Sasser Attacks to Windows Server and Other Versions

Posted by 0 Comments

A new virus is spreading all over the world and may have infected millions of computers, according to Mikhail Hyppoenen, head of F-Secure's Internet safety in Finland.

Virus Sasser can infect any computer connected to the Internet service provider, and unlike most computer viruses, it does not spread via email, according to Hyppoenen. "This is one of the new viruses that can spread automatically. Just the computer you pop up is that it can penetrate. Sasser is capable of shutting down the computer and rebooting itself, repeating the same thing several times. Hyppoenen says that computers protected by the firewall may not be infected by the virus. Hyppoenen says it's annoying but Sasser is harmless and other experts say it can be removed easily. "

Sasser first appeared at 0001 GMT on Saturday, and infected computers that did not install the latest Microsoft software updated within the past 18 days. The Theo TTO

Sasser - The Return of the Blaster?

The new Internet, exploiting the LSASS vulnerability in Windows, has caused some network disruptions over the weekend. Security experts say it can also spread faster as agencies return to work early next week.

The virus, called Sasser, began airing on May 1, easily penetrating any unprotected computer connected to the Internet. It attacks through defects in a named Windows department Service of internal security monitoring system The LSASS (Local Security Authority Subsystem Service) is part of the latest version of Windows, such as 2000, Server 2003 and XP. After scanning the entire system of unpatched PCs, Sasser creates a remote connection to the machine, installs a file transfer protocol server (FTP) and then downloads itself to the target machine. Sasser can shutdown your computer, then start it up and repeat the process several times, although it does not seem to cause any malicious damage to the system.

According to Mikko Hyppoenen, chief technology officer of F-Secure in Finland, the situation seems quite serious as the security firm predicts that several million of the world's computers may be infected with Sasser. "We are not sure how big the numbers are, but one thing is for sure: the situation will get worse on the first day of the week when people bring their laptops to work places after a few days of rest," Hyppoenen warning. Because laptops are not protected by corporate firewalls if employees bring them out and use them on other servers, they may be at risk of becoming infected and spread throughout the network. when brought back to the office.

Bernard Ourghanlian, Microsoft's chief technology officer in France, where many of Sasser's network troubles last Saturday, said that despite the arrival of the new worm on May 1 confirmed, but it appears that the number of millions of Sasser-infected machines that F-Secure has raised is a blow. He said that according to statistics at some of the virus checkpoints of the company, only France and some new Southeast Asian countries were attacked much. Ourghanlian added that last month Microsoft had released updates to address the vulnerabilities that viruses like Sasser could exploit, and since mid-April there have been millions of copies of the software being downloaded.

In Russia, security software vendor Kaspersky also warned of a major virus outbreak when the offices returned to work today. "The size of the Sasser spread is not serious at the moment, because most people just ended their weekend and many of their computers are off of course," said Denis Zenkin, the company's expert. identify. & nbsp;

According to security software companies, despite the third major virus spread this year, after Mydoom.A in January and Bagle.B in February, Sasser has not yet been considered a global pandemic. like the Blaster in August 2003. Symantec has so far reported only about 100 notifications, of which 20 are from businesses. Network Associates said it had received only a dozen virus notifications, some of which said there were several hundred new viruses - a tiny number compared to the 10 million PCs hit by the Blaster last year. . Network Associates does not even list Sasser in the top 10 most contagious viruses.

Alfred Huger, chief technology officer at Symantec, said the virus was not identified because Sasser did not cause any damage to the hard drive nor installed any backports on the system. Other Internet worms often do this to make way for other viruses later. The only thing Sasser does, as mentioned above, is to slow down the system and make the computer reboot. "This virus is very poorly written because its effects may not be so great." Alfred Huger. The According to VNE

To protect your computer from Virus Sasser you can follow these steps: (in English)

Step 1: Enable a Firewall

Before you take other steps, make sure you have a firewall activated to help protect your computer against infection. Nếu bạn có một thiết bị Firewall trong nơi cho kết nối của nhà hoặc kết nối của bạn, hoặc nếu bạn sử dụng một firewall với Microsoft® Windows® XP, the Sasser worm is most likely blocked. If your computer has been infected, activating firewall software will help limit the effects of the worm on your computer. For a comprehensive guide to installing and enabling a firewall, see the Microsoft Protect Your PC site

Step 2: Install the Required Update

To help protect your computer against the Sasser worm and its variants, you must first download and install security update 835732, which was released with Microsoft Security Bulletin MS04-011. Bạn có thể cập nhật cập nhật 835732 on the Windows Update Web site Listed in Critical Updates and Service Packs section. You can also download and install this update manually from the Microsoft.com Download Center. Find the download for your operating system, refer to Technical Security Bulletin MS04-011

Note & nbsp; If you have the updates for MS04-011 manually or through Automatic Updates before Friday, April 30, then you are already protected against this issue.

Bạn có thể sử dụng công cụ này để tìm đĩa của bạn để xóa và để gỡ bỏ Sasser.A và Sasser.B. It's so so, click Check My PC for Infection

Important & nbsp; To use this tool, you must be running Windows XP or Windows 2000, and you must already have the Update released with Microsoft Security Bulletin MS04-011

Note & nbsp; & nbsp; If you have difficulty running the tool from this page, it may be due to your browser's security settings. Nếu bạn có lỗi nào Try downloading the tool directly from the Microsoft.com Download Center and thì đang chạy nó.

& nbsp;