 |
| The vulnerability exploited by the Sasser worm
has been described by Microsoft as critical |
Infected by Sasser?Download the free disinfection
tool from Sophos
Sophos researchers have warned computer users to protect
themselves against the W32/Sasser-A and W32/Sasser-B worms, which
spread across the internet exploiting a critical security
vulnerability in Microsoft's Windows operating system.
The Sasser worm exploits the LSASS vulnerability first reported
by Microsoft on 13 April in Microsoft Security Bulletin
MS04-011.
"The Sasser worm spreads in a similar way to last year's serious
Blaster outbreak, in
so much as it travels via the internet exploiting security holes in
Microsoft's software and does not use email," said Graham Cluley,
senior technology consultant for Sophos. "At the moment it's not
travelling as fast as Blaster did, but computers which are not
properly protected with anti-virus updates, firewalls and
Microsoft's security patch are asking for trouble."
The security vulnerability, which Microsoft has described as
"critical", is said to affect the following Microsoft software:
Microsoft Windows NT Workstation 4.0 Service Pack
6a
Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service
Pack 6
Microsoft Windows 2000 Service Pack 2
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP
Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft NetMeeting
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
Microsoft Windows Millennium Edition (ME)
However, the Sasser worm is only capable of successfully
infecting Windows XP and Windows 2000 systems.
"System administrators should note that Sasser doesn't spread by
email - so internet email scanning services will not be able to
detect this worm, and an absence of reports at your email gateway
does not mean you can rest on your laurels," said Graham Cluley.
"Companies should deploy the patch from Microsoft, ensure their
firewall is set up correctly and update the anti-virus on their
desktop and servers."
Sophos issued protection against the
W32/Sasser-A worm at 06:30 GMT on 1 May 2004. Protection was
also made available against W32/Sasser-B . Customers
using Enterprise Manager or the
Sophos Anti-Virus Small Business
Edition were automatically protected at their next scheduled
update.
"Home users are particularly vulnerable to attacks like this,
because they are often not running the latest anti-virus
protection, haven't downloaded the latest security patches from
Microsoft, and may not be running a personal firewall," continued
Cluley. "All computer users should ensure their systems are
properly protected from internet attacks like Sasser."
Home users of Microsoft Windows can visit windowsupdate.microsoft.com to have their
systems scanned for critical Microsoft security
vulnerabilities.
Sophos recommends that every IT manager responsible for security
should consider subscribing to vulnerability mailing lists such as
that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx
.
You can remove the W32/Sasser worms automatically from infected
computers with Sophos's free disinfection tool. Read more about the
disinfection tool here.
Sophos reminds users to update their anti-virus protection and
to ensure that they have installed the patch described in Microsoft Security Bulletin
MS04-011.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.