Sasser Worm Spreads, What You Need to Know

A new series of worms released onto the Internet exploits a critical security vulnerability in Microsoft's Windows XP and Windows 2000 OSes and does not need users to open e-mail attachments in order to propagate, experts said Saturday.

The worm has positioned itself as one of the quickest-spreading and most virulent ones around, suggesting that the number of incidents will soar at the beginning of the week, according to Luis Corrons, director of security vendor Panda Software SL's PandaLabs unit.

Computers infected with the worm boot up normally but then hang up or shut down when users attempt to do any work. The new worm exploits the LSASS (Local Security Authority Subsystem Service) remotely exploitable buffer overrun vulnerability first reported by Microsoft on 13 April in Microsoft Security Bulletin MS04-011.

The worm does not damage files and is relatively easy to remove, although concerns have been raised that information stored on an infected computer could be compromised.

To protect your computer against Sasser and its variants, do the following:

Step 1: Enable a Firewall

Before you take other steps, make sure you have a firewall activated to help protect your computer against infection. If you have a hardware firewall in place for your home or workplace connection, or if you use the firewall included with Microsoft® Windows® XP, the Sasser worm is most likely blocked. If your computer has been infected, activating firewall software will help limit the effects of the worm on your computer. For comprehensive guidance to installing and enabling a firewall, see the Microsoft Protect Your PC site.

Step 2: Install the Required Update

To help protect your computer against the Sasser worm and its variants, you must first download and install security update 835732, which was released with Microsoft Security Bulletin MS04-011. You can find update 835732 on the Windows Update Web site listed in the Critical Updates and Service Packs section. You can also download and install this update manually from the Microsoft.com Download Center. To find the download for your operating system, refer to Technical Security Bulletin MS04-011.

Note: If you installed the updates for MS04-011 manually or through Automatic Updates before Friday, April 30, then you are already protected against this issue.

Step 3: Automatically Check For and Remove Sasser.A and Sasser.B

You can use this tool to search your hard disk for and try to remove Sasser.A and Sasser.B. To do so, click Check My PC for Infection.

Important To use this tool, you must be running Windows XP or Windows 2000, and you must have already installed the update released with Microsoft Security Bulletin MS04-011.

You may like these other stories...

Regulatory compliance, risk management and cost-cutting are the big heartburn issues for finance execs in the C-suite. Yet financial planning and analysis—a key antacid—is insufficient.That's just one of the...
Continuing its efforts to simplify accounting procedures, the FASB has issued a proposed Accounting Standards Update on customer fees paid in a cloud computing arrangement. The newly-proposed update (Intangibles—...
How are you planning? What tools do you use (or fail to use) for forecasting? PlanGuru is a business budgeting, forecasting, and performance review software company based in White Plains, N.Y. AccountingWEB recently spoke...

Already a member? log in here.

Upcoming CPE Webinars

Sep 9
In this session we'll discuss the types of technologies and their uses in a small accounting firm office.
Sep 10
Transfer your knowledge and experience to prepare your team for the challenges and opportunities of an accounting career.
Sep 11
This webcast will include discussions of commonly-applicable Clarified Auditing Standards for audits of non-public, non-governmental entities.
Sep 24
In this jam-packed presentation Excel expert David Ringstrom, CPA will give you a crash-course in creating spreadsheet-based dashboards. A dashboard condenses large amounts of data into a compact space, yet enables the end user to easily drill down into details when warranted.