Monday, May 10, 2004

Hi there!

Sasser virus creator got busted - New vesrion Sasser.E released

Details:

- A new variant of the Sasser virus spreads
rapidly throughout the world -
Virus Alerts, by Panda Software (http://www.pandasoftware.com)

Madrid, May 09 2004 - PandaLabs has detected the appearance of Sasser.E, a
new variant of the Sasser worm virus which, according to data gathered by
Panda Software international technical support network, it's affecting
computers all over the world.

The appearance of the Sasser.E worm comes just after the announcement of the
arrest of the presumed creator of the virus. According to Luis Corrons,
Head of PandaLabs, "This fact confirms our fears that he is not the only
person programming the Sasser and Netsky worms, but rather it is an
organized group of delinquents. This seems to indicate that there is a kind
of cyber war being waged among the creators of the Bagle, Mydoom, Netsky and
Sasser worms, and it will continue to cause many more variants of the
virus."

The intention of these "underground" groups is still unknown. "However",
adds Luis Corrons, "It's possible that they are trying to attract attention
about viral codes while at the same time carry out other types of acts that
will translate into personal economic gains, such as stealing bank data in
order to commit fraud. The psychological profile could mean that they are
looking for fame, but the risks they are taking clearly outweigh the fame
they could attain since these acts undoubtedly lead to prison terms. But it
is unquestionably the conduct of a competent megalomaniac."

Sasser.E is just the latest in a string of variants A, B, C, D which the
epidemic has caused in just a few days. Just like the others, Sasser.E
exploits a security gap of Microsoft Windows known as LSASS, published in
the bulletin MSO4-011.

Sasser.E searches the Internet for vulnerable computers to attack. Once that
is done, it creates a copy of itself to the Windows directory under the file
name LSASSS.EXE. The results leads to a systems error which forces the
infected computer to reboot every 60 seconds.
In addition, and in contrast to its predecessors, Sasser.E has been
programmed to erase from the system variants of the Bagle worm.

Due to the fast-spreading nature of the variants, companies and businesses
should take preventive steps before the renewal of the workweek on Monday
morning.

In order to prevent to system from becoming a victim of Sasser.E or any of
its variants, it is necessary to install the patch which Microsoft offers to
correct the security flaw LSASS, and which can be downloaded from
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx, update
your antivirus protection and sep abreast of any new variants. Panda
Software has made the updates necessary to its products available to
clients.

Panda Software's online support center
(http://www.pandasoftware.com/support/) also offers help to users.

Panda Software clients can update their antivirus through the applications
installed on their computers.

In addition, the users can scan their computers on line for free with the
ActiveScan solution, available in the company web page
http://www.pandasoftware.com

More information about these and other IT threats is available from
http://www.pandasoftware.com/virus_info/encyclopedia/


Ciao...