• sasser worm

    Virus/Worm Alert Announcement
    threat: w32.sasser.b.worm
    category: 4

    w32.sasser.b.worm attempts to exploit the lsass vulnerability described in microsoft security bulletin ms04-011, and spreads by scanning randomly-chosen ip addresses for vulnerable systems.
    notes:
    – the md5 hash value for this worm is 0×1a2c0e6130850f8fd9b9b5309413cd00.
    – symantec security response has developed a removal tool to clean the infections of w32.sasser.b.worm.
    – block tcp ports 5554, 9996 and 445 at the perimeter firewall and install the appropriate microsoft patch (ms04-011) to prevent remote exploitation of the vulnerability.

    security response is upgrading w32.sasser.b.worm to a category 4 from a category 3 based on increased rate of submissions.
    also known as: worm_sasser.b [trend], w32/sasser.worm.b [mcafee]
    variants: w32.sasser.worm
    type: worm
    infection length: 15872 bytes
    systems affected: windows 2000, windows server 2003, windows xp

Leave a comment

:D :) :( :o 8) :eek: ;-( :grin: :wink: :arrow: :idea: :?: :!: :evil: O:) :-| :-* :-(( :poke: :love: :tired: :emotion: :party: :clown: :worried: X( :p