Thursday, May 13, 2004

Sasser.F Appears after Sasser Creator Arrested

- Other hackers pick up where the Sasser author
left off: variant F appears -
Virus Alerts, by Panda Software (http://www.pandasoftware.com)

Madrid, May 11 2004 - PandaLabs has detected the appearance of the new
Sasser.F worm. This variant is very similar to the original worm, as it only
includes a few small differences, such as the format in which it is packed.

The date that Sasser.F was created appears as April 30, the same day the
first Sasser worm emerged. "It seems that an inexperienced hacker has
created Sasser.F by slightly modifying the code of the original worm.
Another possibility is that the author of Sasser did not work alone, and
that another person is releasing these previously created variants. However,
studying the evolution of Sasser, the fact that variant F does not include
any new features confirms that it is the work of a different person," says
Luis Corrons, head of PandaLabs.

It is highly probable that new variants of Sasser and Cycle, or new viruses
that exploit the LSASS vulnerability will appear. "In order to avoid falling
victim to these viruses, the first thing users must do is install the
patches released by Microsoft to fix the LSASS vulnerability. Given that a
large number of viruses that exploit this flaw are in circulation -and that
more could appear - computers are extremely vulnerable to infection,"
explains Corrons.

In order to avoid falling victim to Sasser.F or any of its variants, Panda
Software advises users to take precautions, keep their antivirus software
updated and to apply the Microsoft patch, -which can be downloaded from
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx- as
computer will continue to be infected by this virus until the vulnerability
has been fixed. Panda Software has made the updates necessary to detect and
disinfect this new worm available to clients.

More information about these and other IT threats is available from:
http://www.pandasoftware.com/virus_info/encyclopedia/

Panda Software's online support center also offers help to users at:
http://www.pandasoftware.com/support/

Panda Software clients can update their antivirus through the applications
installed on their computers.

Users can also scan and disinfect their computers using Panda ActiveScan,
the free, online scanner available from: http://www.pandasoftware.com.