Updated on Worm

Email From SBC Global | 04/03/04 | self

[shadeaud]

Dear SBC Internet Services Member:

This is an extremely important update to an e-mail SBC sent you 04/30/04 or 05/01/04. It is extremely important you read this message and take immediate action if you are using Windows NT, 2000, 2003 or XP.

In addition to a computer worm referred to as Gaobot or Agobot, that is currently infecting computers across the Internet, there is now another computer worm, known as Sasser, that is spreading across the Internet, exploiting the same apparent security vulnerability in these Microsoft Windows operating systems. In response, we strongly urge you to immediately take the following security measures: 1) Use a personal software or hardware firewall to protect your computers from network worms and intruders. 2) Download and install all available critical patches for your Windows operating system from the Microsoft web site: http://windowsupdate.microsoft.com/ 3) Use up-to-date anti-virus software to detect and remove Gaobot and Sasser or other computer worms and viruses.

It is extremely important you take these measures now because it’s likely you will not be able to take these measures if your computer becomes infected.

If you have more than one computer using these specific Windows operating systems, you should perform these actions on all such computers that connect to the Internet. Failure to take appropriate action could result in infection of your system, slow browsing or the inability to connect to the Internet and spread of this problem - and could lead to suspension of your account.

Because computer worms do not spread by email, you may have little or no warning before your computers are infected.

Users whose computers are infected with Sasser should follow the worm removal instructions at: http://www.microsoft.com/security/incident/sasser.asp, or if infected with Gaobot, follow the worm removal instructions at: http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.removal.tool.html.

If you are unable to connect to the Windows Update or Anti-Virus web sites, in order to download the removal tools or the patches for Windows and your anti-virus software, please contact Microsoft at 866-PCSAFETY or 866-727-2338.

SBC Yahoo! members can access additional information about SBC Yahoo! security features, including free anti-virus and personal firewall, at http://help.sbcglobal.net/. Further information is available at http://www.microsoft.com/security/protect/.

Thank you,

SBC Internet Services

About SBC Internet Services Security Alerts

SBC Internet Services sends notices about security updates after we publish information about them on our website. If you are ever in doubt about the authenticity of an email claiming to be an SBC Internet Services Security Alert, check http://help.sbcglobal.net/ to confirm if the Alert is listed. Go to the Alert section in the left hand column of the home page and look under the bullet which references this email.

[shadeaud]

This is the latest email I received from SBC.

[fuzzthatwuz]

Thanks for this informative and timely post!

[Bahbah]

"Download and install all available critical patches for your Windows operating system from the Microsoft web site: http://windowsupdate.microsoft.com."

Is it safe to do this. I have Windows 2000.

[martin_fierro]

FREE PC PROTECTION: (Not an exhaustive list. Your results may vary. Void where prohibited. For entertainment purposes only. No wagering, please. Whattayawantfernuthin'.) (Thanks, but "Buy a Mac" doesn't qualify as "FREE PC protection")

Alternative browsers: Mozilla Opera AVG Anti-Virus Free Edition: Free anti-viral protection Popup ad killers: Bayden Systems Popup Popper: Blocks popup ads well in MSIE Shoot the Messenger: Close that friggin' Messenger in Windows XP Spyware removers: Spybot S&D AdAware MailWasher: Good for pre-screening & bouncing SPAM Windows Update: At least install the critical ones ZoneAlarm: Excellent Firewall Test your firewall from without with ShieldsUP! Test your firewall from within with LeakTest LAST BUT NOT LEAST: Explore Linux as an alternative OS, without installing it on your hard drive, via a free bootable CD-ROM! Download Knoppix (or one of these other Linux distributions), burn the ISO file onto a CD-ROM, and reboot with the CD-ROM in its drive. If you later want to install Knoppix on your hard drive, here are some tips.

[Izzy Dunne]

Is it safe to do this.

It is NOT safe to AVOID it.

[Bahbah]

Thanks, Izzy.

[FourPeas]

Because computer worms do not spread by email, you may have little or no warning before your computers are infected.

There are such things as mass-mailing worms that are spread by e-mail, so the first part is not technically correct. The second, however, is certainly correct for Sasser. The creater of Sasser are prolific, too. With four variants in as many days, it looks like someone's making use of their debugging skills. If you know a geek in the IT security field, they may need a hug today. ;)

[Doohickey]

There needs to be a 24-hour Star Trek channel to keep hackers busy.

[FourPeas]

In case anyone cares: What is the difference between viruses, worms, and Trojans?

[FourPeas]

Nah, that'll just encourage them to drink more Mountain Dew and name their viruses after various and assundry Klingons, Romuluns, etc. (Of course, it might be worth it if you own a lot of Pepsi stock.)

[TheBigB]

A security vulnerability in MS Windows? I don't believe it. </extreeeeeeeeeeeeeme sarcasm>

[cajungirl]

bump,,this weekend my puter was so slow loading,,it was all but unworkable. Wonder if I have it. I do have a "hijack" thing on it that embedded itself in Explorer,,from some casino. Hubby has been working to get rid it,,it slows down theputer and takes up memory. I hate my computer.

[FourtySeven]

MUST MUST MUST ARCHIVE THIS AT HOME.........this is the third time I've tagged this very same post....CMON 47!!!!!!

Thanks for your patience martin. hehe

[Redcloak]

How comes these MS-centric tech guys never tell us poor Linux users how to avoid these viruses and worms?


Oh yeah... I forgot.


Never mind.

[Psycho_Bunny]

You should add the command-line SysClean from Trend Micro to that list.

The stand-alone template is here.

---

If you are not a Trend Micro customer please download the following file.

Sysclean Package	1.6MB
MD5 checksum:	24C63720989D40C95B3E4F3BB2B81455

NOTE:
For instructions on how to use this package, consult the "How to Use" section of the readme file, readme_sysclean.txt. This file also contains the description and the different features of this package.

Note that for the Trend Micro Sysclean Package to be effective, you must download and place the latest pattern file in the same folder as the Trend Micro Sysclean Package.

---

And the definition/pattern file is here.

---

Official Pattern Release 885 (1.885.00)

The Official Pattern Release or OPR is Trend Micro's latest compilation of patterns for identified viruses. It is guaranteed to have passed a series of critical tests to ensure that customers get optimum protection from the latest virus threats.

lpt885.zip		(AS/400, S/390, Windows)		4.0MB
ptn885.tar		(UNIX)		8.2MB

This pattern file is most effective when used with the latest scan engine. We strongly encourage you to update your scan engine to ensure you are using the best virus protection available. For latest viruses added, please read the whatsnew.txt file.

---

Burn them onto a CD and you can fix just about anything without having to install a full AV program.  It's saved me from having to reformat many systems where the resident AV has been compromised by a 0-day virus or worm.

 

 

[Wacka]

Yawn- Mac user here.

[TruBluKentuckian]

Is this the vulnerability that the critical updates covered a couple of weeks ago? I just checked windows update and there were no new critical updates.

I have a 5 computer network here at work that I want to make sure is safe. I've updated the AV but would like to know that I've got the vulnerabilities covered.

[FourPeas]

Yes, it exploits the LSASS vulnerability described in Microsoft Security Bulletin MS04-011.

[TruBluKentuckian]

Thanks, that answers my question.

[tom paine 2]

My home computer was attacked by this virus Saturday morning. I did not get it cleaned out until Sunday evening.