[virusinfo] MEDIA RELEASE: New automatic Internet worm spreading at increasing pace

• From: "Mike" <mikebike@xxxxxxxxx>
• To: virusinfo@xxxxxxxxxxxxx
• Date: Sun, 02 May 2004 18:34:57 -0700

This press release comes from F-Secure. 

PRESS RELEASE

For release May 2, 2004

New automatic Internet worm spreading at increasing pace
F-Secure issuing a global alert on the Sasser worm

F-Secure Corporation has been following the spread of the Sasser worm over
the weekend of May 1st. This new worm spreads to Windows PCs automatically,
even if nobody is using the PC at the time. After a machine gets infected,
the worm will start to spread to other computers. As a side effect, users
might see error messages and experience the computer rebooting repeatedly.

The number of affected PCs is already estimated to be in hundreds of
thousands and it will continue to rise as the working week starts. "This
case
resembles the Blaster incident from August 2003 a lot", says Mikko Hypponen,
director of antivirus research at F-Secure. "Both were automatic worms using
a relatively new hole in Windows and causing frequent reboots." Together
with
Slammer and Sobig.F, Blaster was one of the largest virus incidents of 2003
and even caused problems to infrastructure systems such as ATM networks and
train and air travel systems. "I hope administrators have improved security
since then. Otherwise we might see similar problems again", says Hypponen.

Two slightly different versions of the Sasser worm were discovered on May
1st. These worms spread through the LSASS vulnerability, which was
discovered
in mid-April. The Microsoft patch to close the hole had been available for
download for 18 days before Sasser was found. The worm is targetting Windows
2000 and XP machines - the two most common operating systems. However, the
network traffic generated by the worm might slow down other systems as well,
including non-Windows systems.

Corporate networks should be protected against Sasser and its variants by
the
corporate firewalls, separating internal networks from public networks.
"We're mostly worried about Monday morning, when hordes of laptop users
return to their workplaces with their machines, possibly carrying the virus
behind the firewall", comments Hypponen.

For home users, the advice is simple: if you're running Windows 2000 or XP
and have not updated your Windows during the last two weeks, do NOT go
online
without a firewall. 

If your computer is already infected, you need to patch the LSASS hole
first,
then remove the worm - otherwise the worm could reinfect you right away.
F-Secure's and Microsoft's websites have detailed instructions on how to do
this.

F-Secure's Viruslab is monitoring the situation in their weblog:
http://www.f-secure.com/weblog/
Technical description of the virus:
http://www.f-secure.com/v-descs/sasser.shtml
F-Secure has released a free tool to remove the Sasser.A and Sasser.B worms.
The tool is available for
download from the above link.

Microsoft has more information on the incident at:
http://www.microsoft.com/security/incident/sasser.aspMailing list policy

About F-Secure

F-Secure Corporation protects individuals and businesses against computer
viruses and other threats coming through the Internet or mobile networks.
Our
award-winning solutions include antivirus, desktop firewall with intrusion
prevention and network encryption. Our key strength is the speed of response
to new threats and for businesses our solutions feature centralized
management. Founded in 1988, F-Secure has been listed on the Helsinki
Exchanges since 1999. We have our headquarters in Helsinki, Finland, and
offices in USA, France, Germany, Sweden, the United Kingdom and Japan.
F-Secure is supported by a global ecosystem of value added resellers and
distributors in over 50 countries. F-Secure protection is also available
through major Internet Service Providers, such as Deutsche Telekom and
leading mobile equipment manufacturers, such as Nokia.

For more information, please contact:

F-Secure Corporation
Mikko Hypponen, Director, Anti-Virus Research
Tel. +358 9 2520 5513
Email: mikko.hypponen@xxxxxxxxxxxx
 F-Secure Corporation   http://www.F-Secure.com
 BE SURE.

*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance  and OWTA Charter Member 

Other related posts:

• » [virusinfo] MEDIA RELEASE: New automatic Internet worm spreading at increasing pace

1. Home
2. virusinfo
3. Archive
4. 05-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---