Saturday, May 08, 2004

Hi there,

Here's a weekly update on viruses in circulation:

- Weekly report on viruses and intrusions -
Virus Alerts, by Panda Software (http://www.pandasoftware.com)

Madrid, May 7, 2004 - This week's virus activity has centered around the
epidemic caused by the appearance of four variants of the Sasser worm.
However, they are not the only malicious code that have emerged this week.
Therefore, as well as describing the Sasser worms, this week's report will
also look at Netsky.AC, three new hacking tools called DSScan, JohnTheRipper
and Brutus.A, and the Briss.A Trojan.

The appearance of the A, B, C and D variants of the Sasser worm have caused
a widespread epidemic that has affected users worldwide. These malicious
code are designed to exploit a vulnerability recently discovered in some
versions of Windows called LSASS. By exploiting this vulnerability, they do
not need to use traditional means of transmission to infect computers, as
they can get into computers directly through the Internet. The four variants
of Sasser are very similar to one another, and only differ in the name of
the files they create on the system or the number of processes they load in
memory in order to spread.

The Sasser worms cause a buffer overflow that results in the affected
systems restarting every 60 seconds. In order to solve this problem, as well
as using an updated antivirus to scan and disinfect the computer, it is
essential to install the patch released by Microsoft to fix the LSASS
vulnerability, which can be downloaded from
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx.

As computers are restarted every minute, users may not have enough time to
eliminate the worm from the computer and download the Microsoft patch. To
avoid this problem, one of the options available to users is to put back the
system clock by following the steps below:

- When the window warning that the computer is going to be restarted
appears, double click on the clock that appears in the bottom right corner
of the monitor.

- When the date and time settings screen opens, in the textbox in which the
hours and minutes appear, change the time to a few hours earlier than the
time that appears.

Panda Software has made its PQRemove tools available to users. These
applications not only disinfect computers but also restore system
configurations altered by the worm.

One of the PQREMOVE tools is specifically designed for networks, and removes
Sasser and all its variants from any network that could have been affected.
This tool can be downloaded from: http://www.pandasoftware.com/support. The
other PQREMOVE applications can disinfect any computer attacked by any of
the variants of the Sasser worms. These can be downloaded from:
http://www.pandasoftware.com/download/utilities.

Netsky.AC is a new variant of this family of mass-mailing worms that has
been attacking the Internet over the last few months. However, the most
interesting aspect of this worm is the message hidden in its code, which
boasts that the authors of the Netsky worms also created the Sasser worms:

Hey, av firms, do you know that we have programmed the sasser virus?!?. Yeah
thats true! Why do you have named it sasser? A Tip: Compare the FTP-Server
code with the one from Skynet.V!!! LooL! We are the Skynet...'
Here is an part of the sasser sourcecode you named so, lol

However, until these delinquents are caught, users should continue to keep
their guard up against the highly probable appearance of new viruses.
Considering how the previous attacks were carried out, it is likely that the
authors of the Sasser and Netsky worms are putting the final touches to an
extremely dangerous malicious code that -as they have done up until now -
they will unleash at the weekend.

"These authors could try to create a virus that spreads via e-mail as well
as exploiting the LSASS vulnerability. By doing this, it could get round the
firewall protection that blocks the Sasser worms. This could be especially
dangerous for companies that, as they have firewall protection installed,
have not applied the Microsoft patches," says Luis Corrons, head of
PandaLabs.

DSScan.A, JohnTheRipper and Brutus.A are three new hacking tools. These are
legitimate tools that, in theory, are not designed to cause any damage.
However, they can also be used by hackers to carry out malicious actions.

DSScan.A is a network tool that detects computers affected by the LSASS
vulnerability. JohnTheRipper.A allows hackers to steal passwords from
computers running Unix or Windows operating systems.

Brutus.A is a program that allows malicious users to crack passwords using
brute force attacks. This technique involves trying every possible
combination until the correct password is found.

Finally, Briss.A is a Trojan that goes memory resident and installs other
malware on the computer every 24 hours, without the user realizing. It also
carries out other actions, such as capturing certain key combinations.

Like many other Trojans, Briss.A cannot spread by itself; it needs the help
of a malicious user. The means of transmission it uses include: floppy
disks, e-mail messages with attachments, Internet downloads, etc.

