01-05-2004, 19:58
|
#1
|
|
Busy Admin
Join Date: Oct 2003
Location: Nottingham
Age: 45
Services: VM Phone : Sky+ Multiroom : VM Cable (20 Mbps)
Posts: 14,474
|
[Merged] W32/Sasser.worm
FYI;
Quote:
Advisory
This is a Medium Threat Advisory for W32/Sasser.worm
Justification
W32/Sasser.worm has been deemed Medium due to prevalence
Read About It
Information about W32/Sasser.worm is located on VIL at:
http://vil.nai.com/vil/content/v_125007.htm
Detection
W32/Sasser.worm was first discovered on 30/04/2004 and detection will be added to the 4355 dat files (Release Date: 01/05/2004). The EXTRA.DAT is available.
|
This exploits a hole covered in the latest MS patch - MS04-011.
__________________
 Click here for a real, interactive, tv guide.
|
|
|
|
01-05-2004, 20:03
|
#2
|
|
cf.geek
Join Date: Jun 2003
Location: Farnham
Posts: 503
|
Re: W32/Sasser.worm
Thanks for the heads up. I've really got to watch the viruses at the moment because someone who has me in their address book has got a NetSky & i keep being gifted with them
Well, Sasser's in my normal virus update i got today from norton, so no need to manually install the extra definitions.
|
|
|
|
|
03-05-2004, 11:41
|
#3
|
|
WooooooooooOOoooSH!!!
Join Date: Jun 2003
Location: I dwell within bricks & morta
Posts: 2,268
|
Re: W32/Sasser.worm
This Link may be useful to someone :0)
|
|
|
|
|
04-05-2004, 21:39
|
#4
|
|
cf.addict
Join Date: Jul 2003
Posts: 320
|
sasser worm...have ntl blocked these ports?
hi all....apologies if this is being discussed elsewhere...but couldnt find the subject when searched the forums.
just a queery really regarding the sasser alert on the ntl homepage
http://www.ntlworld.com/help/aup/virus_sasser.php
going by the wording of the alert...it sounds as if the relevant ports have been blocked??
more info here on sasser http://securityresponse.symantec.com...er.b.worm.html
only reason i'm askin is cos of a thread on the computeractive forums.....where a poster has accused ntl of crass incompetance and stupidity for informing thier customers that they are not susceptible to sasser. (this aint what is stated in the alert though !!!!) the alert states that MOST ntl cusomers SHOULD not be susceptible to it due to proactive measures.
__________________
"This product that was on TV was available for four easy payments of $19.95. I would like a product that was available for three easy payments and one complicated payment. We can't tell you which payment it is, but one of these payments is going to be hard."
|
|
|
|
|
04-05-2004, 21:44
|
#5
|
|
Eva Longoria Fan
Join Date: Jun 2003
Location: Essex
Age: 20
Services: BT,
Sky multiroom (Sky+ & HD),
UKOnline 8MB ADSL
Posts: 6,138
|
Re: sasser worm...have ntl blocked these ports?
I know M$ have a patch but i can't find it.
|
|
|
|
|
04-05-2004, 21:51
|
#6
|
|
cf.member
Join Date: Nov 2003
Location: Edgbaston, West Mids
Services: VM 20mb. Over subscribed UBR...wooot, Great huh!
Posts: 33
|
Re: sasser worm...have ntl blocked these ports?
|
|
|
|
|
04-05-2004, 21:53
|
#7
|
|
cf.mega poster
Join Date: Jun 2003
Location: peterborough
Services: TV, Phone, BB 20meg(CM 250) - VM
Posts: 1,729
|
Re: sasser worm...have ntl blocked these ports?
And Here is quite useful too
|
|
|
|
|
04-05-2004, 21:55
|
#8
|
|
I am not a geek!
