Home  >  Community  >  The Vendio Round Table  >  NEW Sasser Virus


<< previous topic post new topic post reply next topic >>
 cblev65252
 
posted on May 3, 2004 01:49:07 PM new
Sasser is among the first viruses that can infect consumers so quickly and easily, and without as much as interaction with a malicious e-mail. . . .

Read more about it here: http://www.msnbc.msn.com/id/4890780/
Cheryl
http://www.kcskorner.com
 
 profe51
 
posted on May 3, 2004 10:37:23 PM new
Only installation of a Microsoft software patch, or a well-designed firewall, can prevent infection.

Imagine that
___________________________________
When a dog howls at the moon, we call it religion. When he barks at strangers, we call it patriotism. - Edward Abbey
 
 Twelvepole
 
posted on May 4, 2004 05:03:37 AM new
You know, the more these virus's come out, I am starting to believe MS is doing this themselves, just to catch those with illegal copies of their OS, You can't download a patch very easily with a cracked copy.


AIN'T LIFE GRAND...

It's too bad that their blindness can't see they are killing more soldiers than President Bush ever has... Protest Loud and Proud! Your fellow taliban and insurgents are rejoicing at the support...
 
 kraftdinner
 
posted on May 4, 2004 11:02:13 AM new
I've often wondered that too Twelve. I've always used Netscape and have NEVER had a virus. Thanks for the update Cheryl!

 
 Helenjw
 
posted on May 4, 2004 11:12:21 AM new

After my experience with a fire wall, I'll never have another one. Zone alarm shut down my computer for several days. Three months after installing zone alarm I received this message....

Notice from Zone Labs Internet Security

This page is to notify you that ZoneAlarm has detected a problem with your installation, and therefore has restricted Internet access from your machine for your protection. Don’t panic! The step-by-step instructions listed here will help you to determine the problem, and explain how to resolve the issue.

Please print this page out first. If you cannot print, please click here to get a word version of this page and save it.

Why did this happen?
An error occurred during the ZoneAlarm installation. Because this condition is similar to a condition where a hacker is trying to disable your security, ZoneAlarm (Plus/Pro) has blocked would-be hackers by locking down your computer from outside Internet attacks. You should verify that your system is clean of any viruses or Trojans before restoring Internet Access. Check with your antivirus support site for help and special tools to remove viruses.



Four days later, I was finally able connect to the internet.



 
 Libra63
 
posted on May 4, 2004 11:37:16 AM new
Not to sound stupid, which some think I am, If I use Netscape I cannot get this virus?

 
 kraftdinner
 
posted on May 4, 2004 01:06:47 PM new
That's a good question Libra. Most viruses tend to be Microsoft related. Netscape doesn't have a lot of the bells & whistles that IE & Outlook have but it's been ultra reliable for me.

 
 Libra63
 
posted on May 4, 2004 01:20:29 PM new
Do I have to delete Microsoft to be saved. I just got this notice from my ISP about this virus and they said it doesn't come through the email. Here is what I received.

IMPORTANT SECURITY NOTIFICATION

Dear CoreComm Member,

In a continuing effort to provide you with the best Internet service
possible, CoreComm would like to pass along important information
concerning a worm that is being distributed on the Internet.

This worm is known as Sasser, and spreads by directly connecting to
vulnerable computers on the Internet. Variants of the Sasser worm can
infect all Microsoft Windows operating systems except Windows 3.x.


Symptoms of Sasser infection are as follows:

- System shutdowns. Users will see a dialog stating that their computer
will be shutting down in 60 seconds because the lsass.exe process has
been terminated. This occurs each time an instance of the worm out on the
Internet infects the user's computer (even if they already have the worm).

- No Quota Available errors. These will occur when attempting to open
some applications

- Low Memory Errors - The Sasser variants spawn hundreds of processes on
an infected computer in order to scan for and spread to other vulnerable
machines. This usually eats up all of the available physical memory of
the infected computer, and most of the virtual memory.

- General computer sluggishness when online - This is caused by the high
memory usage of the worm as it attempts to spread.

- Not Moving Data (inability to browse the web and send/receive email once
connected to the internet) - The worm uses all of the available bandwidth
to spread, denying bandwidth to other applications and programs.


