Anti-virus vendors say a new worm is exploiting a critical Microsoft windows vulnerability and spreading fast via the Internet.
Brett Myroff, CEO of local Sophos distributor NetXactics, says the new worm, Sasser.A, appears to be essentially harmless, but is spreading fast and has a major nuisance factor.
The worm spreads via the Internet and requires no user interaction. F-Secure Corporation says it has been following the spread of the Sasser worm over the past weekend, and notes that it spreads to Windows PCs automatically, even if nobody is using the PC at the time.
It exploits the LSASS vulnerability first reported by Microsoft on 13 April in Microsoft Security Bulletin MS04-011. The worm can cause the infected computer to crash and enter a 'reboot loop`.
Ken Dunham, Director of Malicious Code at iDefense Inc, says: "Sasser.A is 15,872 bytes and may create a copy of itself in the Windows directory as avserve.exe. It may also create copies of itself in the Windows System directory using the format #_up.exe, such as 11583_up.exe. Sasser.A may also cause the LSASS.EXE service to crash and the infected computer to reboot. It communicates over TCP ports 445, 5554, and 9996.
"The Sasser worm spreads in a similar way to last year`s serious Blaster, in so much as it travels via the Internet exploiting security holes in Microsoft`s software and does not use email," Myroff says. "Computers which are not properly protected with anti-virus updates, firewalls and Microsoft`s security patch are asking for trouble."
Myroff notes that home users and employees who use their mobile computers away from company firewalls are most at risk.
Dunham notes: "There has been a fair amount of underground activity surrounding the MS04-011 vulnerability since it came out earlier this month. Security experts have been concerned that a worm against this vulnerability might soon emerge."
The number of Sasser-affected PCs is already estimated to be in hundreds of thousands and it will continue to rise as the working week starts, says F-Secure.
Share
