sasser

The Sasser worm - what you need to know

http://www.microsoft.com/security/incident/sasser.asp What Microsoft says about Sasser...

The Sasser worms exploits a vulnerability in Microsoft operating systems Windows XP and Windows 2000, known as the LSASS vulnerability.

Micrrosoft acknowledges this vulnerability in the critical security bulletin
http://www.microsoft.com/technet/sec.../MS04-011.mspx MS04-011 .

Microsoft has a patch for the vulnerability, called security update 835732.



What else you need you know...

The real danger is not Sasser itself, but http://news.com.com/2100-7349_3-5204667.html?tag=nl variants of Sasser , which exploit the same LSASS vulnerability.

This worm does not propagate by email or by malicious scripts on Web sites.
You can get this worm without doing anything at all.
As long as your computer is running and connected to the Internet, it can get infected.

LSASS is on TCP port 445. Sasser can also propagate through port 139. If you have a firewall, and set it to block ports 139 and 445, you may be safe. But just to be sure, you should probably install the patch as well.

Even aside from this, it's a good idea to block port 445 anyway. This port can be used for a http://www.vnunet.com/News/1131065 denial of service attack .

Ports 139 and 445 are used by Microsoft's http://ntsecurity.nu/papers/port445/ file sharing . If you have a home or small office network, and want to use Microsoft's file sharing, then you need to allow traffic on these ports on your local network. But be sure to block it at the firewall to the Internet. Always block traffic on these ports from the Internet.

How can http://www.securityspace.com/smysecu....html?id=12219 know if you're infected? If your system has Sasser, it will have TCP port 5554 open, and also either port 9995 or 9996.

How can you get rid of it if you're infected? First, go to the Task Manager and kill any task named "ASERVE.EXE" "ASERVE2.EXE" or anything similar. Then go to the Windows directory and delete any file with a similar name.

Even if you're not infected by a worm, you can be affected by it. Worm traffic causes traffic jams on the Internet, which can slow down everyone's downloads. Also, worms are used to launch Distributed Denial of Service (DDoS) attacks on servers, which make those servers unavailable to everyone. The only way we can be completely free from the harmful effects of worms is if practically every single computer user out there takes precautions, and that's not likely to happen.

Security experts are becoming sceptical about whether just keeping your patches up to date is a real solution to the problem of worms and viruses. First of all, patching is http://news.zdnet.co.uk/internet/sec...9147340,00.htm so difficult that there will always be people who don't bother.
Also, sometimes patches http://www.theinquirer.net/?article=7610 actually make things worse .
Finally, at least one Microsoft expert says that releasing patches just http://www.nwfusion.com/columnists/2004/0308kearns.html lets bad guys know there's a vulnerability so they can exploit it.




http://techsupp.blcss.com/#sasser Home link

Southern New Hampshire residents: don't throw away that old broken computer.
Call us first: 603-244-1652. If we can't fix it cheap, we'll take it off your hands.

..

Bottom Line Computer

In other words, Microsoft makes lousy software.

"Bottom Line Computer" <> wrote in message
news:...
> The Sasser worm - what you need to know
>
> http://www.microsoft.com/security/incident/sasser.asp What Microsoft
says about Sasser...
>
> The Sasser worms exploits a vulnerability in Microsoft operating systems
Windows XP and Windows 2000, known as the LSASS vulnerability.
>
> Micrrosoft acknowledges this vulnerability in the critical security
bulletin
> http://www.microsoft.com/technet/sec.../MS04-011.mspx
MS04-011 .
>
> Microsoft has a patch for the vulnerability, called security update
835732.
>
>
>
> What else you need you know...
>
> The real danger is not Sasser itself, but
http://news.com.com/2100-7349_3-5204667.html?tag=nl variants of Sasser ,
which exploit the same LSASS vulnerability.
>
> This worm does not propagate by email or by malicious scripts on Web
sites.
> You can get this worm without doing anything at all.
> As long as your computer is running and connected to the Internet, it can
get infected.
>
> LSASS is on TCP port 445. Sasser can also propagate through port 139.
If you have a firewall, and set it to block ports 139 and 445, you may be
safe. But just to be sure, you should probably install the patch as well.
>
> Even aside from this, it's a good idea to block port 445 anyway. This
port can be used for a http://www.vnunet.com/News/1131065 denial of
service attack .
>
> Ports 139 and 445 are used by Microsoft's
http://ntsecurity.nu/papers/port445/ file sharing . If you have a home or
small office network, and want to use Microsoft's file sharing, then you
need to allow traffic on these ports on your local network. But be sure to
block it at the firewall to the Internet. Always block traffic on these
ports from the Internet.
>
> How can http://www.securityspace.com/smysecu....html?id=12219
know if you're infected? If your system has Sasser, it will have TCP port
5554 open, and also either port 9995 or 9996.
>
> How can you get rid of it if you're infected? First, go to the Task
Manager and kill any task named "ASERVE.EXE" "ASERVE2.EXE" or anything
similar. Then go to the Windows directory and delete any file with a
similar name.
>
> Even if you're not infected by a worm, you can be affected by it. Worm
traffic causes traffic jams on the Internet, which can slow down everyone's
downloads. Also, worms are used to launch Distributed Denial of Service
(DDoS) attacks on servers, which make those servers unavailable to everyone.
The only way we can be completely free from the harmful effects of worms is
if practically every single computer user out there takes precautions, and
that's not likely to happen.
>
> Security experts are becoming sceptical about whether just keeping your
patches up to date is a real solution to the problem of worms and viruses.
First of all, patching is
http://news.zdnet.co.uk/internet/sec...9147340,00.htm so
difficult that there will always be people who don't bother.
> Also, sometimes patches http://www.theinquirer.net/?article=7610
actually make things worse .
> Finally, at least one Microsoft expert says that releasing patches just
http://www.nwfusion.com/columnists/2004/0308kearns.html lets bad guys know
there's a vulnerability so they can exploit it.
>
>
>
>
> http://techsupp.blcss.com/#sasser Home link
>
> Southern New Hampshire residents: don't throw away that old broken
computer.
> Call us first: 603-244-1652. If we can't fix it cheap, we'll take it off
your hands.
>
> .

Robert Morrisette

In article <Dgysc.24947$>,
"Robert Morrisette" <> wrote:

> In other words, Microsoft makes lousy software.

Now there's a news flash!

Shawn Hearn

Shawn Hearn wrote:

> In article <Dgysc.24947$>,
> "Robert Morrisette" <> wrote:
>
>
>>In other words, Microsoft makes lousy software.
>
>
> Now there's a news flash!

Not lousy, just not great. And they have bought most of their ideas and
software (even IE is from Mosaic, take a look at Help|about IE). In
their zeal for convenience of features (lowest common denominator
syndrome) they failed to think security. Turning most processes off by
default and turning the firewall on by default will help security
(Service Pack 2). Now if only they would stop hiding extensions on known
file types by default.

One tech writer credited MS for only one innovation, Microsoft Bob. And
that failure had the future Mrs. Gates as it production leader.

g-w

zz

>In other words, Microsoft makes lousy software.

What O.S. are you running? Anyone who feels that strongly about it would have to
be a complete idiot to keep using Windows!
--
Dave "Crash" Dummy - A weapon of mass destruction
?subject=Techtalk (Do not alter!)
http://lists.gpick.com

\Crash\ Dummy