Tuesday, May 04, 2004

Watch out for the Sasser Worm

Tech security experts always tell you to never open email attachments without a confirmation from the email sender. That's because executables sent in the mail as attachments are usually used by viruses and worm to spread to other users. The latest worm to be released, Sasser, is an exception. It doesn't spread through email.

Sasser spreads by attacking a flaw in Microsoft Windows XP and 2000's Local Security Authority Subsystem Service (LSASS). Windows systems that have applied Microsoft Windows Update patch 835732 are protected against the Sasser worm. Sasser essentially looks for a port vulnerability on a randomly generated IP address. When it finds an opening, it overflows a buffer in LSASS.EXE. Sasser then uses FTP and connects back to the originating computer to download a copy of the worm.

According to early reports, the original Sasser worm was slow moving. Howver, new variants of Sasser have been released, and the infection rate is accelerating. The key to stopping Sasser infections to to update Windows and to use a firewall to block Sasser traffic.

For the full article, go here For those of you who don't have a firewall, looks like you had better head to ZoneAlarm and get the freebie one there. And you had better go to Windows Update and install any Critical Updates, in case you haven't done that in awhile. You can get to Windows Update by clicking on Tools and Windows Update in Internet Explorer. This is considered a Level 4 - Severe threat by Symantec (makers of Norton Anti-Virus). Also make sure your virus definitions are up to date. If you have no idea what any of this means, you'd better go find a computer friend, before your system is compromised.

No comments: