Sasser Worm

Zed

Zed

Rogue Chimp
Exploiting vulnerabilities announced / patched in April by Microsoft in the LSASS MS-RPC Protocol.

Network based its self propogating and drops files onto the system, edits the registry and generally does nastyness.

Make sure

1. AV is current

2. You patch / run windows update.

Personal firewalls - dependant on the way they work should stop this from infecting your machines. Unless the LSASS RPC Protocol talks to the network then you might be in trouble.
 
Entropy

Entropy

Full Member
Hmmm, this seems to be an example of what a mate was talking about. Someone he once knew saves an image of their operating system prior to any windows update download, and then compares the two images and works out what was changed in the update. That used to give him code to target a new virus on - a lot of people do it I think.
 
Zed

Zed

Rogue Chimp
Aye. Problem is though a lot of research companies now post the vulnerab ility information and often tag code examples on how to break it

(www.eeye.com for example) so its fairly easy to do without having to target that!!
 
G

Gulia

Full Member
I got this on my PC yesterday and as we were clearing the SasserB version the D version decided to get in as well.

Everything is now up-to-date and its not come back thank goodness, only affected the PC which was running XP and didn't have the Microsoft Update on it. The update package has the number 835732 if anyone else is having problems with it.

Gules

Morale of this: Do your Microsoft and AV updates regularly :rolleyes:
 
Zed

Zed

Rogue Chimp
Have been asked if we should be concerned about this:

Currently the variants todate are fairly benign. They scan multiple ip addresses across Class A and Class B subnets and a load of random ones. The upshot it a potential decrease in your network availability.

Bear in mind this dumps a command in the Run reg key (HKey_Local Machine) to execute a file each time you reboot your pc. So if youre infected you will potentially reinfect the systems around you ..

At present it doesnt do anything more nasty than that. However it wont be long before it changes the file from a purely scanning one to also being a backdoor or trojan.

So should you be worried about it? Yes. Patch the OS and update / run your AV tools.
 
Althorn

Althorn

Full Member
Ya, luckly I got a application "checker" running that stops any "new" programs from running, it caught this little nasty from crawling onto my pc ... just doing windows update now, but it's failing for some odd reason ...

/sigh
 
Rowan

Rowan

Tribal Matriarch dude
I just cannot understand why people don't patch.
We look for patches on our AVG daily and on Microsoft at least once a week.
They should have something like a driving test for folk before they let them online!
Having said that , buisnesses sem to be hardest hit, which is WORSE as they have IT specialists who don't patch!
 
You must log in or register to reply here.
Top