Generic Anti-Virus Virus Defence Bureau News Articles On-line Real Time Protection
Multi-tiered Security Solution
Virus Defence Home Company Profile Support Downloads Solutions News Articles Enquiries Partners
Reduces legal liability
Blocks First Strike of Viruses

Sasser Worm 3/5/04
 

OVERVIEW
The Sasser Worm was discovered in the wild recently spreading using a LSASS.EXE buffer overrun exploit to infect machines. The Sasser Worm only infects Windows 2000 & XP machines. The worm drops the files AVSERVE.EXE, and AVSERVE2.EXE to the Windows folder, and then added to the run registry. Sasser generates traffic on TCP ports 445, 5554 and 9996. 445/TCP: - The worm attacks through this port. 5554/TCP: - FTP server on infected systems. 9996/TCP: - Remote shell opened by the exploit on the vulnerable hosts

Microsoft have released detailed information on the Sasser Worm, and the LSASS vulnerability affecting Windows 2000 & XP:
http://www.microsoft.com/security/incident/sasser.asp#steps

*One thing to keep in mind when on the internet in regards to stopping viruses is that the InVircible Startup Applications List will pop up and show a new entry to the pc startup highlighted in red and prompt the user to press 'ok' or 'delete' -in this case AVSERVE.EXE or AVSERVE2.EXE (If you haven't been installing any new software in the last 3 mins always press delete as this will stop any virus in it's tracks!). To see the startup applications list click on the green IV, and select the option (at the bottom of the list).

WINDOWS AUTOMATIC SECURITY UPDATES FOR WINDOWS
Microsoft regularly issues patches or updates to solve security problems in their software. The critical updates are the ones you should be concerned about. If these are not applied, it leaves your computer more vulnerable. Service Packs are larger updates which upgrade and fix security problems. Windows Automatic Update feature is available in with Windows XP. This is a tool that will automatically check for any new Critical updates that your computer needs and install them at a designated time. When updates are available to download a Windows icon will be placed next to the time in the bottom right corner of the screen (near the green IV).

*Select the 'Keep my Computer up to date' option.

Windows XP: Start > Settings > Control Panel > System > Automatic Updates
Windows 2000: Start > Settings > Control Panel > Automatic Updates

Back


Site Extras...
 

Sign up for our quarterly e-newsletter for helpful advice and product updates


Plain text HTML

 

to keep the Virus Defence Bureau near by
 
     

Home | Company Profile | Support | Downloads | Solutions | News Articles | Enquiries
© Virus Defence Bureau 2002   Email support@virusdefence.com.au   Tel +61 03 9569 8848