Sasser Worm

[TCH-Thomas]

Sasser is out in 2 versions.

Read more here and here.

[stevevan]

kinda make one wonder if some people have any ambition in life.

[TCH-Thomas]

They haven´t.

[arvind]

lol ! take down bill gate

[TheManKnownAsX]

Sasser is now at 4 variants that are known.. there are probably more on the way. I work telephone tech support for an ISP, and we've been inundated with calls regarding this virus since Friday night when it was initially released into the wild. FYI, The 'C' variant of the Sasser CAN run on Win9x and WinME. It will not "infect" the computer, per se, but it can use a Win9x system to infect others. If you're a WinXP or Win2K owner, I would suggest checking out microsoft.com for info on how to prevent/fix infections.

[ThumpAZ]

I have seen my first network infested by this nasty little bug. They were in the rollout of the patch when it came in through one of the edge servers (they had gotten all of the edges done and were just getting started on this one... none of the internal PCs were patched yet). This is a site with nearly 1000 machines and gigabit ethernet over fiber to each node (serves a max of 48 machines per node).

This site came to a halt in less than an hour! The pcaps were showing loads nearing 85% on almost every leg of the LAN and the Win servers. Thank God all of their critical boxes are 'NIX, and thusly were not affected.

It is amazing seeing a quad-processor 3.2GHz Xeon box at loads of 90% with 4 NIC cards... makes you respect the power of a simple 17KB file. And swear a death warrant on the person who built it.

The only good thing is that the router that feeds back to their corporate offices automatically stopped itself before the worm could get upstream of the local site. If it had gotten there, it could have taken down an international company!

[hindixp]

MS has released a tool for this worm.

 

Download from Here