Results 1 to 3 of 3

Thread: Heads Up , New Worm Sasser.a

  1. #1

    Heads Up , New Worm Sasser.a

    Sasser Worm Overview
    The worm, labeled Sasser.A, has been propagating by leveraging a flaw in Microsoft Windows LSA (Local Security Authority) Service (LSASRV.DLL). This flaw was discovered by eEye Digital Security and reported to Microsoft on October 8, 2003.

    The worm begins by targeting servers running versions of Microsoft Windows 2000 and XP that have not been properly patched for the vulnerability. Sasser has the ability to execute without requiring any action on the part of the user. The worm copies itself to a folder in the Windows System directory and adds a registry run key to load at system start-up, creating the value "avserve.exe"=%windows%\avserve.exe in the registry key:


    The Sasser worm can infect any vulnerable computer that is switched on and connected to the Internet. Unlike other worms and viruses, it is not spread by email and does not require any user action to propogate. In reported instances so far, the worm has been observed shutting down a computer then automatically re-booting it, repeating several times.

    How it Propagates
    Sasser scans random IP addresses for vulnerable systems. When one is found, the worm exploits the system by executing a script. This script instructs the target victim to download and execute the worm from the infected host. The infected host accepts this FTP traffic on TCP port 5554.

    For an analysis of the worm please visit:

    For complete information on the Windows Local Security Authority Service flaw (LSASS vulnerability), please visit:

    Source : Eeye security email
    Signature image is too tall!

  2. #2
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Washington D.C. area
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #3
    woops sorry
    Signature image is too tall!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts