Thursday, May 06, 2004

Hey everyone,

Sasser virus continues its PC security wakeup call as more companies and organizations pay the price.

Here's today's update:

- Sasser epidemic collateral damage -
Virus Alerts, by Panda Software (http://www.pandasoftware.com)

Madrid, May 5 2004 - As Sasser continues to spread, the number of
organizations affected by the virus continues to rise. These include
governmental institutions the world over, such as the European Commission
-where 1,200 computers have been affected-, the University of Massachusetts,
banking IT systems, travel booking services and companies such as British
Airways. In addition to the direct damage caused by Sasser in corporate
environments, production is also lost as machines are brought up-to date and
the Microsoft patch applied to correct the vulnerability that the worm is
exploiting.

Other victims include all those who simply can't use their computers as
systems infected by variants of Sasser restart every 60 seconds. This means
that there is no time to eliminate the virus from the computer and download
the Microsoft patch. One way that users can get round this is by first
putting the system clock back, as described below:

- When the window is displayed saying that the system will restart,
double-click on the time displayed at the bottom of the screen.

- Once the time settings window opens, put the clock back a few hours.

With respect to the extent of the epidemic, Luis Corrons, head of PandaLabs
explains that, "Many users have been installing the patch released by
Microsoft to fix the flaw that this worm exploits, which is an indication of
increased awareness among the public and should help contain the spread of
Sasser. New variants may appear so users should stay on the alert and make
sure they have a good updated antivirus."

To mitigate the effects of the Sasser epidemic, Panda Software has made its
PQRemove tools available to users. These applications not only disinfect
computers but also restore system configurations altered by the worm.

One of the PQREMOVE tools is specifically designed for networks, and removes
Sasser and all its variants from any network that could have been affected.
You can download at: http://www.pandasoftware.com/support/

The other PQREMOVE applications can disinfect any computer attacked by any
of the variants of the Sasser worms. You can download at:
http://www.pandasoftware.com/download/utilities/

User can detect and disinfect the new worm with an up-to-date antivirus, but
it is important to install the Microsoft patch to ensure that Sasser doesn't
re-infect computers. The vulnerability exploited by this worm was reported
by Microsoft recently in bulletin MS04-011
(http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx), along
with the patch. Panda Software has made the updates necessary to its
products available to clients.

Panda Software's online support center
(http://www.pandasoftware.com/support/) also offers help to users.

Panda Software clients can update their antivirus through the applications
installed on their computers.

In addition, the users can scan their computers on line for free with the
ActiveScan solution, available in the company web page
http://www.pandasoftware.com.

More information about these and other IT threats is available from
http://www.pandasoftware.com/virus_info/encyclopedia/

Later...