Is everbody up to date on the Sasser worm?

Sasser worm rips through Internet
Home users on alert
Tuesday, May 4, 2004 Posted: 1:54 PM EDT (1754 GMT)

LONDON, England (Reuters) -- The rapidly evolving "Sasser" computer worm tore across the Internet on Tuesday, claiming new scalps among corporate and home computer users as others scrambled to fortify their machines against attack.

First detected over the weekend, the worm has already infected, by some estimates, over one million PCs running on Microsoft Windows 2000, NT and XP operating systems.

Among its victims are banks, travel-booking systems, European Commission offices and Britain's 19 Coastguard stations.

"We've had to go back to plotting on paper charts rather than using the computer mapping system," said a Maritime and Coastguard spokeswoman. But search and rescue operations have not been affected.

Unlike most previous Internet outbreaks, Sasser infects vulnerable PCs without any action by the user like opening attachments, allowing it to spread very quickly.

Computer worms tend to spread faster than the typical e-mail borne virus as they are usually programmed to continuously scan the Internet's global network to hunt for PCs to infect.

Experts said while corporate network technicians had by and large moved to block its further spread by Tuesday, infection among home users was spreading.

"Among corporate computer users the impact has dropped off because network administrators have taken time to put patches in place," said Joe Hartmann, director of the virus research group for Trend Micro Inc. in Cupertino, California.

"That's not true for many home computer users where this virus can spread exponentially," Hartmann said. "I don't think this virus has reached its full potential yet."

Added boost
Businesses in parts of Europe returning from the long holiday weekend gave Sasser an extra boost on Tuesday.

"It's still going steady. It will be a big problem for a day or two, then it will linger on the Internet for weeks, and likely years," said Mikko Hypponen, anti-virus research director at Finnish data security firm F-Secure.

"We do know that once you connect a computer to the Internet you risk being hit in a matter of minutes," said Graham Cluley, senior technology consultant for anti-virus firm Sophos. "Even a new computer you buy in the coming months is vulnerable to infection. This is a real nuisance."

Home users would likely first notice an infection if their computer mysteriously rebooted or their Internet connection slowed dramatically.

Security experts were warning users to update their PCs with the latest Microsoft patches and to install a firewall to keep out future infections.

In the space of three days, four variants have emerged, each capable of causing machines that run on Microsoft's Windows operating systems XP, NT and 2000 to reboot without warning.

Victims so far include Goldman Sachs, Australia's Westpac Bank and Finnish financial company Sampo. It has also hit about 300,000 computers at Germany's Deutsche Post and 1,200 PCs at the European Commission in Brussels.

Sasser attacks a flaw in a part of Windows known as the Local Security Authority Subsystem Service, or LSASS, which has been known about since April 13.

CNN is carrying this story today. If you don't have a firewall, for whatever reason, there's a pretty good free one (Outpost 1.0) here:
www.agnitum.com/download/

Grrrr, bad bad people who make these things.

That little Sasser is gonna have to get through my double anti virus and firewall in order to get here!

My husband (degrees in computer science/economics, but no interest in the Internet), thinks I haven't given enough info here. Okay: Microsoft has "security patches" that you can download. Definitely a good idea. The freeware I recommended is a "stripped down" version. If you install it, and then update it, you'll be offered the "professional version", which normally costs around $50 annually. However, if you install and then upgrade from the freeware, you'll get 25% off the full version. I have AOL DSL, and thus get the McAfee firewall for free. However, I've had so many problems with it that I prefer to pay for, and use, the Outpost Professional version. Please don't go online without a firewall right now, and update your anti-virus and Windows software.

AVG Anti-Virus is suppose to be the 'best' free virus programs around last time I check. I personally go for Norton products.
http://www.grisoft.com/us/us_index.php

For firewalls, the best free version is Zone Alarm:
http://www.zonealarm.com/store/content/home.jsp
Another good free firewall:
http://www.kerio.com/us/kpf_download.html

I have ZoneAlarm and its working well. I also have AVG antivirus set to scan and kill every morning.

Pumpkicoki - Thanks.... I am now safe in the knowledge that I'm Sasser free and gonna stay that way thanks to the firewall.

I ran all of my antivirus scans and AdAware yesterday and my computer is squeaky-clean.

I use Zone Alarm Professional Firewall (this is not the free version) and Norton Antivirus and my PC is clean as a whistle! I hate Adware. Totally messed up my PC once and had to reformat my whole hard drive and start from scratch. For spyware/adware I use Spybot.

My Norton showed that it had been almost two years since it had last "captured" a virus. So when my computer had massive problems a couple of weeks ago and I had to have a technician reformat my hard drive, I asked if there had been any viruses. I thought maybe my Norton wasn't working. No, not a one. However, I also have Zone Alarm firewall and have very cautious Internet habits. But it frankly does amaze me that I could go that long without Norton catching something with as many hours a day as I am on the Internet!

Sassar sounds like a nasty one, all right!

spybot doesn't get all of the spy/adware try ad-aware 6 by lavasoft it will find what spybot missed