Home » 

UK ISP News Archives

 » 
Sponsored Links

MAJOR Virus Warning - Sasser

Posted: 03rd May, 2004 By: MarkJ
Remember the so called MS Blaster worm? A virus notorious for its ability to infiltrate computer systems just by seeing you connected to the Internet, well a similar infection (Sasser) has started circulating.

In fact my own system became infected on Friday, yet Norton's database didn't pick it up until Sunday, although thankfully I was aware of it on Friday and managed to physically put a stop to things myself (made itself too obvious in the process list).

The thing is, not only are broadband users most and risk, but even with an updated virus database and all the latest critical MS patches, it still managed to infect. You don't have to do anything, it'll just sneak onto your system while you’re connected and that's why it's a serious threat:

This worm spreads by exploiting a recent Microsoft vulnerability, spreading from machine to machine with no user intervention required.

This worm scans random IP addresses for exploitable systems. When one is found, the worm exploits the vulnerable system, by overflowing a buffer in LSASS.EXE. It creates a remote shell on TCP port 9996. Next it creates an FTP script named cmd.ftp on the remote host and executes it. This FTP script instructs the target victim to download and execute the worm (with the filename #_up.exe as aforementioned) from the infected host. The infected host accepts this FTP traffic on TCP port 5554.

The worm spawns multiple threads, some of which scan the local class A subnet, others the class B subnet, and others completely random subnets. The destination port is TCP 445.


Typically I'd just re-installed my OS, so the firewall wasn't online yet, hence the added risk. A removal tool can be found HERE. You'll also need to update your AV software and pop along to Microsoft's website for the correct patch HERE.
Search ISP News
Search ISP Listings
Search ISP Reviews
Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
NOW UK ISP Logo
NOW £24.00
100Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £26.00
132Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £26.50 - 27.00
150Mbps
Gift: None
Zen Internet UK ISP Logo
Zen Internet £28.00 - 35.00
100Mbps
Gift: None
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £17.00
200Mbps
Gift: None
BeFibre UK ISP Logo
BeFibre £19.00
150Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
YouFibre UK ISP Logo
YouFibre £22.99
150Mbps
Gift: None
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Large Availability | View All
Sponsored Links
The Top 15 Category Tags
  1. FTTP (5719)
  2. BT (3567)
  3. Politics (2602)
  4. Openreach (2342)
  5. Business (2322)
  6. Building Digital UK (2277)
  7. FTTC (2061)
  8. Mobile Broadband (2039)
  9. Statistics (1830)
  10. 4G (1724)
  11. Virgin Media (1674)
  12. Ofcom Regulation (1494)
  13. Fibre Optic (1426)
  14. Wireless Internet (1417)
  15. FTTH (1383)
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules