Thursday, May 06, 2004

Sasser Worm - How to deal with it?

How do you know you’re infected?
If your computer is infected with the W32.Sasser.worm, you may see a dialog box with an LSASS.exe error. Some customers whose computers have been infected may not notice the presence of the worm at all, while others who are not infected may experience problems because the worm is attempting to attack their computer. Typical symptoms may include systems rebooting every few minutes without user input.

Windows Server 2003 systems are not at risk from this Worm.

What does the worm do to the users system?
Our investigation is still ongoing; however the worm appears to infect a vulnerable system then immediately seeks to infect other systems. We are continuing our investigation to determine any further actions the worm may seek to take.

Is there a fix available?
Yes, install MS04-011.

Are there workarounds?
Yes, there are workarounds available including implementing firewall best practices, standard default firewall configurations and PYPC guidelines. Additional information on workarounds can be located at the following URL:

Are there side effects of the workaround?
Side effects of the workaround can be found at the following URL:


Post a Comment

<< Home