Digital Edition

SYS-CON.TV
Sasser: Microsoft Offers Removal Tool, Seeks Worm Source
Sasser: Microsoft Offers Removal Tool, Seeks Worm Source

A recent increase in malicious activity on the Internet, including the development of attack tools and exploit code, has resulted in an automated attack against computer users in the form of a worm identified as "W32.Sasser.worm" ("Sasser"). Through this worm, the attacker is attempting to exploit systems that are not protected against the Local Security Authority Subsystem Service (LSASS) vulnerability, which is mitigated by the use of a firewall and fixed in Microsoft Security Update MS04-011 on April 13, 2004. There is additional malicious activity in the form of variants of a worm known as "Agobot" (or "Agrobot"), which similarly seeks to exploit systems not protected by a firewall or the installation of MS04-011.

In a bulletin, the McAfee division of Network Associates, Inc. describes Sasser as "a self-executing worm that spreads by exploiting the Microsoft MS04-011 vulnerability. The primary purpose of the worm seems to be to spread to as many vulnerable machines as possible by exploiting un-patched Windows systems, giving it the ability to execute without requiring any action on the part of the user. Once activated the worm copies itself to a folder in the Windows System directory and adds a registry run key to load at system start-up."

Microsoft is working closely with law enforcement authorities, including the Northwest CyberCrime Taskforce, a joint effort between the FBI and U.S. Secret Service, to forensically analyze the malicious code in Sasser and Agobot, to identify and bring to justice those responsible for this malicious activity. The investigation is ongoing, and questions about the investigation should be referred to the Northwest CyberCrime Taskforce.

At the same time, Microsoft is working closely with the anti-virus community and other industry partners to help protect our customers. Customers using a firewall-- including the firewall in Windows XP, as well as third-party hardware or software firewalls -- are generally protected against the Sasser and Agobot threats. Customers can protect against these attacks by first ensuring that their firewall is in place, and then installing Microsoft Security update MS04-011 immediately. The MS04-011 security bulletin is available as a free download or users can use Windows Update to access the latest security update.

In addition, Microsoft has made a no-cost, software-based cleaner tool available that customers can use to automatically remove the Sasser worm from infected PCs after deploying the security update.

Customers who have followed the steps on www.microsoft.com/protect to enable Automatic Updates should already be protected against these emerging threats, as they should have received MS04-011 automatically. Microsoft continues to recommend that all customers visit www.microsoft.com/protect to take three key steps to protect their PCs. These include:

  • Use an Internet Firewall on all PCs and Laptops: An Internet firewall can help prevent outsiders from getting to your computer through the Internet. If you use Microsoft Windows XP, enable the built-in firewall.
  • Update Your Computer: Windows includes the automatic updates feature (Windows Update) which can automatically download the latest Microsoft security updates. Windows 98 SE and Windows ME can be updated from windowsupdate.microsoft.com.
  • Use Up-to-Date Antivirus Software: Installing, configuring and maintaining antivirus protection is absolutely essential.

    Immediate information and cure for this worm can also be found online at the Network Associates McAfee AVERT site. McAfee AVERT is advising its customers to update to the 4355 DATs to stay protected

    About Security News Desk
    SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

  • In order to post a comment you need to be registered and logged in.

    Register | Sign-in

    Reader Feedback: Page 1 of 1



    ADS BY GOOGLE
    Subscribe to the World's Most Powerful Newsletters

    ADS BY GOOGLE

    Having been in the web hosting industry since 2002, dhosting has gained a great deal of experience w...
    NanoVMs is the only production ready unikernel infrastructure solution on the market today. Unikerne...
    CloudEXPO | DevOpsSUMMIT | DXWorldEXPO Silicon Valley 2019 will cover all of these tools, with the m...
    SUSE is a German-based, multinational, open-source software company that develops and sells Linux pr...
    Your job is mostly boring. Many of the IT operations tasks you perform on a day-to-day basis are rep...
    Technological progress can be expressed as layers of abstraction - higher layers are built on top of...
    When building large, cloud-based applications that operate at a high scale, it’s important to mainta...
    In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, disc...
    Big Switch's mission is to disrupt the status quo of networking with order of magnitude improvements...
    Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism...
    Dynatrace is an application performance management software company with products for the informatio...
    In his session at 21st Cloud Expo, Michael Burley, a Senior Business Development Executive in IT Ser...
    All in Mobile is a mobile app agency that helps enterprise companies and next generation startups bu...
    Yottabyte is a software-defined data center (SDDC) company headquartered in Bloomfield Township, Oak...
    Serveless Architectures brings the ability to independently scale, deploy and heal based on workload...
    Whenever a new technology hits the high points of hype, everyone starts talking about it like it wil...
    Every organization is facing their own Digital Transformation as they attempt to stay ahead of the c...
    "Calligo is a cloud service provider with data privacy at the heart of what we do. We are a typical ...
    Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (No...
    Chris Matthieu is the President & CEO of Computes, inc. He brings 30 years of experience in developm...