The sasser hole???
Results 1 to 7 of 7

Thread: The sasser hole???

  1. #1

    The sasser hole???

    i have a question about the sasser hole,
    how does it work???????????

    and what does it use to get in unpatched win xp computer??

  2. #2
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,743
    I think that is a bit personal.. sasser will be mostly upset by people asking about his hole...

    or

    do you mean to ask about the Vulenerability in the LSass service in Windows XP?

    You set up a carefully crafted packet.. it crashes the Unpatched Lsass service..
    your packet opens a little door for you to drop a little bit of code
    and hopefully before the system is shutdown.. your code is safely inside the victems machine
    and in the Sasser worms case.. another copy of sasser ready to infect another group of boxes..

    old hat crap now..
    there are several other nastier Malware using that vulenerability now..
    and a number of sites that describe in detail how it all works.. a careful use of a web search site like www.google.com will help you track these well written articals for your enjoyable reading..

    But before you go.. I would recommend a search of the security tutorials on this site.. there will be a story or 2 in there regarding Sasser..then have a look throiugh the Microsoft Security forums, even the Antivirus forums..

    Lots to read.. see ya later

    oh and welcome to AO..

    Cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  3. #3
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    It spreads by scanning IP addresses for vulnerable systems through ftp port 5554.

    It then creates a value: "avserve.exe"=%windows%\avserve.exe in the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.

    By Microsofts admission though, the patch they released to protect against it can render some systems unbootable!
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  4. #4
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,743
    Question..Rachid

    Your web page.. what is the purpose of distributing the source code of viruses?
    mind these seem to be oldies, lets see stoned.. ahh those were the days.. jerusalem..mmmm the media loved it .. and who can forget michangelo... oldies.. but goodiees.. classics
    pity you didn't do the disassembly your self..
    Downloaded From P-80 International Information Systems

    as that is all you have there.. are you planning upgrading the site in any way like providing your own?
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  5. #5
    thank you all very much for helping me now i know why this website is so important

  6. #6
    Banned
    Join Date
    Apr 2004
    Posts
    843
    Originally posted here by Nokia
    It spreads by scanning IP addresses for vulnerable systems through ftp port 5554.
    ? ?

    Last I remember thats one of it's backdoors that it drops onto the system. An ftp server I beleave. But... It actually propogates though a stack-overflow (LSASS MS-RPC vulnerability). Im not sure but it may use this to upload itself but as I mentioned before this would only happen some time after the initial exploitation.

    The worm itself had its flaws which lead to another worm that propogated through a buffer overflow in the worm itself or maybe it was one of the trojans it drops I beleave. I beleave this may be what he was reffering to.

  7. #7
    hi thank you all

    and i would like to answer the member UND3RTAK3R :

    i changed my website to www.geocities.com/mlink_v1

    please check it but don't critisize me because i'm still building it

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •