Security news1 May 2004
The latest news on the Sasser internet worm outbreak
Last updated: 11 July 2005
Sophos technical support has warned users of the W32/Sasser-A, W32/Sasser-B, W32/Sasser-D, W32/Sasser-E, and W32/Sasser-F worms, which are spreading across the internet, and is providing information to businesses on how best to protect themselves. (Note: Sophos's detection for W32/Sasser-B also protects against W32/Sasser-C)
The Sasser worms, which do not travel via email, exploit a vulnerability described in Microsoft Security Bulletin MS04-011 to infect computers connected to the internet.
Customers using Enterprise Manager or the Sophos Anti-Virus Small Business Edition were automatically protected against the worms at their next scheduled update. However, Sophos recommends users apply the security patch from Microsoft. Home users are advised to visit windowsupdate.microsoft.com.
Sophos has published a disinfection tool to remove infections of the Sasser worm from affected computers.
Further reading:
- 78% feel virus writer sentence was not harsh enough, reveals Sophos poll
- Sasser author Sven Jaschan walks free from court
- Sven Jaschan admits in court that he wrote the Sasser worm
- Trial of Sasser suspect begins in Germany
- Trial of Sasser suspect delayed until 2005
- Sasser suspect charged with computer sabotage
- "Virus made me hero of my class", virus writer tells magazine
- Interview with a virus writer. Sasser suspect speaks to Stern magazine
- Person who tipped off Microsoft about Sasser author also under suspicion?
- Police question five more people in connection with Sasser worm outbreak
- Mystery surrounds tip-off to Microsoft about Sasser culprit
- Arrest: Suspected Sasser worm author arrested - could trigger more arrests, Sophos comments
- South African government departments hit by Sasser
- Sasser worm hits UK coastguard network
- "Sasser author is a common criminal". Microsoft calls in the FBI
- Sasser worm disrupts Taiwan's national post office, Sophos comments
- New Netsky worm poses as a cure for Sasser, as Netsky author claims he is the creator of the Sasser worm
- Did Sasser worm leave 300,000 train travellers stranded?
- Sasser internet worm attacks unpatched PCs - Sophos comments on outbreak
"The Sasser worm spreads in a similar way to last year's serious Blaster outbreak - it travels via the internet, exploiting security holes in Microsoft's software and doesn't rely on email," said Graham Cluley, senior technology consultant for Sophos. "Computers which are not properly protected with anti-virus updates, firewalls and Microsoft's security patch are asking for trouble."
Sophos suggests computer users sign up for email notification of new virus threats and add a live virus information feed to their websites.
