[virusinfo] Virus Alerts [Panda Software reports the appearance of Sasser.A - 05/01/2004]

• From: "Mike" <mikebike@xxxxxxxxx>
• To: virusinfo@xxxxxxxxxxxxx
• Date: Sat, 01 May 2004 19:08:32 -0700

From; Panda Virus Alerts:

- Panda Software reports the appearance of Sasser.A - 
    Virus Alerts, by Panda Software (http://www.pandasoftware.com)

PandaLabs has detected the appearance of W32/Sasser.A. This worm exploits
the LSASS vulnerability to access the remote systems.  This is one of the
vulnerabilities published by Microsoft which affects LSASS (published in the
bulletin MCS4-011 an available in the following address:
(http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx). Panda
Software has received numerous incidents due this new worm. Its propagation
is on the increase, and right now is one of the most detected by Panda
ActiveScan.

It behaviour is similar to Blaster. The worm scans random IP addresses until
it finds systems with this vulnerability. Once found, it copies itself in
Windows directory with the name AVSERVE.EXE and creates the folowing
registry entry, to ensure it is launched when the system is booted: 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

avserve.exe = %windir%\avserve.exe

In addition, the vulnerability uses a buffer overflow to make the LSASS.EXE
application crash. Because of this, the system can fail.

To prevent incidents with Sasser.A, Panda Software advises users to update
their antivirus software. The company has already made the updates to its
products available to users to ensure their solutions can detect and
eliminate this worm. Similarly, users can also detect and disinfect this and
other malicious code using the free, online antivirus, Panda ActiveScan,
which is also available on the company's website at
http://www.pandasoftware.com. 

More information on Sasser.A is available in Panda Software's Virus
Encyclopedia, available on the company's website at:
http://www.pandasoftware.com/virus_info/encyclopedia.

Additional information:
- Vulnerability: Flaws or security holes in a program or IT system, and
often used by viruses as a means of infection.

- Worm: This is similar to a virus, but it differs in that all it does is
make copies of itself (or part of itself). 

More technical terms available on:
http://www.pandasoftware.com/virus_info/glossary 

NOTE: The addresses above may not show up on your screen as single lines.
This would prevent you from using the links to access the web pages. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.

*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance  and OWTA Charter Member 

Other related posts:

• » [virusinfo] Virus Alerts [Panda Software reports the appearance of Sasser.A - 05/01/2004]

1. Home
2. virusinfo
3. Archive
4. 05-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---