FRISK Software International

News from FRISK Software International > Security Alert > W32/Sasser.A

The Sasser worm takes advantage of a recently reported Windows vulnerability.

Updated: 6 May 2004

Since the appearance of W32/Sasser.A, three new variants have been discovered: W32/Sasser.B, W32/Sasser.C and W32/Sasser.D. These variants all behave in a similar way to W32/Sasser.A and are detected by F-Prot Antivirus using virus signature files dated 3 May 2004 and later.

1 May 2004

W32/Sasser.A started spreading early in the morning of Saturday 1 May 2004 and was quickly detected by FRISK Software virus analysts. This worm has gained wide distribution in a short period of time and has, as a result, been classified as high risk by FRISK Software's virus experts.

Threat Description

W32/Sasser.A is a self-executing worm that spreads by taking advantage of a LSASS vulnerability in Windows that was first reported on 13 April 2004 in Microsoft Security Bulletin MS04-011. The worm infects systems running Windows XP and Windows 2000.

The worm does not spread via e-mail and needs no user action in order to propogate. Instead, it spreads directly from one networked computer to another by taking advantage of the aforementioned vulnerability and instructing unpatched systems to download and execute the worm's code. This technique, combined with the fact that many users have yet to update their systems, has allowed the worm to spread considerably in a relatively short period of time.

Recommended Reactions

Windows users are urged to update their operating systems immediately with the latest patches available from Microsoft.

Users should also update their virus signature files immediately and make sure they have the latest versions of F-Prot Antivirus installed on their computers.

After updating the virus signature files, users should scan their whole system with the F-Prot Antivirus OnDemand scanner to ensure that their computer security was not compromised before the virus signature files were updated.

Threat Detection

The latest versions of F-Prot Antivirus detect W32/Sasser.A using virus signature files dated 1 May 2004 or later.

More information

From FRISK Software: From Microsoft:
FRISK Software International is a leading developer of anti virus software and anti spam filtering services. FRISK Software International's anti virus computer software, F-PROT Antivirus, is available for a number of operating systems such as Windows, Linux, BSD, Solaris, and AIX as well as the Microsoft Exchange groupware. The company also offers F-PROT AVES, the anti spam and anti virus filtering service.

 
News
1 December 2008
F-PROT Antivirus Achieves a VB100 Award
F-PROT Antivirus for Windows 6.0.9.1 achieves a VB100 award in the December 2008 issue of Virus Bulletin

Security Alerts
11 July 2007
Security Bulletins for July 2007
Microsoft releases six patches this month, three of which are deemed critical

RSS News Feeds
Virus news and information directly to your desktop.
more...


agoat@klaki.net argentina@f-prot.com argentina@frisk.is argentina@complex.is argentina@f-prot.is argentina@frisk-software.com argentina@f-prot.net argentina@f-prot.co.uk brazil@f-prot.com brazil@frisk.is brazil@complex.is brazil@f-prot.is brazil@frisk-software.com brazil@f-prot.net brazil@f-prot.co.uk malta@f-prot.com malta@frisk.is malta@complex.is malta@f-prot.is malta@frisk-software.com malta@f-prot.net malta@f-prot.co.uk a.bjani@f-prot.com a.bjani@frisk.is a.bjani@complex.is a.bjani@f-prot.is a.bjani@f-prot.co.uk a.bjani@frisk-software.com a.bjani@f-prot.net z.fifl@f-prot.com z.fifl@frisk.is z.fifl@complex.is z.fifl@f-prot.is z.fifl@f-prot.co.uk z.fifl@frisk-software.com z.fifl@f-prot.net strumpuri@complex.is strumpure@complex.is strumpuru@complex.is 00a@eircom.net 0maaahonyy@eircom.net 950@eircom.net af@eircom.net am@eircom.net ar@eircom.net as@eircom.net b1@eircom.net boss3@eircom.net ceih@eircom.net cera@eircom.net chxe@eircom.net cs@eircom.net cydw@eircom.net d71@eircom.net dpfy@eircom.net dzuv@eircom.net ehpa@eircom.net epin@eircom.net f1@eircom.net fa@eircom.net fdld@eircom.net fdnv@eircom.net gacg@eircom.net gafj@eircom.net gc@eircom.net gz@eircom.net ha@eircom.net he@eircom.net ia@eircom.net ja@eircom.net k2@eircom.net lleahy6@eircom.net m1@eircom.net no@eircom.net pb@eircom.net qq@eircom.net r6oo@eircom.net ra@eircom.net s2@eircom.net t2@eircom.net ua@eircom.net va@eircom.net vb@eircom.net w2@eircom.net ww2@eircom.net xxxkiss@eircom.net y1@eircom.net ya@eircom.net zz@eircom.net