At least two other versions of the virus have been detected on the Internet yesterday. However, despite the emergence of Sasser B and C, international antivirus software companies claim that the outbreak has peaked and will ease.
Sasser has similar attacks to the Blaster worm, which was once the terror of millions of networked computers last summer. It does not require the user to open the e-mail or activate the attachment. Instead, only Windows PCs that have not upgraded their network connections to port 445 are immediately infected. According to Graham Cluley of Sophos, the time it takes to connect is two minutes. The British security company said yesterday they had even identified the virus variant D. The notable feature of the C variant is that it fixes the shortcomings of the original version of fast scanning capabilities on the network to find new targets.
However, versions of Sasser have so far been reported to have a much slower rate of spread than the Blaster and reached peak levels within hours of their appearance. In addition, many businesses blocked port 445 from before Sasser was born, which is a regular target for trojans such as Agobot.
According to Johannes Ullrich, chief technology officer of the Internet Surveillance Center at the SANS Institute, in recent days, Sasser has spread to at least tens of thousands of PCs in the world. Like the Blaster, the Sasser worm will remain hidden in the Internet for long periods of time because many Internet users are still infected with the Blaster without knowing it for months.
Today, Microsoft is actively working with investigators, including the FBI and the US Electronic Crimes Force, to track down the perpetrators of the Sasser worm. In addition, software companies have adopted a policy that they have successfully implemented in the past to award prizes to encourage people to provide information leading to virus writers. At present, Microsoft is offering a $ 5 million prize pool for this purpose. In January of this year, they announced a $ 250,000 reward for those who provided information to help designers out and disperse the Mydoom B worm.
Bkav516 virus update W32.Sasser.Worm & nbsp;
Although we are still on vacation, in the past two days, from May 2, 2004 and May 3, 2000, we have been receiving calls from many parts of the country asking about the emergence of new viruses. While the virus generation Blaster and Welchia In the last few days, the appearance of a new virus called W32.Sasser.Worm has caused many "victims" to startle. The phenomenon is not different from previous Blaster virus cases, which are: When the computer is connected to the network, after a few minutes automatically shutdown, if the network disconnection does not occur this phenomenon . As we are still in the offshoot, many agencies have not yet started work, but tomorrow morning, as work continues to come back, we anticipate that more computers will be infected with this new virus. Currently we have a sample of the virus and have updated the kill program to the Bkav516 version, we have completed testing the new version and update to the website of Bkav. The following is the description of the virus identification and processing instructions:
If your computer has these symptoms as mentioned above, follow the steps below. Even if your computer does not have these symptoms, if you are using Windows2000 or WindowsXP, you should read this guide to fix Windows2000 and WindowsXP, as well as to prevent them from getting infected. W32.Sasser.Worm in the future.
1. First download the following software:
. Bkav516 version: Download Bkav2002 (Version 516) & nbsp;
. If your computer uses Windows2000: Click here to download the fix for Windows2000
. If your computer uses WindowsXP: Click here to download the fix for WindowsXP
. If your computer is running Windows Server ™ 2003: Click here to download the fix for Windows Server ™ 2003
. If your computer uses WindowsNT, 64-bit WindowsXP or Windows Server 2003 64-bit: Click here to download the corresponding patch.
2. You continue to follow these steps:
. Shut down the infected machine from the network, copy Bkav516 and download the patch software to that machine (using a floppy disk or USB Disk). You must use a user with administration rights.
. If you are using Windows XP, turn off the System Restore feature of this operating system by right-clicking on the "My Computer" icon on DeskTop - & gt; choose Properties - & gt; Select the "System Restore" tab - & gt; Check the "Turn off System Restore" option.
. Run Bkav516, scan all your hard drives.
. Restart the machine, run Bkav516 a second time, scan the entire hard drive.
. Run the above mentioned error correction software. This is a very important step to prevent the virus from attacking again , when running this fix Requires Windows to have Service Pack 2 or higher for Windows2000, with Windows XP Service Pack 1 you may not need to install Service Pack 2, However, you should install it to patch other vulnerabilitiesTo install Service Pack 2 or later , you can download at Microsoft website , however, due to its relatively large capacity (129MB for Service Pack 4), so you should issue a CD to purchase the service pack 4 install disc. Note that installing the Service Pack only This is a prerequisite for installing a fix for this virus, not just a service pack that can prevent the virus from returning. You still have to install the fix for this virus after installing the service pack.
Note After all the machines have been processed, the network will resume operation
We are continuing to work on the features of this new worm and will add more detailed information.
Download Bkav2002 (Version 516) & nbsp;
