Saturday, May 01, 2004


There's a new scanning virus (remember Blaster?) known as Sasser that's
ripping up the Net.

Here's Panda's alert message:

- Panda Software reports the appearance of Sasser.A -

PandaLabs has detected the appearance of W32/Sasser.A. This worm exploits
the LSASS vulnerability to access the remote systems. This is one of the
vulnerabilities published by Microsoft which affects LSASS (published in the
bulletin MCS4-011 an available in the following address:


Panda Software has received numerous incidents due this new worm. Its
propagation is on the increase, and right now is one of the most detected
by Panda ActiveScan.

It behaviour is similar to Blaster. The worm scans random IP addresses until
it finds systems with this vulnerability. Once found, it copies itself in
Windows directory with the name AVSERVE.EXE and creates the folowing
registry entry, to ensure it is launched when the system is booted:


avserve.exe = %windir%\avserve.exe

In addition, the vulnerability uses a buffer overflow to make the LSASS.EXE
application crash. Because of this, the system can fail.

To prevent incidents with Sasser.A, Panda Software advises users to update
their antivirus software. The company has already made the updates to its
products available to users to ensure their solutions can detect and
eliminate this worm. Similarly, users can also detect and disinfect this and
other malicious code using the free, online antivirus, Panda ActiveScan,
which is also available on the company's website at

More information on Sasser.A is available in Panda Software's Virus
Encyclopedia, available on the company's website at:

Additional information:
- Vulnerability: Flaws or security holes in a program or IT system, and
often used by viruses as a means of infection.

- Worm: This is similar to a virus, but it differs in that all it does is
make copies of itself (or part of itself).

More technical terms available on:

Later gator...

Links to this post:

Create a Link

<< Home