[virusinfo] Oxygen3 24h-365d [New Virus Epidemic caused by Sasser A and B pos es threat this week - 05/02/04]
- From: "Mike" <mikebike@xxxxxxxxx>
- To: virusinfo@xxxxxxxxxxxxx
- Date: Mon, 03 May 2004 20:10:46 -0700
From; Panda Oxygen3 24h-365d wrote:
- New Virus Epidemic caused by Sasser A and B poses threat this week -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)
Madrid, May 2 2004 - Four years to the date after the worldwide virus
LoveLetter epidemic struck, we are before another great virus whose effects
could reach historic dimensions. After the appearance of the Sasser.A, the
Sasser.B has taken the top spot as the worm virus most detected and
disinfected by Panda ActiveScan. Technical support teams from Panda are
assisting users worldwide who have been affected by both of these worm
viruses. "The most affected groups are the large computer pools which,
despite upgrading their antivirus programs daily, will continue to be
attacked until the system is installed with the latest patch by Microsoft.
In these cases, the task is arduous and those in charge must correct it unit
by unit if they want the problem to be fully solved," says Luis Corrons of
PandaLabs.
"Compared to other active viruses which have appeared on weekends, when
activity is low - doubly so now that May 1st is a holiday in many countries
--, this one has positioned itself as one of the quickest-spreading and
virulent ones. All these signs make for a dark forecast for the beginning of
the week when it is expected that the number of incidents will soar at the
beginning of the work day," adds Luis Corrons.
In addition, we expect there to appear new variants in the coming days, just
as we have seen occur over the last few months. "It seems that another
attack combined with simultaneous different variants is on the way," adds
Corrons. "What's more, large companies which have remote users that go on
line via virtual networks or which work with laptops without corporate
firewall protection may go online on Monday and find themselves affected by
the virus even though they have the patch installed and the antivirus
upgraded, due to the fact that both variants use the TCP 445 port to spread
and this port is the one used to share folders and printers on the
Internet."
This circumstance, coupled with the vulnerability which Sasser.A and B take
advantage of, means practically all Microsoft systems will be affected,
making millions of computers exposed to infection by this worm virus. "Users
may be infected without even knowing it, the only symptom being that the
computer will restart every time the user tries to go on line. Advanced
users will detect the intrusion that Sasser creates in the register, the
file avserve.exe that it creates in the Windows folder or in some cases it
could appear in a Windows menu warning of problems with LSA Shell or errors
in Isass.exe." adds Luis Corrons.
Its behavior is similar to Blaster, which appeared on August 10, 2003. Since
the date of the alert, 26 days passed before someone took advantage of it.
But in Sassers case, only three days have gone by since Microsoft publicly
announced the solution. As for Blaster, in the early moments of the attack,
that is Monday August 11, it affected 2.5% of the computers analyzed by
ActiveScan worldwide. This variant of Sasser is nearing 3% in just 24 hours.
"The only solution possible is to install the Microsoft patch as soon as
possible, upgrade your antivirus protection, and keep continually informed
about any future developments that may come about," says Corrons. "We want
to add that Panda customers are protected once they upgrade their antivirus
and, in addition, we have published two free tools that can be used to
combat the effects of these worms."
If you have been affected, Panda recommends the following steps in order to
disinfect and protect your system completely:
- Disconnect all the cables/wires connected and used for internet use. This
way the user will avoid the computer becoming affected again during the
disinfecting process.
- Take the following steps of disinfection for each one of the computers,
including the servers, and do not go online until you are sure the system is
completely free of the virus.
- In order to prevent the continuous restarting caused by the virus, apply
the solution provided by Microsoft
NOTE: If you do not use the solution provided by Microsoft, the computer
will not be protected from the virus and the restarting problem will
continue each time you connect onto the Internet. If you are going to format
and reinstall the system, you must include this patch for it to be protected
from the virus.
- Download the disinfecting system PQREMOVE (for example on the windows
desk) from the website www.pandasoftware.com
NOTE: If you have difficulties downloading PQREMOVE from the infected
machine, try doing so from a virus-free computer. Once downloaded, install
it in the affected machine and copy it on a disk.
- Execute it. Even if PQREMOVE indicates that it hasn't found any active
viruses in the system, press "continue" to carry out a complete analysis.
- Restart the computer
- Activate the antivirus
- Carry out a complete analysis of the entire system with an antivirus
program.
More information about this threat and others, in the Panda Software Virus
Encyclopedia, available at www.pandasoftware.com/virus_info/encyclopedia
Help available in the On Line Support Center: www.pandasoftware.com/support
Microsoft patch available at
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
Panda Software customers can update the antivirus right from the solutions
installed on their computers
Free detection and disinfection available with Panda ActiveScan, at
www.pandasoftware.com
*********** MIKE"S REPLY SEPARATOR ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance and OWTA Charter Member
Other related posts:
- » [virusinfo] Oxygen3 24h-365d [New Virus Epidemic caused by Sasser A and B pos es threat this week - 05/02/04]