For further information about these and other computer threats, visit Panda
Software's Encyclopedia at:
http://www.pandasoftware.com/virus_info/encyclopedia/

Additional information

- Trojan: Strictly speaking, a Trojan is not a virus, although it is often
thought of as such. Really they are programs that, enter computers appearing
to be harmless programs, install themselves and carry out actions that
affect user confidentiality.

- Vulnerability: Flaws or security holes in a program or IT system, and
often used by viruses as a means of infection.

More definitions of virus and antivirus terminology at:
http://www.pandasoftware.com/virus_info/glossary/default.aspx

Friday, May 07, 2004

Hey everybody,

Here are some free tools for removing the Sasser virus:

- Free Panda Software tools for removing the Sasser worms -
Virus Alerts, by Panda Software (http://www.pandasoftware.com)

Madrid, May 6 2004 - To mitigate the effects of the epidemic caused by the
variants of Sasser (A,B,C & D), Panda Software has made its free PQRemove
tools available to all users.

These applications not only disinfect computers, but also restore system
configurations altered by the worm.

- If your network has been attacked by any of the variants of Sasser, Panda
offers the specific PQRemove tool for networks, along with instructions, at:
http://www.pandasoftware.com/support

- If you have a standalone (individual) computer that has been attacked by a
variant of the Sasser worm, you can download the PQRemove tool you need
from: http://www.pandasoftware.com/download/utilities/

For more detailed information about any of the Sasser worms, go to:
http://www.pandasoftware.com/virus_info/encyclopedia

Later...

Thursday, May 06, 2004

Hey there,

More Sasser virus updates. Heathrow airport effected - talk about airport security...

- PandaLabs in the hunt for the authors of the Sasser worms -
Virus Alerts, by Panda Software (http://www.pandasoftware.com)

Madrid, May 06 2004 - While the Sasser worms continue looking for new
victims to infect, the hunt for their creators has started. By applying
proprietary forensic IT techniques to the code of these worms, PandaLabs
will look for clues that could lead to the arrest of their authors.

"Letting viruses loose is a crime that should be investigated. The authors
of Sasser must also be treated as particularly dangerous criminals, as
evidence suggests that they also created the Netsky worms, and who knows how
many other viruses," says Luis Corrons head of PandaLabs.

The clues to the authors of computers viruses are hidden in the source code,
lines of special characters that to the untrained eye don't make any sense,
but that can disclose a lot of information to the experts at PandaLabs.
"Virus authors usually have delusions of grandeur and therefore don't miss
any opportunity to leave their mark in the viruses they create. However,
this is often their undoing: it can be a date, the name of a city, a
reference to a friend or girlfriend, etc., the slightest clue could be the
key to detaining the author of the virus," explains Corrons.

However, until these delinquents are caught, users should continue to keep
their guard up against the highly probable appearance of new viruses.
Considering how the previous attacks were carried out, it is likely that the
authors of the Sasser and Netsky worms are putting the final touches to an
extremely dangerous malicious code that -as they have done up until now-
they will unleash at the weekend.

More companies and institutions are reporting that they have felt the
effects of Sasser in one way or another. These include Heathrow airport in
London, where one of the terminals was brought to a standstill, some
governmental departments in Hong Kong, as well as the Suntrust Bank and
American Express in the USA.

To mitigate the effects of the Sasser epidemic, Panda Software has made its
PQRemove tools available to users. These applications not only disinfect
computers but also restore system configurations altered by the worm.

One of the PQREMOVE tools is specifically designed for networks, and removes
Sasser and all its variants from any network that could have been affected.
You can download at: http://www.pandasoftware.com/support/

The other PQREMOVE applications can disinfect any computer attacked by any
of the variants of the Sasser worms. You can download at:
http://www.pandasoftware.com/download/utilities/

User can detect and disinfect the new worm with an up-to-date antivirus, but
it is important to install the Microsoft patch to ensure that Sasser doesn't
re-infect computers. The vulnerability exploited by this worm was reported
by Microsoft recently in bulletin MS04-011
(http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx), along
with the patch. Panda Software has made the updates necessary to its
products available to clients.

Panda Software's online support center
(http://www.pandasoftware.com/support/) also offers help to users.

Panda Software clients can update their antivirus through the applications
installed on their computers.

In addition, the users can scan their computers on line for free with the
ActiveScan solution, available in the company web page
http://www.pandasoftware.com

More information about these and other IT threats is available from
http://www.pandasoftware.com/virus_info/encyclopedia/


Later...

