What you need to know about the Sasser worm

The Sasser worm - what you need to know

http://www.microsoft.com/security/incident/sasser.asp What Microsoft says about Sasser...

The Sasser worms exploits a vulnerability in Microsoft operating systems Windows XP and Windows 2000, known as the LSASS vulnerability.

Micrrosoft acknowledges this vulnerability in the critical security bulletin
http://www.microsoft.com/technet/sec.../MS04-011.mspx MS04-011 .

Microsoft has a patch for the vulnerability, called security update 835732.



What else you need you know...

The real danger is not Sasser itself, but http://news.com.com/2100-7349_3-5204667.html?tag=nl variants of Sasser , which exploit the same LSASS vulnerability.

This worm does not propagate by email or by malicious scripts on Web sites.
You can get this worm without doing anything at all.
As long as your computer is running and connected to the Internet, it can get infected.

LSASS is on TCP port 445. Sasser can also propagate through port 139. If you have a firewall, and set it to block ports 139 and 445, you may be safe. But just to be sure, you should probably install the patch as well.

Even aside from this, it's a good idea to block port 445 anyway. This port can be used for a http://www.vnunet.com/News/1131065 denial of service attack .

Ports 139 and 445 are used by Microsoft's http://ntsecurity.nu/papers/port445/ file sharing . If you have a home or small office network, and want to use Microsoft's file sharing, then you need to allow traffic on these ports on your local network. But be sure to block it at the firewall to the Internet. Always block traffic on these ports from the Internet.

How can http://www.securityspace.com/smysecu....html?id=12219 know if you're infected? If your system has Sasser, it will have TCP port 5554 open, and also either port 9995 or 9996.

How can you get rid of it if you're infected? First, go to the Task Manager and kill any task named "ASERVE.EXE" "ASERVE2.EXE" or anything similar. Then go to the Windows directory and delete any file with a similar name.

Even if you're not infected by a worm, you can be affected by it. Worm traffic causes traffic jams on the Internet, which can slow down everyone's downloads. Also, worms are used to launch Distributed Denial of Service (DDoS) attacks on servers, which make those servers unavailable to everyone. The only way we can be completely free from the harmful effects of worms is if practically every single computer user out there takes precautions, and that's not likely to happen.

Security experts are becoming sceptical about whether just keeping your patches up to date is a real solution to the problem of worms and viruses. First of all, patching is http://news.zdnet.co.uk/internet/sec...9147340,00.htm so difficult that there will always be people who don't bother.
Also, sometimes patches http://www.theinquirer.net/?article=7610 actually make things worse .
Finally, at least one Microsoft expert says that releasing patches just http://www.nwfusion.com/columnists/2004/0308kearns.html lets bad guys know there's a vulnerability so they can exploit it.




http://techsupp.blcss.com/#sasser Home link

Southern New Hampshire residents: don't throw away that old broken computer.
Call us first: 603-244-1652. If we can't fix it cheap, we'll take it off your hands.

..

Bottom Line Computer

"Bottom Line Computer" <> wrote in
misc.consumers:
>The real danger is not Sasser itself, but

people who keep posting the same article.

--
Stan Brown, Oak Road Systems Cortland County, New York, USA
http://OakRoadSystems.com
You need any friends you can get. The only thing standing
between you and a watery grave is your wits, and that's not
my idea of adequate protection. -- /Beat the Devil/ (1954)

Stan Brown