Last updated: 11 July 2005
Sophos technical support has warned users of the W32/Sasser-A, W32/Sasser-B, W32/Sasser-D, W32/Sasser-E, and
worms, which are spreading across the internet, and is providing
information to businesses on how best to protect themselves. (Note:
Sophos's detection for W32/Sasser-B also protects against
The Sasser worms, which do not travel via email, exploit a
vulnerability described in Microsoft Security
Bulletin MS04-011 to infect computers connected to the
Customers using Enterprise Manager
or the Sophos Anti-Virus Small Business
Edition were automatically protected against the worms at their
next scheduled update. However, Sophos recommends users apply the
from Microsoft. Home users are advised to visit windowsupdate.microsoft.com.
Sophos has published a disinfection tool to remove
infections of the Sasser worm from affected computers.
"The Sasser worm spreads in a similar way to last year's serious
Blaster outbreak - it travels via the internet, exploiting security
holes in Microsoft's software and doesn't rely on email," said
Graham Cluley, senior technology consultant for Sophos. "Computers
which are not properly protected with anti-virus updates, firewalls
and Microsoft's security patch are asking for trouble."
Sophos suggests computer users sign up for email notification of new virus
threats and add a live virus
information feed to their websites.