Sasser attacks Windows servers and other versions

A new virus is spreading around the world and probably infected with millions of computers, according to Mikko Hyppoenen, head of F-Secure about Internet safety in Finland.

Sasser virus can infect any computer connected to the Internet service provider, and unlike most other computer viruses, it does not spread via email, according to Hyppoenen. He said: 'This is one of the new viruses that can automatically spread. As long as your computer is turned on, it can be invaded. Sasser has the unique ability to turn off the computer and then start the computer again, repeatedly like that. Hyppoenen said the firewall-protected computers may not be attacked by the virus. Hyppoenen said that while annoyed, Sasser is harmless and other experts say he can remove it easily. '

Sasser first appeared at 0001 GMT on Saturday, and infected computers that didn't install the latest Microsoft software were updated within the last 18 days. ( According to TTO )

Sasser - the return of the Blaster?

The new Internet worm, exploiting a defect of LSASS in Windows, has caused some network interruptions over the weekend. Security experts say it could spread faster when agencies returned to work early next week.

The virus, called Sasser, began spreading from May 1, easily accessible to any unprotected computer connected to the global information network. It attacks through a defect in a Windows component called the Local Security Authority Subsystem Service (LSASS) which belongs to some of the latest versions of Windows such as 2000, Server 2003 and XP. After scanning the entire system of unpatched PCs, Sasser creates a remote connection to the machine, installs a file transfer server (FTP) server and then downloads itself to the target machine. Sasser can shut down the computer (shutdown), then start automatically and repeat this process several times even though it doesn't seem to cause any serious damage to the system.

According to Mikko Hyppoenen, chief technology officer of F-Secure (Finland), the situation seems quite serious when the security firm predicts that several million computers worldwide have been infected with Sasser. 'We are not sure how big the numbers are, but one thing is for sure, the situation will get worse on the first day of the week when people bring laptops to work after a few days' vacation, Hyppoenen. warning. Because laptop computers are not protected by corporate firewall systems if employees carry them out and use them on other servers, they may be at risk of being infected with viruses and spread throughout their networks. business when bringing back to the office.

Bernard Ourghanlian, Microsoft's technical director in France, where a lot of network malfunctions were caused by Sasser last Saturday, said that despite the emergence of new worms from May 1, it was confirmed but it seems that F-Secure's number of millions of devices infected with Sasser is an exaggeration. He said that based on statistics at some of its virus testing points, only France and some Southeast Asian countries were attacked. Ourghanlian added that last month Microsoft released an upgrade to fix the vulnerability that viruses like Sasser could exploit and since mid-April there have been millions of copies of the software available.

In Russia, Kaspersky Security Software also warned of a major outbreak when offices returned to work today. 'Currently, the scale of the Sasser spread is not serious enough because most people who just finished the weekend and many people' s computers are of course off, 'said Denis Zenkin, the company's expert. identify.

According to security software companies, despite being the third largest virus spread this year, after Mydoom.A in January and Bagle.B in February, Sasser is still not considered a global pandemic. same as Blaster in August 2003. Symantec (USA) has so far only recorded about 100 announcements, of which 20 are from businesses. Network Associates said it received only a few virus announcements from a few dozen companies, some of which said there were several hundred new machines - a small number compared to 10 million PCs attacked by Blaster last year. . Network Associates didn't even list Sasser in the top 10 most contagious viruses.

Alfred Huger, Symantec's chief technology officer, said that the virus author's motivation has not yet been determined because Sasser does not cause any damage to the hard drive and does not install any back-end ports on the system. Other Internet worms are often made to invade other viruses later. The only thing Sasser did, as mentioned above, is to slow down the system and make the computer restart. 'The virus is written so carelessly that its impact may not be terrifying.' Alfred Huger evaluated. ( According to VNE )

To protect your computer against Sasser Virus, you can follow these steps: (In English)

Step 1: Enable a Firewall

Đang trước khi tạo các cách khác, Make sure bạn đã được hoạt động firewall để bảo vệ bạn máy tính đối với infection. Nếu bạn có một firewall hardware trong địa chỉ cho nhà bạn hoặc kết nối trường, hoặc nếu bạn sử dụng bảng phân vùng với Microsoft® Windows® XP, the Sasser worm is most likely blocked. Nếu bạn đã bị gỡ bỏ, hoạt động máy phục vụ máy phục vụ sẽ gỡ bỏ các điều khiển của mạng Hãy kiểm tra để kiểm tra để cài đặt và tạo một máy phục vụ, xem các Microsoft Protect Your PC site.

Step 2: Install the Required Update

Hãy hỗ trợ bảo mật của máy tính với các tập tin Sasser và nó bị tắt, bạn cần phải tải về tập tin và cài đặt thông báo cập nhật 835732, which was released with Microsoft Security Bulletin MS04-011. Bạn có thể tìm cập nhật 835732 trên Windows Update Web site đã được đăng nhập trong Critical Updates và Service Packs section. Bạn có thể tải về và cài đặt này cập nhật tự động từ Microsoft Download Center. Để tìm thấy tải về hệ thống hành động của bạn, Refer đến Technical Security Bulletin MS04-011.

Chú ý If bạn cài đặt cập nhật cho MS04-011 tự động hay qua các việc tự động trước

Step 3: Automatically Check For and Remove Sasser.A and Sasser.B

Bạn có thể sử dụng công cụ này để tìm thấy đĩa cứng của bạn để thử gỡ bỏ Sasser.A and Sasser.B. To do so, click Check My PC for Infection .

Quan trọng để dùng công cụ này, bạn cần phải chạy Windows XP hoặc Windows 2000, và bạn cần phải đã được cài đặt được cập nhật update với Microsoft Security Bulletin MS04-011.

Chú ý If bạn có lỗi đang chạy công cụ từ trang này, nó có thể vì bạn Browser's security settings. Nếu bạn có lỗi nào, hãy thử tải tập tin này directly từ Download Microsoft.com và Then chạy nó tự động.

Step 4: Review Additional Technical Resources

Không thể làm việc làm việc làm việc làm việc xử lý, không thể làm việc để sử dụng, hãy dùng một của việc làm việc gỡ bỏ gỡ bỏ sẵn sàng ở các máy phục vụ antivirus vendors' Web sites:

1. Computer Associates
2. F-secure
3. Network Associates
4. Norman
5. Panda
6. Sophos
7. Symantec
8. Trend Micro

Nếu bạn muốn gỡ bỏ bản tay này (để dùng chỉ người dùng), see the Microsoft Product Support Services (PSS) Security Response Team alert for technical guidance.

Step 5: Learn How to Protect Your PC

To help protect your computer against a wide variety of security threats, see Protect Your PC