Join Date: Jul 2003
Posts: 1,395
|
Re: [Merged] W32/Sasser.worm
And what a pain this virus is, it infected the uni computer system this morning just as I was giving a demonstration of my dissertation project so the computer kept crashing 
|
|
|
|
|
04-05-2004, 21:56
|
#9
|
|
Cable Forum Team
Join Date: Jun 2003
Location: Cambridge
Age: 31
Services: Freeview, Sky+HD, Sky Broadband "Max", BT phone
Posts: 10,377
|
Re: sasser worm...have ntl blocked these ports?
Quote:
|
Originally Posted by 50420
hi all....apologies if this is being discussed elsewhere...but couldnt find the subject when searched the forums.
|
I've merged your thread with the Sasser thread in the Security forum  
Don't know if NTL have blocked the ports. Maybe one of our NTL-employed members will be able to answer that.
|
|
|
|
|
04-05-2004, 21:58
|
#10
|
|
Busy Admin
Join Date: Oct 2003
Location: Nottingham
Age: 45
Services: VM Phone : Sky+ Multiroom : VM Cable (20 Mbps)
Posts: 14,474
|
Re: sasser worm...have ntl blocked these ports?
Quote:
|
Originally Posted by WNA
I know M$ have a patch but i can't find it.
|
The patches are in the " Latest Microsoft Patches" announcement in the Computers & Technology forums (at the top of the topics list).
__________________
Click here for a real, interactive, tv guide.
|
|
|
|
|
07-05-2004, 17:36
|
#11
|
|
Inactive
Join Date: Jan 2004
Posts: 66
|
sassa worm
I got the sassa worm !!! My son wnet onto symantec and downloaded the removal tool for me. I've now got rid of it. I went on to windows update and It said download this update to stay clear of the sassa worm, I checked my history and i'd downloaded it on April 14th !!! Also my son said that I can go into msconfig and get Zonealarm to start earlier in the start up menu ??? how ???
|
|
|
|
|
07-05-2004, 18:05
|
#12
|
|
cf.addict
Join Date: Feb 2004
Location: UK
Age: 31
Services: 20 MB Broadband and Phone
Posts: 171
|
Re: [Merged] W32/Sasser.worm
I've noticed CPU Spikes when I am connected to the internet over the last 2 days - any ideas if this is the virus looking for IP Addresses - my machines and clean and all up to date, just can't figure this one out.
|
|
|
|
|
07-05-2004, 18:38
|
#13
|
|
cf.mega poster
Join Date: Nov 2003
Location: Reading
Age: 24
Services: Virgin Media Broadband Size M
Posts: 6,849
|
Re: [Merged] W32/Sasser.worm
Quote:
|
Originally Posted by byron_hinson
I've noticed CPU Spikes when I am connected to the internet over the last 2 days - any ideas if this is the virus looking for IP Addresses - my machines and clean and all up to date, just can't figure this one out.
|
when you say connecting to the internet, is that using a dial or BB connection? and what exactly do you mean by connecting to the internet? is it opening IE? or any program?
__________________
Chinese Proverb: Man who walks round with hand in pocket feels cocky all day.
|
|
|
|
|
07-05-2004, 19:22
|
#14
|
|
cf.addict
Join Date: Feb 2004
Location: UK
Age: 31
Services: 20 MB Broadband and Phone
Posts: 171
|
Re: [Merged] W32/Sasser.worm
Wireless broadband. Don't have to be running any programs at all for it to show up the problem. if i switch off the wireless connection then everything is fine.
|
|
|
|
|
08-05-2004, 09:20
|
#15
|
|
cf.mega poster
Join Date: Nov 2003
Location: Reading
Age: 24
Services: Virgin Media Broadband Size M
Posts: 6,849
|
Sasser Virus Arrest
Just heard that someone has been arrested for the Sasser virus....
not much news yet, just breaking on news24. 18 year old from Germany who wrote and activated that virus on his own.
Good to see that the person responsible has been caught 
__________________
Chinese Proverb: Man who walks round with hand in pocket feels cocky all day.
|
|
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT +1. The time now is 06:54.
|
Join CF
You are here: 
