US-CERT has received reports of a new worm, referred to as "W32/Sasser".
This worm attempts to take advantage of a buffer overflow vulnerability in the Windows Local Security Authority Service Server (LSASS). The vulnerability allows a remote attacker to execute arbitrary code with SYSTEM privileges. More information on this vulnerability is available in Vulnerability Note VU#753212 and Microsoft Security Bulletin MS04-011.
The worm has been reported to propagate by scanning random IP addresses on port 445/tcp for vulnerable systems. When a vulnerable system is found, the worm will exploit this vulnerability, create a remote shell on port 9996/tcp, and start an FTP server on port 5554/tcp. The victim system will then connect back to the attacking system on port 5554/tcp to retrieve a copy of the worm. Systems infected by this worm may notice significant performance degradation.
US-CERT strongly encourages users to install anti-virus software, and keep its virus signature files up-to-date.

Connect with us or request a quote.

Since 1994, WEBPRO has perfected Front Page Marketing that drives more qualified traffic!

Business or Industry:
Submit Message