TrendLabs declares Sasser.B worm as ‘high risk’

Trend Micro, an anti virus company which is not known for over-reacting, has declared a ‘red alert’ over the Sasser.B worm, indicating that there is a high risk of it causing damage to computer systems worldwide.

The potential impact of the worm was demonstrated yesterday when the UK Coast Guard, British Airways, Goldman Sachs and Deutsche Post were affected. (See http://news.bbc.co.uk/1/hi/technology/3683553.stm )

TrendLabs’ warning reads as follows:

TrendLabs has declared a High Risk Virus alert to control the spread of WORM_SASSER.B.

This variant of WORM_SASSER.A similarly exploits the Windows “Local Security Authority Subsystem Service” (LSASS) vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system.

To propagate, this worm scans random IP addresses for vulnerable systems. When a vulnerable system is found, the malware sends a specially crafted packet to produce a buffer overrun on LSASS.EXE, which causes the program to crash and eventually require Windows to reboot.

•Date: 5th May 2004 •Region: Worldwide •Type: Article •Topic: Warnings
Rate this article or make a comment - click here