From; Panda Virus Alerts: - Sasser threatens to bring thousands of companies to a standstill - Virus Alerts, by Panda Software (http://www.pandasoftware.com) Madrid, May 04 2004 - The Sasser worms continue to attack users around the world, especially corporate environments. Even though many users are installing the patch released by Microsoft to correct the vulnerability that these malicious code exploit, the number of infections still looks set to increase given the speed with which the worms move across networks. The four variants of the worm are all among the top ten most frequently detected viruses according to the data collected by the Panda ActiveScan free online scanner. More data is continually coming in on the companies that have been hit by this worm. The Finnish company Sampo took the precaution of closing its 130 offices for a few hours and a third of the computers in the Taiwan postal services were out of action because of this new worm. The UK Coastguard has also reported that its network was attacked by the Sasser worm. Of the four variants, Sasser.B is the one currently causing damage to users' computers. This could largely be due to the 128 processes that this variant launches in memory to continue its propagation. Microsoft has confirmed that users have 9.5 million copies of the patch to resolve the LSASS vulnerability exploited by Sasser to infect computers. Luis Corrons, head of PandaLabs comments, "As users install the patch released by Microsoft, the epidemic should being to abate. We are, however, on the alert for new variants that may appear or other malicious code that tries to exploit the LSASS vulnerability. In order to protect against attack, users should install the patch and make sure they have a good updated antivirus". To mitigate the effects of the Sasser epidemic, Panda Software has made its PQRemove tools available to users. These applications not only disinfect computers but also restore system configurations altered by the worm. One of the PQREMOVE tools is specifically designed for networks, and removes Sasser and all its variants from any network that could have been affected. You can download at: http://www.pandasoftware.com/support/ The other PQREMOVE applications can disinfect any computer attacked by any of the variants of the Saaser worms. You can download at: http://www.pandasoftware.com/download/utilities/ User can detect and disinfect the new worm with an up-to-date antivirus, but it is important to install the Microsoft patch to ensure that Sasser doesn't re-infect computers. The vulnerability exploited by this worm was reported by Microsoft recently in bulletin MS04-011 (http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx), along with the patch. Panda Software has made the updates necessary to its products available to clients. Panda Software's online support center (http://www.pandasoftware.com/support/) also offers help to users. Panda Software clients can update their antivirus through the applications installed on their computers. In addition, the users can scan their computers on line for free with the ActiveScan solution, available in the company web page http://www.pandasoftware.com. More information about these and other IT threats is available from http://www.pandasoftware.com/virus_info/encyclopedia/ NOTE: The addresses above may not show up on your screen as single lines. This would prevent you from using the links to access the web pages. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL. *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member