Browse By Category

Free Power Tools Brochure
Get Mark Minasi's
17-page guide today!



      

advertisement

Get Newsletters

  • Get the Latest News
  • Product Updates
  • Helpful Tricks
  • Productivity Tips

Subscribe Now!

May 02, 2004 08:02 PM

New Worm Threatens to be the Next Slammer

Rating: (0)
Paul Thurrott
Windows IT Pro
InstantDoc ID #42523

A new Internet worm that exploits a software vulnerability revealed in Microsoft's April 2004 monthly security patch is threatening to become the next high-volume attack on Windows-based systems. Security experts warn that the Sasser worm could affect millions of Windows computers by the time it peaks sometime today because these types of attacks typically pick up steam when the workweek begins.
  
The Sasser worm spreads across the Internet, seeking unpatched systems running Windows Server 2003, Windows XP, and Windows 2000. Infected systems reboot several times and attempt to replicate the worm to other nearby networked systems. The worm doesn't delete any user data or perform any other dangerous actions, however.
  
Currently, systems in South Korea have been the hardest hit because of that country's density of high-speed connections but security experts expect North America and Europe to catch up by the time the workweek gets underway. Microsoft says that Sasser can't attack systems running a firewall. The company advises users who have infected systems to update to the most recent security patches to counteract the worm and stay protected going forward.

ARTICLE TOOLS

Want to use this article? Click here for options!

Add a Comment

We got a big suprise when we installed the relevant Microsoft patch 835732 to our Windows 2000 Servers,
it broke all of our Citrix Metaframe servers.

The patch messes up the Terminal services registry entries.

Instructions on how to recover from the registry problem are in the KB article 323597:
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/
Q323/5/97.asp&NoWebContent=1

Evan Splett 5/5/2004 8:43:33 AM

Way to go Microsoft! The second catastrophic virus in a little under 8 months!

Some companies would have made sure their product didn't ship with the horrible security holes, but Microsoft had to make that money.

Thank you Microsoft. I spent most of today and yesterday dealing with infected computers in departments that aren't my responsibility. Thank you for the extra work I won't get paid for.

I am so glad I have an iMac at home.

Scopi 5/4/2004 1:55:22 PM

I have a W2K server(advanced) which was infected by sasser,
why would this happen?

Oluoch Barrack 5/4/2004 6:15:50 AM

All reason points to eEye as the sasser creator...
http://www.eeye.com/html/Research/Tools/Sasser.html

F K 5/3/2004 9:21:20 AM

YAY! Great news! I'm pretty sure this will be the beginning of this year's summer-long line of embarassments to Microsoft. I can't wait to start seeing people's computers automatically reboot, and who knows what with all the other holes in Windows. I think I'll go get myself a soda and a bag of chips, and enjoy the show from my Linux box.

Mike5/3/2004 9:09:49 AM

"The Sasser worm spreads across the Internet, seeking out unpatched systems running Windows 2000, Windows XP, and Windows Server 2003"

Correction: Windows Server 2003 is not infected, because the RPC interface that is accessible to anyone on Windows XP and Win2000, was changed in Win2003 and now requires a local admin to access.

Software Affected by This Worm:

Microsoft Windows XP and Windows XP Service Pack 1
Windows 2000 Service Pack 2, Windows 2000 Service Pack 3, and Windows 2000 Service Pack 4

Software Not Affected by This Worm

Windows XP 64-Bit Edition Version 2003
Windows Server™ 2003
Windows XP 64-Bit Edition Service Pack 1
Windows Millennium Edition
Windows 98 Second Edition
Windows 98
Windows NT® 4.0 Service Pack 6a

More Info:
http://www.microsoft.com/security/incident/sasser.asp

alex5/3/2004 5:01:35 AM

My PC was infected by Sasser.B yesterday. I've already removed it from my computer and, even though the article says that the worm doesn't perform any other dangerous actions, I noticed that, since the infecction occurred and even after the healing, I'm couldn't access the windows update.com web site anymore. Now, everytime I try to do tihs action, an error message is displayed. So, what I see is that I'm still unable to do my wiindows updates.

Ana Raffaela 5/3/2004 1:12:17 AM

Just another try-hard programmer that has nothing else better to do then to cause trouble for people. Fair enough he/she might want to show Microsoft that its software isnt as good as they make it out to be, but why cause problems for people who only use Microsoft's operating systems because they have no other choice?? Programmers have the skills to create virus's to target specific companys etc so why not do that, instead of being a pain in the behind

Matt5/2/2004 9:35:06 PM

I need an utility type software much like Norton but compatible with Mcafee

Eric Marks 5/2/2004 9:25:20 PM

You must log on before posting a comment.

Are you a new visitor? Register Here

Related Resources

Secure Remote Access
A White Paper by HOB, Inc
8 Things to Consider Before Sinking Money into Endpoint Security
A Tip Guide by Symantec
Three Ways to Reduce Power Consumption Costs
A White Paper by Lumension
Three Ways to Prevent USB Insecurity in Your Enterprise
A White Paper by Lumension
More

Setup rights to helpdesk group to unlock shared files

Does anyone know how to setup a group or permissions for a group (helpdesk) to be able to unlock a shared network file such as a spreadsheet or Access...222-96217

advertisement

GOOGLE LINKS
SPONSORED LINKS
FEATURED LINKS

Podcasts

To successfully implement virtual desktops, IT administrators must carefully match user requirements to specific desktop technologies. Listen to this podcast to learn what you need to keep in mind when formulating your approach to desktop virtualization.

Downloads

PacketTrap IT is a comprehensive and affordable network management and application monitoring solution that solves problems associated with bandwidth, network and application performance, and connectivity. Gain insight into your network - try PacketTrapIT free for 21 days!

Web Seminars

Aside from its employees, data is an organization’s most important resource. Join Windows technical specialist and 11-time MVP John Savill to learn the best practices for managing data using features in Windows Server.
View this web seminar on demand!

eLearning Series

We bring the experts direct to you to share their real-world perspective and expertise. During each event, three sessions stream in real time, so you can learn, ask questions, and get solutions.
Upcoming event: Getting the Most with Exchange 2010 with Paul Robichaux

Subscribe to Windows IT Pro!

DevProConnections ITTV Left-Brain SharePointPro Connections SQL Server Magazine SuperSite for Windows Windows IT Pro

© Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.