Hey everyone,

Sasser virus continues its PC security wakeup call as more companies and organizations pay the price.

Here's today's update:

- Sasser epidemic collateral damage -
Virus Alerts, by Panda Software (http://www.pandasoftware.com)

Madrid, May 5 2004 - As Sasser continues to spread, the number of
organizations affected by the virus continues to rise. These include
governmental institutions the world over, such as the European Commission
-where 1,200 computers have been affected-, the University of Massachusetts,
banking IT systems, travel booking services and companies such as British
Airways. In addition to the direct damage caused by Sasser in corporate
environments, production is also lost as machines are brought up-to date and
the Microsoft patch applied to correct the vulnerability that the worm is
exploiting.

Other victims include all those who simply can't use their computers as
systems infected by variants of Sasser restart every 60 seconds. This means
that there is no time to eliminate the virus from the computer and download
the Microsoft patch. One way that users can get round this is by first
putting the system clock back, as described below:

- When the window is displayed saying that the system will restart,
double-click on the time displayed at the bottom of the screen.

- Once the time settings window opens, put the clock back a few hours.

With respect to the extent of the epidemic, Luis Corrons, head of PandaLabs
explains that, "Many users have been installing the patch released by
Microsoft to fix the flaw that this worm exploits, which is an indication of
increased awareness among the public and should help contain the spread of
Sasser. New variants may appear so users should stay on the alert and make
sure they have a good updated antivirus."

To mitigate the effects of the Sasser epidemic, Panda Software has made its
PQRemove tools available to users. These applications not only disinfect
computers but also restore system configurations altered by the worm.

One of the PQREMOVE tools is specifically designed for networks, and removes
Sasser and all its variants from any network that could have been affected.
You can download at: http://www.pandasoftware.com/support/

The other PQREMOVE applications can disinfect any computer attacked by any
of the variants of the Sasser worms. You can download at:
http://www.pandasoftware.com/download/utilities/

User can detect and disinfect the new worm with an up-to-date antivirus, but
it is important to install the Microsoft patch to ensure that Sasser doesn't
re-infect computers. The vulnerability exploited by this worm was reported
by Microsoft recently in bulletin MS04-011
(http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx), along
with the patch. Panda Software has made the updates necessary to its
products available to clients.

Panda Software's online support center
(http://www.pandasoftware.com/support/) also offers help to users.

Panda Software clients can update their antivirus through the applications
installed on their computers.

In addition, the users can scan their computers on line for free with the
ActiveScan solution, available in the company web page
http://www.pandasoftware.com.

More information about these and other IT threats is available from
http://www.pandasoftware.com/virus_info/encyclopedia/

Later...

Tuesday, May 04, 2004

Howdy everyone,

Sasser spreading further with new variation Sasser.D

Details below:

- The new Sasser.D worm aggravates the epidemic
that is sweeping across the Internet -
Virus Alerts, by Panda Software (http://www.pandasoftware.com)

Madrid, May 03 2004 - PandaLabs has detected the appearance of a new variant
of the Sasser worm (Sasser.D) -very similar to its predecessors- which,
according to the data gathered by the multinational's International Alerts
Network, has started to cause incidents.

In order to combat the effects of the epidemic triggered by the variants of
the Sasser worm, Panda Software has made two new PQRemove utilities
available to all users. These applications can clean infected computers and
restore the configuration computers had prior to the worm's attack.

The first PQRemove is specific for networks and removes Sasser and all of
its variants from any network that could have been affected. You can
download at: http://www.pandasoftware.com/support/

The second PQRemove application cleans every computer that could have been
attacked by Sasser.D. You can download at:
http://www.pandasoftware.com/download/utilities/

Far from receding, the global epidemic unleashed by Sasser and its variants
is expanding progressively. As expected, the number of companies whose
network has been affected by these dangerous worms is increasing. According
to The Daily Telegraph, Sydney's railway radio communication network has
been seriously affected by a computer virus. Besides, some 300 million
computers worldwide are vulnerable to attack by the Sasser worm, which gives
an idea of the potential scale of the threat.

