Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Sasser Worm Infects Thousands of Computers Worldwide
Bloomberg ^ | May 3, 2004

Posted on 05/03/2004 8:30:21 AM PDT by FourPeas

Edited on 07/19/2004 2:14:00 PM PDT by Jim Robinson. [history]

May 3 (Bloomberg) -- A computer worm called Sasser may have infected hundreds of thousands of computers through the Internet and is still spreading, possibly disrupting business today, a security software expert said.

The worm, which is different than a virus because it doesn't need to be attached to an e-mail to spread, causes a computer to shut down and then reboot several times, apparently without causing any permanent damage, said Mikko Hyppoenen, director of virus research with Helsinki-based F-Secure Oyj. The worm was detected Saturday at 4 a.m. Finnish time, he said.


(Excerpt) Read more at quote.bloomberg.com ...


TOPICS: Business/Economy; Crime/Corruption; Culture/Society; Front Page News; News/Current Events
KEYWORDS: lowqualitycrap; microsoft; sasser; windows; worm
Navigation: use the links below to view more comments.
first previous 1-20 ... 41-6061-8081-100101-116 next last
To: al_c
But there is no proven relationship between the use of an OS and the number of worms. UNIX has had a larger share than MACOS for years and yet it is less likely to have a virus.

Sometimes a better architecture can handle any extra publicity..

81 posted on 05/03/2004 11:06:51 AM PDT by N3WBI3
[ Post Reply | Private Reply | To 77 | View Replies]

To: FourPeas
Anyone want an Apple while their system is down?
82 posted on 05/03/2004 11:08:48 AM PDT by sully777 (Our descendants will be enslaved by political expediency and expenditure)
[ Post Reply | Private Reply | To 1 | View Replies]

To: sully777
I'm really more of a cherry fan.
83 posted on 05/03/2004 11:14:18 AM PDT by FourPeas
[ Post Reply | Private Reply | To 82 | View Replies]

To: brownsfan
Save your energy. Mac users are zealots. They are insecure that they are out of step with the rest of the world, so they cover it with that elitist attitude. Not surprising that Mac users tend to be liberal! :)


I woke up and the sun shown in my face. I made coffee and logged onto my e-mail. I've surfed a few CONSERVATIVE sites. Yes, life's good being an insecure elitist--a Goldwater Conservative Apple-user insecure elitist, thank you very much.

It's like that old saying: Wealth doesn't buy happiness but at least it buys something.
84 posted on 05/03/2004 11:26:43 AM PDT by sully777 (Our descendants will be enslaved by political expediency and expenditure)
[ Post Reply | Private Reply | To 20 | View Replies]

To: Clemenza
bttt
85 posted on 05/03/2004 11:28:19 AM PDT by ConservativeMan55 (http://www.osurepublicans.com)
[ Post Reply | Private Reply | To 7 | View Replies]

To: sully777
Apple isn't immune:

http://www.cnn.com/2004/TECH/internet/04/09/apple.trojan/

86 posted on 05/03/2004 11:34:33 AM PDT by blackie (Be Well~Be Armed~Be Safe~Molon Labe!)
[ Post Reply | Private Reply | To 84 | View Replies]

To: Billthedrill
My daughter's system got it as well. She called me the other day from her mom's and said her system was possessed! After visiting Macfee, Symantec and Microsoft I got everything I needed to detect it, clear it out, and patch Windows.
87 posted on 05/03/2004 11:36:19 AM PDT by pctech
[ Post Reply | Private Reply | To 14 | View Replies]

To: IamHD
Also, everytime she tries to get her patch, the computer shuts down. If I startup in safe mode, can I get online and download the patch that way? Or, should I remove the bugger from the registry, first, and then try to patch?

Hi there IamHD, maybe this will help. I went to system repair and backed up the settings to before the worm was announced. That let me get on line to find the Sasser fix on Norton, which I used yesterday (following instructions very carefully), and so far, no more problems -- but am knocking hard on wood ;^p

88 posted on 05/03/2004 11:58:39 AM PDT by varina davis
[ Post Reply | Private Reply | To 36 | View Replies]

To: Arthalion
Out of curiosity, have you seen anything coming through the VPN connections? We maintain a number of VPN connections with several clients for support purposes. We're pretty good about preventative security, but I'd like to know whether this bug is poking at that particular weak point.
89 posted on 05/03/2004 1:15:39 PM PDT by NJ_gent
[ Post Reply | Private Reply | To 51 | View Replies]

To: sully777
I said: Mac users TEND to be liberal. Not: all Mac users are liberal. :)

Needling aside, I see the strengths of the Mac, and the strengths of the PC. Both are simply tools. It just seems you get the Mac users who pipe up at any opportunity pontificating about their choice of tool. As if anyone who didn't share their view was not very bright. If you can't objectively examine the tools available to you, you are doomed to use the wrong one eventually.
90 posted on 05/03/2004 1:16:41 PM PDT by brownsfan (I didn't leave the democratic party, the democratic party left me.)
[ Post Reply | Private Reply | To 84 | View Replies]

To: CyberCowboy777
These Routers will have a easy to use Web Interface and a manual for setup. The Firewall functions can usually be set to default High Level Security to block all uninitiated inbound TCP ports.

I believe this is likely talking about NAT. Helpful, but not the same as a firewall - though manufacturers sometimes don't like to point out the distinction.

91 posted on 05/03/2004 1:38:38 PM PDT by D-fendr
[ Post Reply | Private Reply | To 66 | View Replies]

To: NJ_gent
Depends on how you filter the tunnels.

If it's not filtered at all, a VPN IPsec tunnel sends all traffic through a properly established tunnel. It encrypts it and verifies both ends, but it will send a virus, trojan, worm, just as easily as it will good data. (It's sometimes described as a hard shell and soft inside security.)

You can filter the tunnel, (direct traffic to only addess x and port x), assuming you have the equipment and knowledge to do so.

But don't assume your VPN does this.
92 posted on 05/03/2004 1:42:57 PM PDT by D-fendr
[ Post Reply | Private Reply | To 89 | View Replies]

To: NJ_gent
Yes we have. One of our VPN clients apparently became infected with Sasser.D about an hour ago, and then jumped through our VPN to infect a couple of other VPN clients before our operations guys were able to secure and shut down those users (they apparently have Ciscoworks set to alert them of any internal 445 activity). The good news is that the new VLAN and intermediate firewalls apparently worked like a charm and kept the virus out of our main network. The bad news is that it apparently jumped despite the fact that our Cisco concentrators should be filtering 445 completely (we're not yet sure what the problem is). Since our VPN clients sit in their own VLAN, however, all they can do right now is infect each other.
93 posted on 05/03/2004 1:52:50 PM PDT by Arthalion
[ Post Reply | Private Reply | To 89 | View Replies]

To: FourPeas
I'm just going to bump this so I can find it again when I get home. I'm pretty sure the computers at my night job are infected. Thanks.
94 posted on 05/03/2004 1:59:10 PM PDT by Buggman (President Bush sends his regards.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: rwfromkansas
XoftSpy

http://www.paretologic.com/xoftspy/lp/1/?w=1

Buy it, because the freebie won't allow removal of the bots. $39.95 download.

95 posted on 05/03/2004 2:13:01 PM PDT by savedbygrace
[ Post Reply | Private Reply | To 69 | View Replies]

To: D-fendr
NAT is better than a straight Cable Modem access and many Cable/DSL Routers do block inbound TCP ports.

Now days you can buy a middle class router with Stateful Packet Inspection and other true Firewall features for $150.00 or less.

http://www.amazon.com/exec/obidos/tg/detail/-/B00006B9HR/102-6475380-6426540?v=glance

http://www.amazon.com/exec/obidos/ASIN/B00006G2OJ/qid%3D1083621266/sr%3D11-1/ref%3Dsr%5F11%5F1/102-6475380-6426540

http://www.homenethelp.com/web/review/dlink-di-714.asp

Higher end units like the uBr series from Cisco have used Stateful Packet Inspection for awhile.

This is a pretty good solution for $50.00 to $150.00 for a small business or home user.

96 posted on 05/03/2004 2:57:54 PM PDT by CyberCowboy777 (Veritas vos liberabit)
[ Post Reply | Private Reply | To 91 | View Replies]

To: Arthalion
Damn thing sounds like Skynet. :-)

Thanks for the info, I'm going to have to do some more work to make sure this thing isn't able to hop on over from any of our VPN-connected clients.
97 posted on 05/03/2004 3:00:25 PM PDT by NJ_gent
[ Post Reply | Private Reply | To 93 | View Replies]

To: D-fendr
"If it's not filtered at all..."

Not quite that bad off. Our main network here is walled off from the tunnels. My main concern is clients infecting one another. I'm going to have to take another look at what's in place to prevent that (as opposed to playing on here more today) before I go home. Luckily, none of our VPN-connected clients have a large sales force that brings laptops in and out of their respective networks. The fact that I'm paranoid makes me not so worried about that happening (paranoia makes for good preparation), but it does make me re-check everything every time a new threat emerges.
98 posted on 05/03/2004 3:08:38 PM PDT by NJ_gent
[ Post Reply | Private Reply | To 92 | View Replies]

To: Arthalion
...they apparently have Ciscoworks set to alert them of any internal 445 activity...

Are you blocking 445 internally as well as externally?

99 posted on 05/03/2004 3:31:55 PM PDT by general_re (Drive offensively - the life you save may be your own.)
[ Post Reply | Private Reply | To 93 | View Replies]

To: general_re
Not if they want anything Windows networking related to work.
100 posted on 05/03/2004 3:35:06 PM PDT by sigSEGV
[ Post Reply | Private Reply | To 99 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 41-6061-8081-100101-116 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson