Virus Alert: W32/Sasser.worm

Scams, Frauds and Virus Threats Forum

There's a new virus, and several variants of it, running amok in the last couple weeks. What makes this one stand out is that it propagates and infects vulnerable systems all on its own. It doesn't require being emailed and the recipient doing something stupid like execute the file attachment. Make sure your system is protected!

There is a patch from Microsoft that you should install. Not all O/Ses are affected, so read the details before taking action:

http://www.microsoft.com/technet/se...n/MS04-011.mspx

Symantec has a good tool as well.

http://securityresponse.symantec.co...moval.tool.html

Every Microsoft Windows Users need to patch their systems and update their virus definations to the current. The tool is good but we need to apply patches as told by Microsoft.

Another Sasser Worm Appears Despite Teen's Arrest - By TechWeb News

Despite the arrest Friday of an 18-year-old in Germany accused of creating the Sasser worm, another variant rolled onto the Internet a few hours after he was detained.

Security experts are undecided whether the new variant, dubbed Sasser.e, indicated that the arrested teen was actually working alone -- the "lone coder" theory put forward by, among others, Microsoft -- or was part of a group. If it's the latter, additional versions could be forthcoming.

According to wire service reports, however, German police claim that Sasser.e is the work of Sven Jaschan, the man arrested Friday. Frank Federau, a spokesman for the state criminal office in Hanover, said the suspect likely created it "immediately before his discovery."

The confusion may lie in timing: Sasser.e was first noticed nearly four hours after Jaschan's arrest. But that may only mean anti-virus firms didn't spot it immediately.

"However, since Sasser.e spreads really fast, there must be even earlier spottings," said the Finnish security firm F-Secure in an alert posted to its Web site Sunday.

Other analysts took a different tack, and believed that the debut of Sasser.e meant Jaschan was not acting alone.

"This confirms our fears that [Jaschan] is not the only person programming the Sasser and Netsky worms, but rather it is an organized group of delinquents," said Luis Corrons, the head of Panda Software's virus lab, in a statement. "This seems to indicate that there is a kind of cyberwar being waged among the creators of the Bagle, MyDoom, Netsky, and Sasser worms, and it will continue to cause many more variants of the virus."

Sasser.e -- which exploits the same vulnerability in Windows as the previous four variations -- attempts to delete several competing worms from infected systems, including Bagle.x and Bagle.w. That trait, however, doesn't bolster one of the theories over the other, since Jaschan is also alleged to have authored all the Netsky worms, which traditionally took shots at Bagle's creators by including embedded trash talk in the code or tying to erase Bagle from compromised machines.