Please note that this worm does NOT spread via email, but rather by direct
connections. This means that anti-virus measures that only address email
threats will be ineffective in preventing this worm. The best preventative
measures would be using a firewall, installing the most current
Windows Updates (see the security patch below), and using a comprehensive
anti-virus package. Instructions on how to enable the built-in firewall on
Windows XP can be found here:

http://www.microsoft.com/windowsxp/pro/using/howto/networking/icf.asp
http://www.microsoft.com/windowsxp/home/using/howto/homenet/icf.asp

The security patch that Microsoft has released to remedy the exploit that
the Sasser worm uses can be found here:

http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx


If you think you have been infected with the Sasser worm, Microsoft has
published a removal strategy here:

http://www.microsoft.com/security/incident/sasser.asp

Depending upon the severity of infection, the worm may make it difficult to
download the security patch that fixes this security hole. In order to
terminate the malicious processes so that you may proceed with the download
and installation, please follow the directions below:

1) Press CTRL+ALT+DEL (In Windows XP or 2000, you will need to click the
task manager button after pressing CTRL+ALT+DEL)
2) Click on the processes tab
3) End the avserv.exe, skynetave.exe, and/or avserv2.exe processes
4) End any process with a name consisting of 4 or 5 digits followed by
"_up.exe" (e.g. 74354_up.exe)

If you have any doubts as to the legitimacy of this email, a copy of this
article can be seen on our website located at:
http://www.core.com/webphp/support/internet/sasser.php

IMPORTANT:
You are running these detection and removal tools at your own risk.
CoreComm is not responsible for any problems or data loss associated with
running programs on external sites nor does CoreComm support these programs.
CoreComm is not responsible for content on external sites. Please review
the privacy and security policies of each vendor before making online
purchases or providing personal information.

If you have any questions or comments or require further assistance,
please contact our Technical Support Department.

CoreComm
[email protected]







 
 profe51
 
posted on May 4, 2004 09:14:51 PM new
Do I have to delete Microsoft to be saved...

Yup, best thing you could ever do for yourself. If it says Microsoft, delete it.
___________________________________
When a dog howls at the moon, we call it religion. When he barks at strangers, we call it patriotism. - Edward Abbey
 
 Linda_K
 
posted on May 8, 2004 07:55:08 AM new
Teenager Suspected of Creating 'Sasser' Computer Worm Arrested in Germany


By Geir Moulson Associated Press Writer
Published: May 8, 2004



BERLIN (AP) - German authorities have arrested an 18-year-old high school student suspected of creating the "Sasser" computer worm, which infected hundreds of thousands of computers worldwide, an official said Saturday.



The suspect was arrested Friday and has told authorities he was behind the worm, said Frank Federau, a spokesman for the state criminal office in Hanover.



Police and prosecutors on Friday searched his parents' house in the northern town of Waffensen, Federau said. He did not release the man's identity, and said he did not immediately have details of how the suspect was tracked down.



Prosecutors handling the case in the nearby town of Verden could not be reached for comment Saturday.



The German newsweekly Der Spiegel reported, without citing sources, that the CIA and FBI also were involved in the hunt for the worm's creator, whom it identified as Sven J. It said the suspect's motives were unclear.



The worm raced around the world over the past week, exploiting a flaw in Microsoft Corp.'s Windows operating system.



The German government's information technology security agency said there were four versions of Sasser. Spokesman Michael Dickopf said he didn't know whether the arrested teenager was responsible for all of them.

http://ap.tbo.com/ap/breaking/MGARNTNOZTD.html



Re-elect President Bush!!
[ edited by Linda_K on May 8, 2004 07:57 AM ]
 
 
<< previous topic post new topic post reply next topic >>

Jump to

All content © 1998-2024  Vendio all rights reserved. Vendio Services, Inc.™, Simply Powerful eCommerce, Smart Services for Smart Sellers, Buy Anywhere. Sell Anywhere. Start Here.™ and The Complete Auction Management Solution™ are trademarks of Vendio. Auction slogans and artwork are copyrights © of their respective owners. Vendio accepts no liability for the views or information presented here.

The Vendio free online store builder is easy to use and includes a free shopping cart to help you can get started in minutes!