Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: W32.Sasser Worm Fix Information

W32.Sasser Worm Fix Information 12 years 7 months ago #3583

  • TheBishop
  • TheBishop's Avatar
  • Offline
  • Moderator
  • Posts: 1719
  • Thank you received: 8
  • Karma: 5
I've already fixed three of these this morning, so just in case the information proves useful to anyone else...

This exploits a Local Security Authority Subsystem Service (LSASS) vulnerability on TCP Port 139. MS04-011 security patch fixes the vulnerability. Personal firewalls will block the threat

Removal tool at www.microsoft.com/downloads/details.aspx...4CC17&displaylang=en

Knowledge Base article KB841720 is at support.microsoft.com/default.aspx?scid=kb;EN-US;841720

Enjoy! :x :x
The administrator has disabled public write access.

Re: W32.Sasser Worm Fix Information 12 years 7 months ago #3584

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Posts: 1446
  • Thank you received: 13
  • Karma: 8
Talking about timing! I just posted Neon's news submission on the worm!

Thanks for the notification Bishop!
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
The administrator has disabled public write access.

Re: W32.Sasser Worm Fix Information 12 years 7 months ago #3586

  • Neon
  • Neon's Avatar
  • Offline
  • Distinguished Member
  • Posts: 101
  • Karma: 0
The worm spread quite quickly huh (well as far as I know many people I know their gateway has got the worm and they don't run a firewall?)? you would think after the worm breakouts that don't require you to run a program to be infected people would install a personal firewall but oh well...

This site should actually scan your computer and say "HEY did you know that you don't have a firewall :wink: " but I'm sure that would have some privacy issues.

as Chris said thanks 4 the info Bishop (should have posted the removal tool link in the news post eh? :))
The administrator has disabled public write access.

Re: W32.Sasser Worm Fix Information 12 years 7 months ago #3591

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
Interestingly Neon, Chris and I have been discussing allowing security scans from teh website using nmap in a PHP script.. just like what you're talking about :)

Alright if anyone has access to an infected PC could you please please mail me the binary before you clean the system. I want a copy of the worm itself.. (avserve.exe) so that I can run it in a controlled environment and disassemble it.. then perhaps I can cook up a little cleanup tool of our own.

So if you have it.. Personal Message me, or reply to this post and I'll give you an address to mail it to.

Cheers,
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.

Re: W32.Sasser Worm Fix Information 12 years 7 months ago #3597

  • tfs
  • tfs's Avatar
  • Offline
  • Expert Member
  • Posts: 521
  • Karma: 0
Just don't attach any worms. :lol:
Thanks,

Tom
The administrator has disabled public write access.

Sasser Worm 12 years 7 months ago #3603

  • TheBishop
  • TheBishop's Avatar
  • Offline
  • Moderator
  • Posts: 1719
  • Thank you received: 8
  • Karma: 5
Does any one actually use LSASS in the real world?
Do you remember the days when unix boxes had all those fun services running on them, like wall and chargen? Seems to me that now it's a case of just have the ports open that you actually want to use, and shut the rest off. That's common practice in a unix environment, but what about Windows? I know that a personal firewall blocks them, but should we be actually hardening our boxes by shutting down some of the surplus services on them? You never know, the things might run better! Any opinions, and which services would be candidates for the chop? :twisted:
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.083 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup