[virusinfo] Virus Alerts [RED ALERT: Sasser threatens to bring thousands of c ompanies to a standstill - 05/04/04]

• From: "Mike" <mikebike@xxxxxxxxx>
• To: virusinfo@xxxxxxxxxxxxx
• Date: Tue, 04 May 2004 21:41:28 -0700

From; Panda Virus Alerts:

- Sasser threatens to bring thousands 
                  of companies to a standstill  -
   Virus Alerts, by Panda Software (http://www.pandasoftware.com)

Madrid, May 04 2004 - The Sasser worms continue to attack users around the
world, especially corporate environments. Even though many users are
installing the patch released by Microsoft to correct the vulnerability that
these malicious code exploit, the number of infections still looks set to
increase given the speed with which the worms move across networks. The four
variants of the worm are all among the top ten most frequently detected
viruses according to the data collected by the Panda ActiveScan free online
scanner. 

More data is continually coming in on the companies that have been hit by
this worm. The Finnish company Sampo took the precaution of closing its 130
offices for a few hours and a third of the computers in the Taiwan postal
services were out of action because of this new worm. The UK Coastguard has
also reported that its network was attacked by the Sasser worm.

Of the four variants, Sasser.B is the one currently causing damage to users'
computers. This could largely be due to the 128 processes that this variant
launches in memory to continue its propagation.

Microsoft has confirmed that users have 9.5 million copies of the patch to
resolve the LSASS vulnerability exploited by Sasser to infect computers.

Luis Corrons, head of PandaLabs comments, "As users install the patch
released by Microsoft, the epidemic should being to abate.  We are, however,
on the alert for new variants that may appear or other malicious code that
tries to exploit the LSASS vulnerability. In order to protect against
attack, users should install the patch and make sure they have a good
updated antivirus".

To mitigate the effects of the Sasser epidemic, Panda Software has made its
PQRemove tools available to users. These applications not only disinfect
computers but also restore system configurations altered by the worm.

One of the PQREMOVE tools is specifically designed for networks, and removes
Sasser and all its variants from any network that could have been affected.
You can download at: http://www.pandasoftware.com/support/

The other PQREMOVE applications can disinfect any computer attacked by any
of the variants of the Saaser worms. You can download at:
http://www.pandasoftware.com/download/utilities/

User can detect and disinfect the new worm with an up-to-date antivirus, but
it is important to install the Microsoft patch to ensure that Sasser doesn't
re-infect computers. The vulnerability exploited by this worm was reported
by Microsoft recently in bulletin MS04-011
(http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx), along
with the patch. Panda Software has made the updates necessary to its
products available to clients.

Panda Software's online support center
(http://www.pandasoftware.com/support/) also offers help to users. 

Panda Software clients can update their antivirus through the applications
installed on their computers.

In addition, the users can scan their computers on line for free with the
ActiveScan solution, available in the company web page
http://www.pandasoftware.com. 

More information about these and other IT threats is available from
http://www.pandasoftware.com/virus_info/encyclopedia/ 

NOTE: The addresses above may not show up on your screen as single lines.
This would prevent you from using the links to access the web pages. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.

*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance  and OWTA Charter Member 

Other related posts:

• » [virusinfo] Virus Alerts [RED ALERT: Sasser threatens to bring thousands of c ompanies to a standstill - 05/04/04]

1. Home
2. virusinfo
3. Archive
4. 05-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---