The latest news on the Sasser internet worm outbreak

May 01, 2004 Sophos Press Release

Last updated: 11 July 2005

Sophos technical support has warned users of the W32/Sasser-A, W32/Sasser-B, W32/Sasser-D, W32/Sasser-E, and W32/Sasser-F worms, which are spreading across the internet, and is providing information to businesses on how best to protect themselves. (Note: Sophos's detection for W32/Sasser-B also protects against W32/Sasser-C)

The Sasser worms, which do not travel via email, exploit a vulnerability described in Microsoft Security Bulletin MS04-011 to infect computers connected to the internet.

Customers using Enterprise Manager or the Sophos Anti-Virus Small Business Edition were automatically protected against the worms at their next scheduled update. However, Sophos recommends users apply the security patch from Microsoft. Home users are advised to visit windowsupdate.microsoft.com.

Sophos has published a disinfection tool to remove infections of the Sasser worm from affected computers.

Further reading:

"The Sasser worm spreads in a similar way to last year's serious Blaster outbreak - it travels via the internet, exploiting security holes in Microsoft's software and doesn't rely on email," said Graham Cluley, senior technology consultant for Sophos. "Computers which are not properly protected with anti-virus updates, firewalls and Microsoft's security patch are asking for trouble."

Sophos suggests computer users sign up for email notification of new virus threats and add a live virus information feed to their websites.