Skip to comments.
Sasser Worm Infects Thousands of Computers Worldwide
Bloomberg ^
| May 3, 2004
Posted on 05/03/2004 8:30:21 AM PDT by FourPeas
Edited on 07/19/2004 2:14:00 PM PDT by Jim Robinson.
[history]
May 3 (Bloomberg) -- A computer worm called Sasser may have infected hundreds of thousands of computers through the Internet and is still spreading, possibly disrupting business today, a security software expert said.
The worm, which is different than a virus because it doesn't need to be attached to an e-mail to spread, causes a computer to shut down and then reboot several times, apparently without causing any permanent damage, said Mikko Hyppoenen, director of virus research with Helsinki-based F-Secure Oyj. The worm was detected Saturday at 4 a.m. Finnish time, he said.
(Excerpt) Read more at quote.bloomberg.com ...
TOPICS: Business/Economy; Crime/Corruption; Culture/Society; Front Page News; News/Current Events
KEYWORDS: lowqualitycrap; microsoft; sasser; windows; worm
Navigation: use the links below to view more comments.
first previous 1-20 ... 41-60, 61-80, 81-100, 101-116 next last
To: al_c
But there is no proven relationship between the use of an OS and the number of worms. UNIX has had a larger share than MACOS for years and yet it is less likely to have a virus.
Sometimes a better architecture can handle any extra publicity..
81
posted on
05/03/2004 11:06:51 AM PDT
by
N3WBI3
To: FourPeas
Anyone want an Apple while their system is down?
82
posted on
05/03/2004 11:08:48 AM PDT
by
sully777
(Our descendants will be enslaved by political expediency and expenditure)
To: sully777
I'm really more of a cherry fan.
83
posted on
05/03/2004 11:14:18 AM PDT
by
FourPeas
To: brownsfan
Save your energy. Mac users are zealots. They are insecure that they are out of step with the rest of the world, so they cover it with that elitist attitude. Not surprising that Mac users tend to be liberal! :)
I woke up and the sun shown in my face. I made coffee and logged onto my e-mail. I've surfed a few CONSERVATIVE sites. Yes, life's good being an insecure elitist--a Goldwater Conservative Apple-user insecure elitist, thank you very much.
It's like that old saying: Wealth doesn't buy happiness but at least it buys something.
84
posted on
05/03/2004 11:26:43 AM PDT
by
sully777
(Our descendants will be enslaved by political expediency and expenditure)
To: Clemenza
bttt
To: sully777
86
posted on
05/03/2004 11:34:33 AM PDT
by
blackie
(Be Well~Be Armed~Be Safe~Molon Labe!)
To: Billthedrill
My daughter's system got it as well. She called me the other day from her mom's and said her system was possessed! After visiting Macfee, Symantec and Microsoft I got everything I needed to detect it, clear it out, and patch Windows.
87
posted on
05/03/2004 11:36:19 AM PDT
by
pctech
To: IamHD
Also, everytime she tries to get her patch, the computer shuts down. If I startup in safe mode, can I get online and download the patch that way? Or, should I remove the bugger from the registry, first, and then try to patch?Hi there IamHD, maybe this will help. I went to system repair and backed up the settings to before the worm was announced. That let me get on line to find the Sasser fix on Norton, which I used yesterday (following instructions very carefully), and so far, no more problems -- but am knocking hard on wood ;^p
To: Arthalion
Out of curiosity, have you seen anything coming through the VPN connections? We maintain a number of VPN connections with several clients for support purposes. We're pretty good about preventative security, but I'd like to know whether this bug is poking at that particular weak point.
89
posted on
05/03/2004 1:15:39 PM PDT
by
NJ_gent
To: sully777
I said: Mac users TEND to be liberal. Not: all Mac users are liberal. :)
Needling aside, I see the strengths of the Mac, and the strengths of the PC. Both are simply tools. It just seems you get the Mac users who pipe up at any opportunity pontificating about their choice of tool. As if anyone who didn't share their view was not very bright. If you can't objectively examine the tools available to you, you are doomed to use the wrong one eventually.
