[virusinfo] Trend Micro High Risk Virus Alert - WORM_SASSER.B

• From: "Mike" <mikebike@xxxxxxxxx>
• To: virusinfo@xxxxxxxxxxxxx
• Date: Mon, 03 May 2004 20:50:40 -0700

From; Trend Micro Newsletters:

As of May 2, 2004  10:07 PM (PST), TrendLabs has declared a High Risk Virus
alert to control the spread of WORM_SASSER.B. Several infection reports
have been received indicating that this worm is spreading in the Latin
American region.

This variant of WORM_SASSER.A similarly exploits the Windows =93Local
Security Authority Subsystem Service=94 (LSASS) vulnerability, which is a
buffer overrun that allows remote code execution and enables an attacker to
gain full control of the affected system.  

=95
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=3DMS04-011_MI
CROSOFT_WINDOWS
=95 http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

To propagate, this worm scans random IP addresses for vulnerable systems.
When a vulnerable system is found, the malware sends a specially crafted
packet to produce a buffer overrun on LSASS.EXE, which causes the program
to crash and eventually require Windows to reboot. 


TrendLabs has released the following EPS deliverables:

   TMCM Outbreak Prevention Policy 112 (released)
   Official Pattern Release 883  (released)
   Damage Cleanup Template 334 (released)
   Vulnerability Assessment Rule 010 (released)
   Network VirusWall (NVW) Pattern  10125 (released)

For more information on WORM_SASSER.B, you can visit our Web site at:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=3DWORM_SASSER
.B.

You can modify subscription settings for Trend Micro newsletters at:

http://www.trendmicro.com/subscriptions/default.asp
______________________________________________________________________
*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=3Dsubscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=3Dsubscribe>
A Technical Support Alliance  and OWTA Charter Member 

Other related posts:

• » [virusinfo] Trend Micro High Risk Virus Alert - WORM_SASSER.B

1. Home
2. virusinfo
3. Archive
4. 05-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---