Monday, May 03, 2004

Howdy!

Sasser virus is really spreading fast. French stock exchange knocked offline.

Sasser virus is created by the Netsky guy who's quite prolific.

Here's the update on Sasser:

- Sasser worms could affect 300 million computers worldwide -
Virus Alerts, by Panda Software (http://www.pandasoftware.com)

Madrid, May 03 2004 - The number of computers affected by the Sasser worm
continues to rise, and the situation looks set to worsen as companies return
to work after the weekend. Luis Corrons, head of PandaLabs warns of the
threat, "Bear in mind that some 300 million computers worldwide are
vulnerable to attack by the Sasser worm, which gives an idea of the
potential scale of the threat. New variants are also likely to emerge and
for this reason, even though we launched a pre-alert at the weekend, we have
now declared a red alert."

The Sasser worms are particularly dangerous for corporate environments as
they can spread across networks in a matter of seconds. Both the French
Stock Exchange and the France Presse news agency have fallen victim to this
new malicious code and their communications were affected on Saturday.

The situation appears to be even more serious as the creators of the worm
are coordinating the continuous launch of new variants in order to increase
the probability of infection. PandaLabs has now detected the presence of
Sasser.C, which can launch up to 1024 process in memory, making it
potentially far more virulent than its predecessors.

The appearance of the new Sasser worms is seemingly directly linked to the
wave of viruses blighting the Internet over the last few months. PandaLabs
has also detected the new Netsky.AC worm, which like its predecessors
contains a message hidden inside its code. On this occasion however, there
are no insulting messages to the authors of other worms such as Bagle or
Mydoom, but instead a message directed at antivirus vendors. The message
claims that the authors are also responsible for the Sasser worms:

Hey, av firms, do you know that we have programmed the sasser virus?!?. Yeah
thats true! Why do you have named it sasser? A Tip: Compare the FTP-Server
code with the one from Skynet.V!!! LooL! We are the Skynet...'
Here is an part of the sasser sourcecode you named so, lol

Given the serious nature of the situation, Panda Software has made its
PQRemove utility available, free of charge, to all users to detect and
eliminate the viruses. Click here to access the tool.

Panda Software informs users that the new worm can be detected and
disinfected with an up-to-date antivirus, but it is important to install the
Microsoft patch to ensure that Sasser.A doesn't re-infect computers. The
vulnerability exploited by this worm was reported by Microsoft recently in
bulletin MS04-011
(http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx), along
with the patch. Panda Software has made the updates necessary to its
products available to clients.

More information about these and other IT threats is available from:
http://www.pandasoftware.com/virus_info/encyclopedia/

Panda Software's online support center also offers help to users at:
http://www.pandasoftware.com/support/

Panda Software clients can update their antivirus through the applications
installed on their computers.

Users can also scan and disinfect their computers using Panda ActiveScan,
the free, online scanner available from: http://www.pandasoftware.com.


Be safe...