90
posted on
05/03/2004 1:16:41 PM PDT
by
brownsfan
(I didn't leave the democratic party, the democratic party left me.)
To: CyberCowboy777
These Routers will have a easy to use Web Interface and a manual for setup. The Firewall functions can usually be set to default High Level Security to block all uninitiated inbound TCP ports.I believe this is likely talking about NAT. Helpful, but not the same as a firewall - though manufacturers sometimes don't like to point out the distinction.
91
posted on
05/03/2004 1:38:38 PM PDT
by
D-fendr
To: NJ_gent
Depends on how you filter the tunnels.
If it's not filtered at all, a VPN IPsec tunnel sends all traffic through a properly established tunnel. It encrypts it and verifies both ends, but it will send a virus, trojan, worm, just as easily as it will good data. (It's sometimes described as a hard shell and soft inside security.)
You can filter the tunnel, (direct traffic to only addess x and port x), assuming you have the equipment and knowledge to do so.
But don't assume your VPN does this.
92
posted on
05/03/2004 1:42:57 PM PDT
by
D-fendr
To: NJ_gent
Yes we have. One of our VPN clients apparently became infected with Sasser.D about an hour ago, and then jumped through our VPN to infect a couple of other VPN clients before our operations guys were able to secure and shut down those users (they apparently have Ciscoworks set to alert them of any internal 445 activity). The good news is that the new VLAN and intermediate firewalls apparently worked like a charm and kept the virus out of our main network. The bad news is that it apparently jumped despite the fact that our Cisco concentrators should be filtering 445 completely (we're not yet sure what the problem is). Since our VPN clients sit in their own VLAN, however, all they can do right now is infect each other.
To: FourPeas
I'm just going to bump this so I can find it again when I get home. I'm pretty sure the computers at my night job are infected. Thanks.
94
posted on
05/03/2004 1:59:10 PM PDT
by
Buggman
(President Bush sends his regards.)
To: rwfromkansas
To: D-fendr
NAT is better than a straight Cable Modem access and many Cable/DSL Routers do block inbound TCP ports.
Now days you can buy a middle class router with Stateful Packet Inspection and other true Firewall features for $150.00 or less.
http://www.amazon.com/exec/obidos/tg/detail/-/B00006B9HR/102-6475380-6426540?v=glance
http://www.amazon.com/exec/obidos/ASIN/B00006G2OJ/qid%3D1083621266/sr%3D11-1/ref%3Dsr%5F11%5F1/102-6475380-6426540
http://www.homenethelp.com/web/review/dlink-di-714.asp
Higher end units like the uBr series from Cisco have used Stateful Packet Inspection for awhile.
This is a pretty good solution for $50.00 to $150.00 for a small business or home user.
96
posted on
05/03/2004 2:57:54 PM PDT
by
CyberCowboy777
(Veritas vos liberabit)
To: Arthalion
Damn thing sounds like Skynet. :-)
Thanks for the info, I'm going to have to do some more work to make sure this thing isn't able to hop on over from any of our VPN-connected clients.
97
posted on
05/03/2004 3:00:25 PM PDT
by
NJ_gent
To: D-fendr
"If it's not filtered at all..."
Not quite that bad off. Our main network here is walled off from the tunnels. My main concern is clients infecting one another. I'm going to have to take another look at what's in place to prevent that (as opposed to playing on here more today) before I go home. Luckily, none of our VPN-connected clients have a large sales force that brings laptops in and out of their respective networks. The fact that I'm paranoid makes me not so worried about that happening (paranoia makes for good preparation), but it does make me re-check everything every time a new threat emerges.
98
posted on
05/03/2004 3:08:38 PM PDT
by
NJ_gent
To: Arthalion
...they apparently have Ciscoworks set to alert them of any internal 445 activity... Are you blocking 445 internally as well as externally?
99
posted on
05/03/2004 3:31:55 PM PDT
by
general_re
(Drive offensively - the life you save may be your own.)
To: general_re
Not if they want anything Windows networking related to work.
100
posted on
05/03/2004 3:35:06 PM PDT
by
sigSEGV
Navigation: use the links below to view more comments.
first previous 1-20 ... 41-60, 61-80, 81-100, 101-116 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson