Announcement

Collapse
No announcement yet.

An Interesting little virus.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • An Interesting little virus.

    Got this from work.


    Over the weekend a new worm, Sasser, was discovered on the internet. It has significantly impacted many other corporations and has received a high level of attention and has now been detected within JJNET.

    Unlike many recent worms, this virus does not spread via e-mail. No user intervention is required to become infected or propagate the virus further. The worm works by instructing vulnerable system(s) to download and execute the viral code. A side effect of the worm is that it causes LSASS.EXE to crash. By default, such systems will reboot after the crash occurs.

    In an effort to detect Sasser and a number of other highly worrisome issues, we have implemented a check that will examine your system upon log on. This check has been put into place in the login script that will scan the machine for this patch and the presence of the virus. If a machine is detected as being infected, a notification similar to message below (see attached screenshot) will be displayed on the users screen, and the machine will be shut down.

  • #2
    Re: An Interesting little virus.

    Hmmm..

    While a non-user-initiated bug seems spooky, I really don't like the idea of automating code to run scans on machines. (too easy to manipulate later on)

    W32/Sasser-A attempts to connect out on port TCP/9996 and TCP/445 and exploit the LSASS vulnerability. An FTP script is then downloaded and executed which connects back on port 5554 to download a copy of the worm via FTP.


    It's a MS issue. Patch the effected machines via a push, and then monitor these ports for traffic....

    Very tricky virii setup though... most corp firewalls allow FTP by default.



    <--$0.02

    Comment


    • #3
      Re: An Interesting little virus.

      so thats why port 445 started getting bombarded last week............
      From Adam Webb

      Comment


      • #4
        Re: An Interesting little virus.

        There are actually 4 versions of this baby.

        W32.Sasser.A.Worm
        W32.Sasser.B.Worm
        W32.Sasser.C.Worm
        W32.Sasser.D.Worm

        D just came out yesterday afternoon. It immediately got a friends machine because they hadn't run Windows Update in a while. :(

        With a little registry editing and some updates I got it fixed.

        Those who keep thier machines up to date shouldn't have a problem.

        Every time I'm at someones house I tell them the same thing.

        1) Virus software - Update frequently
        2) Windows Update - Update frequently.

        After a few visits they tend to get it.
        I do what I can.

        cpgf: (n.) Acronym describing a significant other who has not yet acheived full spousal status and is in possession of a cable modem; of note because at YOUR house, you still have dial-up -- and crappy dialup at that.

        Comment


        • #5
          Re: An Interesting little virus.

          Hardware Firewall > Sasser

          Comment


          • #6
            Re: An Interesting little virus.

            Whats even funnier is there is a supposed fix email out there that claims it will repair and eleminate the worm and the fix contains another virus with in it... :icon_eek:
            I may be old but I can still pull the trigger. Because I can't run. That makes me dangerous. :icon_lol:

            Comment


            • #7
              Re: An Interesting little virus.

              They caught the German Kid who created these viruses. Dumbass kid.


              Don't be a fool and die for your country. Let the other sonofabitch die for his.

              George S. Patton

              Comment


              • #8
                Re: An Interesting little virus.

                Santal yeah I agree I have my Norton on auto update as well as my PC anything new and it goes to Update i also do manual updates for windows atleast once a month.....

                Anybody wants to send my broke butt a copy of Norton Internet Security 2004 would be greatly apreciated! I'm running 2003 right now.......

                Comment


                • #9
                  Re: An Interesting little virus.

                  Originally posted by xliipapa6
                  They caught the German Kid who created these viruses. Dumbass kid.
                  as some site said, they should put in him a locked room, with all the system administrators in the world......THAT would be punishment.......
                  From Adam Webb

                  Comment


                  • #10
                    Re: An Interesting little virus.

                    Originally posted by Overlag
                    as some site said, they should put in him a locked room, with all the system administrators in the world......THAT would be punishment.......

                    lol... might be a rough day, but he'd prolly leave that room with a nice job

                    :icon16:

                    Comment


                    • #11
                      Re: An Interesting little virus.

                      Originally posted by fr1j0l3
                      lol... might be a rough day, but he'd prolly leave that room with a nice job

                      :icon16:
                      lol probably.......
                      From Adam Webb

                      Comment


                      • #12
                        Re: An Interesting little virus.

                        Oh shut up overlag!, lol Always the schmucks get the good jobs by being dumb*sses. They should take all virus makers and tie thier computers to thier a*ses and drop them and the pc out of a plane at 20k feet. They will pass out at high altitude but will wake up just before landing....how lovely..


                        Don't be a fool and die for your country. Let the other sonofabitch die for his.

                        George S. Patton

                        Comment

                        Connect

                        Collapse

                        TeamSpeak 3 Server

                        Collapse

                        Advertisement

                        Collapse

                        Twitter Feed

                        Collapse

                        Working...
                        X