[Full-Disclosure] Fw: Sasser internet worm spreading

From: B$H (bugtracklist_at_freemail.hu)
Date: 05/01/04

  • Next message: Ben Ryan: "[Full-Disclosure] New LSASS-based worm finally here (Sasser)"
    To: mailinglist full-disclosure <full-disclosure@lists.netsys.com>
    Date: Sat, 01 May 2004 21:44:30 +0200

    > - Sasser internet worm spreading
    > Sophos is advising customers to ensure they are
    > running the latest security patches from Microsoft
    > as the Sasser worm infects internet users.
    > The Sasser worm does not spread via email, but exploits
    > a critical security vulnerability in versions of Microsoft
    > Windows.
    > A detailed analysis of W32/Sasser-A is available at:
    > http://www.sophos.com/virusinfo/analyses/w32sassera.html
    > More information about W32/Sasser-A, and the Microsoft
    > security vulnerability it exploits, can be found at:
    > http://www.sophos.com/virusinfo/articles/sasser.html
    > Information from Microsoft about the Sasser worm and the
    > security vulnerability can be found at:
    > http://www.microsoft.com/security/incident/sasser.asp
    > http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx
    > Home users who do not know if their computers are running
    > the latest Microsoft security patches should visit the
    > Microsoft WindowsUpdate website:
    > http://www.windowsupdate.microsoft.com
    > Sophos issued protection against the W32/Sasser-A worm at
    > 06:30 GMT on 1 May 2004. Customers using Enterprise Manager
    > or the Sophos Anti-Virus Small Business Edition were
    > automatically protected at their next scheduled update.
    > PCs which are secured behind properly configured firewalls
    > should not be affected by the Sasser worm.
    > Update your corporate anti-virus now so that you can detect
    > and prevent the Sasser worm. If you do not have procedures
    > for rapid updates, implement them now, because you are sure
    > to need them again. Sophos Enterprise Manager is the recommended
    > way to help automate protection updates inside your enterprise.
    > If you are a small business you should consider Sophos's
    > small business solutions to ensure automatically updated
    > protection.
    > http://www.sophos.com/products/em/
    > http://www.sophos.com/products/small_business/
    > If you have not already done so, sign-up for free automatic
    > notification of every new virus found in the wild.
    > http://www.sophos.com/virusinfo/notifications/
    > Educate your users, and keep yourself constantly aware, of
    > the latest virus threats by adding a free virus info feed
    > on your website or intranet. Once added to your site the
    > info feed requires no maintenace and is automatically kept
    > up-to-date with information about the very latest virus alerts.
    > As well as English, the feeds are also available in French,
    > German, Spanish and Japanese.
    > http://www.sophos.com/virusinfo/infofeed/
    > Sophos technical support

    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Ben Ryan: "[Full-Disclosure] New LSASS-based worm finally here (Sasser)"

    Relevant Pages

    • Re: Non-Admin Installing Security Updates
      ... E.g. SUS supports this... ... 3rd party products further down) for security patches. ... Microsoft Software Update Services ... Here is a third party product that supports Win9x and WinME as well: ...
    • RE: after updating windows,the last program i installed are being
      ... issues related to security patches. ... Call your local Microsoft Subsidiary, or the number for paid support ... and ask for the free help with virus infections or security ... It is not the problem that happens with only Zune,but whenever it installs ...
    • RE: Error after installing July patches on two Advanced Server 200
      ... ASP.Net 1.0 by adding the following 2 registry keys: ... Microsoft Global Technical Support Center ... Error after installing July patches on two Advanced Server ... | security patches and are now getting an error. ...
    • Re: suspicious email
      ... If you are infected by the w32.swen.@mm worm, ... >>Microsoft Policies on Software Distribution ... >>Information on Bogus Microsoft Security Bulletin Emails ... >>> Microsoft which porport to contain security patches. ...
    • Re: Time and Date error message for MS updates/sasser
      ... Kate wrote: ... > I have the sasser worm on my compaq running WinXP. ... > get the time and date error message from the microsoft ... Try downloading the latest fix from ...