There can be no doubt about the intentions of the creators of these worms:
to put as many viruses as possible in circulation in order to multiply the
probability of infection. Luis Corrons, head of PandaLabs warns of the
threat: "New variants of Sasser will continue to appear in the next few
hours, and it will be necessary to be protected. To ensure this, users
should install the Microsoft patch that corrects the vulnerability exploited
by Sasser".

Panda Software informs users that the new worms can be detected and
disinfected with an up-to-date antivirus, but it is important to install the
Microsoft patch to ensure that Sasser.A doesn't re-infect computers. The
vulnerability exploited by this worm was reported by Microsoft recently in
bulletin MS04-011

(http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx),

along with the patch. Panda Software has made the updates necessary to its
products available to clients.

Panda Software's online support center
(http://www.pandasoftware.com/support/) also offers help to users.

Panda Software clients can update their antivirus through the applications
installed on their computers.

In addition, the users can scan their computers on line for free with the
ActiveScan solution, available in the company web page
http://www.pandasoftware.com.

More information about these and other IT threats is available from
http://www.pandasoftware.com/virus_info/encyclopedia/


Be safe...

Monday, May 03, 2004

Howdy!

Sasser virus is really spreading fast. French stock exchange knocked offline.

Sasser virus is created by the Netsky guy who's quite prolific.

Here's the update on Sasser:

- Sasser worms could affect 300 million computers worldwide -
Virus Alerts, by Panda Software (http://www.pandasoftware.com)

Madrid, May 03 2004 - The number of computers affected by the Sasser worm
continues to rise, and the situation looks set to worsen as companies return
to work after the weekend. Luis Corrons, head of PandaLabs warns of the
threat, "Bear in mind that some 300 million computers worldwide are
vulnerable to attack by the Sasser worm, which gives an idea of the
potential scale of the threat. New variants are also likely to emerge and
for this reason, even though we launched a pre-alert at the weekend, we have
now declared a red alert."

The Sasser worms are particularly dangerous for corporate environments as
they can spread across networks in a matter of seconds. Both the French
Stock Exchange and the France Presse news agency have fallen victim to this
new malicious code and their communications were affected on Saturday.

The situation appears to be even more serious as the creators of the worm
are coordinating the continuous launch of new variants in order to increase
the probability of infection. PandaLabs has now detected the presence of
Sasser.C, which can launch up to 1024 process in memory, making it
potentially far more virulent than its predecessors.

The appearance of the new Sasser worms is seemingly directly linked to the
wave of viruses blighting the Internet over the last few months. PandaLabs
has also detected the new Netsky.AC worm, which like its predecessors
contains a message hidden inside its code. On this occasion however, there
are no insulting messages to the authors of other worms such as Bagle or
Mydoom, but instead a message directed at antivirus vendors. The message
claims that the authors are also responsible for the Sasser worms:

Hey, av firms, do you know that we have programmed the sasser virus?!?. Yeah
thats true! Why do you have named it sasser? A Tip: Compare the FTP-Server
code with the one from Skynet.V!!! LooL! We are the Skynet...'
Here is an part of the sasser sourcecode you named so, lol

Given the serious nature of the situation, Panda Software has made its
PQRemove utility available, free of charge, to all users to detect and
eliminate the viruses. Click here to access the tool.

Panda Software informs users that the new worm can be detected and
disinfected with an up-to-date antivirus, but it is important to install the
Microsoft patch to ensure that Sasser.A doesn't re-infect computers. The
vulnerability exploited by this worm was reported by Microsoft recently in
bulletin MS04-011
(http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx), along
with the patch. Panda Software has made the updates necessary to its
products available to clients.

More information about these and other IT threats is available from:
http://www.pandasoftware.com/virus_info/encyclopedia/

Panda Software's online support center also offers help to users at:
http://www.pandasoftware.com/support/

Panda Software clients can update their antivirus through the applications
installed on their computers.

Users can also scan and disinfect their computers using Panda ActiveScan,
the free, online scanner available from: http://www.pandasoftware.com.


Be safe...

Sunday, May 02, 2004

Hey Everyone,

I hear from a lot of people that they just can't afford to buy all the security products that their PC needs for total protection from the various Internet threats.

Well, duh!

There's a ton of free security products out there. You just have to know where to find them.

Here's a few good sources:

Free Spam Filters


Free Antivirus


Free Virus Scan


Free Spyware Removal


Free Adware Remover


Spybot Search & Destroy


Free Firewall



So stop whining and tighten up your PC.

Ciao..