Thursday, May 06, 2004

Sasser One Of Largest Worms To Date

Sasser




MS: Almost 1.5M download Sasser cleanup tool

Almost 1.5 million Windows customers downloaded a cleanup tool for the Sasser Internet worm in the first two days after Microsoft Corp. began offering the tool on Sunday, according to a Microsoft spokesperson. The number of downloads is one indication of the number of Windows computers infected with Sasser and it is bigger than most estimates from computer security companies. Still, the total number of infected Windows systems could be even higher, especially when infections on computer networks are taken into account, the spokesperson said.

Sasser appeared on Friday and exploits a recently disclosed hole in a component of Windows called the Local Security Authority Subsystem Service, or LSASS. Microsoft released a software patch, MS04-011, on April 13 that plugs the LSASS hole. Sasser had spawned at least four variants, labeled A, B, C and D, as of Tuesday. The worm is similar to an earlier worm, Blaster, because users do not need to receive an e-mail message or open a file to be infected. Instead, just having a vulnerable Windows machine connected to the Internet via communications port number 445 is enough to catch Sasser.

After appearing Friday, the worm spread quickly around the world. Early estimates by the SANS Institute's Internet Storm Center (ISC) put the total number of infected system in the "hundreds of thousands."

As it did with the Blaster worm, Microsoft began offering the Sasser removal tool from its Web site shortly after the worm appeared. The tool, which can be downloaded or run from a Web browser, scans computers for telltale signs of Sasser and then allows the user to remove the worm.
(See: http://www.microsoft.com/security/incident/sasser.asp )

You can find security update 835732 here.

No comments:

Post a Comment

Contact The Wizard!
(he/him)