsoft security bulletin ms04-011, and spreads by scanning randomly-chosen ip addresses for vulnerable systems.
– the md5 hash value for this worm is 0×1a2c0e6130850f8fd9b9b5309413cd00.
– symantec security response has developed a removal tool to clean the infections of w32.sasser.b.worm.
– block tcp ports 5554, 9996 and 445 at the perimeter firewall and install the appropriate microsoft patch (ms04-011) to prevent remote exploitation of the vulnerability.
security response is upgrading w32.sasser.b.worm to a category 4 from a category 3 based on increased rate of submissions.
also known as: worm_sasser.b [trend], w32/sasser.worm.b [mcafee]
infection length: 15872 bytes
systems affected: windows 2000, windows server 2003, windows xp