Thursday, May 06, 2004

Hey there,

More Sasser virus updates. Heathrow airport effected - talk about airport security...

- PandaLabs in the hunt for the authors of the Sasser worms -
Virus Alerts, by Panda Software (

Madrid, May 06 2004 - While the Sasser worms continue looking for new
victims to infect, the hunt for their creators has started. By applying
proprietary forensic IT techniques to the code of these worms, PandaLabs
will look for clues that could lead to the arrest of their authors.

"Letting viruses loose is a crime that should be investigated. The authors
of Sasser must also be treated as particularly dangerous criminals, as
evidence suggests that they also created the Netsky worms, and who knows how
many other viruses," says Luis Corrons head of PandaLabs.

The clues to the authors of computers viruses are hidden in the source code,
lines of special characters that to the untrained eye don't make any sense,
but that can disclose a lot of information to the experts at PandaLabs.
"Virus authors usually have delusions of grandeur and therefore don't miss
any opportunity to leave their mark in the viruses they create. However,
this is often their undoing: it can be a date, the name of a city, a
reference to a friend or girlfriend, etc., the slightest clue could be the
key to detaining the author of the virus," explains Corrons.

However, until these delinquents are caught, users should continue to keep
their guard up against the highly probable appearance of new viruses.
Considering how the previous attacks were carried out, it is likely that the
authors of the Sasser and Netsky worms are putting the final touches to an
extremely dangerous malicious code that -as they have done up until now-
they will unleash at the weekend.

More companies and institutions are reporting that they have felt the
effects of Sasser in one way or another. These include Heathrow airport in
London, where one of the terminals was brought to a standstill, some
governmental departments in Hong Kong, as well as the Suntrust Bank and
American Express in the USA.

To mitigate the effects of the Sasser epidemic, Panda Software has made its
PQRemove tools available to users. These applications not only disinfect
computers but also restore system configurations altered by the worm.

One of the PQREMOVE tools is specifically designed for networks, and removes
Sasser and all its variants from any network that could have been affected.
You can download at:

The other PQREMOVE applications can disinfect any computer attacked by any
of the variants of the Sasser worms. You can download at:

User can detect and disinfect the new worm with an up-to-date antivirus, but
it is important to install the Microsoft patch to ensure that Sasser doesn't
re-infect computers. The vulnerability exploited by this worm was reported
by Microsoft recently in bulletin MS04-011
(, along
with the patch. Panda Software has made the updates necessary to its
products available to clients.

Panda Software's online support center
( also offers help to users.

Panda Software clients can update their antivirus through the applications
installed on their computers.

In addition, the users can scan their computers on line for free with the
ActiveScan solution, available in the company web page

More information about these and other IT threats is available from


Links to this post:

Create a Link

<< Home