From; Panda Virus Alerts: - Other hackers pick up where the Sasser author left off: variant F appears - Virus Alerts, by Panda Software (http://www.pandasoftware.com) Madrid, May 11 2004 - PandaLabs has detected the appearance of the new Sasser.F worm. This variant is very similar to the original worm, as it only includes a few small differences, such as the format in which it is packed. The date that Sasser.F was created appears as April 30, the same day the first Sasser worm emerged. "It seems that an inexperienced hacker has created Sasser.F by slightly modifying the code of the original worm. Another possibility is that the author of Sasser did not work alone, and that another person is releasing these previously created variants. However, studying the evolution of Sasser, the fact that variant F does not include any new features confirms that it is the work of a different person," says Luis Corrons, head of PandaLabs. It is highly probable that new variants of Sasser and Cycle, or new viruses that exploit the LSASS vulnerability will appear. "In order to avoid falling victim to these viruses, the first thing users must do is install the patches released by Microsoft to fix the LSASS vulnerability. Given that a large number of viruses that exploit this flaw are in circulation -and that more could appear - computers are extremely vulnerable to infection," explains Corrons. In order to avoid falling victim to Sasser.F or any of its variants, Panda Software advises users to take precautions, keep their antivirus software updated and to apply the Microsoft patch, -which can be downloaded from http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx- as computer will continue to be infected by this virus until the vulnerability has been fixed. Panda Software has made the updates necessary to detect and disinfect this new worm available to clients. More information about these and other IT threats is available from: http://www.pandasoftware.com/virus_info/encyclopedia/ Panda Software's online support center also offers help to users at: http://www.pandasoftware.com/support/ Panda Software clients can update their antivirus through the applications installed on their computers. Users can also scan and disinfect their computers using Panda ActiveScan, the free, online scanner available from: http://www.pandasoftware.com. NOTE: The addresses above may not show up on your screen as single lines. This would prevent you from using the links to access the web pages. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL. *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member