Virus/Worm Alert Announcement
threat: w32.sasser.b.worm
category: 4

w32.sasser.b.worm attempts to exploit the lsass vulnerability described in microsoft security bulletin ms04-011, and spreads by scanning randomly-chosen ip addresses for vulnerable systems.
notes:
– the md5 hash value for this worm is 0×1a2c0e6130850f8fd9b9b5309413cd00.
– symantec security response has developed a removal tool to clean the infections of w32.sasser.b.worm.
– block tcp ports 5554, 9996 and 445 at the perimeter firewall and install the appropriate microsoft patch (ms04-011) to prevent remote exploitation of the vulnerability.

security response is upgrading w32.sasser.b.worm to a category 4 from a category 3 based on increased rate of submissions.
also known as: worm_sasser.b [trend], w32/sasser.worm.b [mcafee]
variants: w32.sasser.worm
type: worm
infection length: 15872 bytes
systems affected: windows 2000, windows server 2003, windows xp

Leave a Reply

Your email address will not be published. Required fields are marked *

:D :) :( :o 8) :eek: ;-( :grin: :wink: :arrow: :idea: :?: :!: :evil: O:) :-| :-* :-(( :poke: :love: :tired: :emotion: :party: :clown: :worried: X( :p