Subscription only Juggers me old mate, which one was it about ?
Originally posted by MrTFWitt
Subscription only Juggers me old mate, which one was it about ?
My most humble of apologies Mr TFW.
Here it is.
Worm hits millions of PC’s
Stockholm - A new internet worm is spreading automatically worldwide and has probably already infected millions of computers, a Finnish anti-virus expert has said.
The Sasser worm can infect any computer that is switched on and contrary to most other worms or viruses is not spread by e-mail, said Mikko Hyppoenen, head of anti-virus research at the Finnish internet security firm F-Secure.
“This is one of few worms that spreads automatically. It is enough for your PC to be on,” he told AFP in a telephone interview from Helsinki.
The worm typically shuts down the computer, then automatically re-boots it, repeating the procedure several times. Hyppoenen said computers behind a firewall should be spared from the attack.
He stressed that the worm, while inconvenient, was harmless.
“This worm does not have any criminal intentions, unlike the Bagle and Sobig viruses we saw earlier which took control of computers by opening back doors to send spam. Sasser doesn’t do anything,” he said.
“The Blaster virus in August 2003 infected millions of computers… this time there could possibly be more computers infected,” Hyppoenen said.
Hyppoenen said experts did not yet know who was behind the attack but suspected that it was teenage hackers out to have some fun.
“It was probably some hobbyist, a teenager who has the skills and wants to show off,” he said.
Sasser was first observed at 00:01 (GMT) on Saturday, and was infecting computers that had not installed the latest Microsoft patch in the past 18 days.
Installing the patch fixes the problem, but many users may find that difficult because their computer keeps on shutting down, Hyppoenen said.
He expected the number of computers affected by the worm to increase dramatically on Monday, when employees who had worked on laptop computers at home over the weekend returned to work and hooked them up to the office network.
Since laptops are not protected by company firewall systems if used on another server than the company’s, they would run the risk of being infected, and in turn infect the company’s network when used on Monday in the office.
Upgraded to a medium threat
http://vil.nai.com/vil/content/v_125007.htm
My advice would be get the stinger tool from that website
and the MS patch from here http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx onto a CD today before the world goesback to work and this starts to spread.
Nice find though Juggy, I forgot these things like holiday weekends to have time to propogate 
We run SUS at the office which updates servers, laptops and workstations continuously. We should be OK.
Hmmm - disappointed.
Thought this was a thread about Master Chief…
But I’ll chip in anyway 
The patch was released agaes ago 
you lazy sys admins.
Be lazy like me - and use a program to patch them all up (SUS is good for a freebie) - I use SUS for clients, but for servers, I use UpdateExpert and you can download an evaluation.
eEye also do scanner products (at cost) but occaisonally do individual scanners.
Here are links to some :
More Free Tools from eEye Digital Security ===========================================
For your convenience, use the links below to download our other free tools without having to re-register with us:
CodeRed Worm Scanner
http://www.eEye.com/html/Research/Tools/Download.asp?file=RetinaCodeRed&id=040502.075007.765562
Nimda Scanner
http://www.eEye.com/html/Research/Tools/Download.asp?file=RetinaNimda&id=040502.075007.765562
Spida/Digispid.B.Worm SQL Worm Scanner
http://www.eEye.com/html/Research/Tools/Download.asp?file=RetinaSpida&id=040502.075007.765562
Apache Chunked Scanner
http://www.eEye.com/html/Research/Tools/Download.asp?file=RetinaApacheChunked&id=040502.075007.765562
Sapphire SQL Worm Scanner
http://www.eEye.com/html/Research/Tools/Download.asp?file=RetinaSapphireSQL&id=040502.075007.765562
RPC DCOM Scanner
http://www.eEye.com/html/Research/Tools/Download.asp?file=RetinaRPCDCOM&id=040502.075007.765562
Messenger Service Scanner
http://www.eEye.com/html/Research/Tools/Download.asp?file=RetinaMSGSVC&id=040502.075007.765562
MyDoom Virus Scanner
http://www.eEye.com/html/Research/Tools/Download.asp?file=RetinaMyDoom&id=040502.075007.765562
Sasser Worm Scanner
http://www.eEye.com/html/Research/Tools/Download.asp?file=RetinaSasser&id=040502.075007.765562
HTH
J
SUS is handy I suppose for a group of networked PC’s.
My reasoning is IF this one takes off ,all those friends and relatives on broadband that never apply patches are going to find themselves in trouble.
Having the patch ready to fix their woes when they cannot connect to the net and the MS patch server is being DOS’d could be very handy.
Handy in terms of beer favours and cash 
I thought a thread with this title should have been started by Renata and the reference being to what Neal had done most recently to be given the title “little worm” :lol:
DT.
Well the Sasser worm hit our company today had about 2hrs
of PC downtime as the company went about zapping it and re-configuring the firewall.
rampant ickle devil
\smug mode on
Two of my customers, major companies with big IT depts were also down today.
\off
Down, what’s down?
1 webfarm in Canada with 45 servers and an office with 300 PC’s and 60 servers. No downtime what so ever:D
funny thing is chap in our IT dept is signed up with microsoft
to be notified of such patches that need applying.
Seems to be lost in the mail :rolleyes:
Could have been bad if it was not the fact most critical machines
seem to be on 95 lol just running a terminal session to our AS400 system.
prob not much compared to some companies but I estimate at least £300K would lost if the company was down for a day mininum depending on what we would be packing at the time.
Microsoft’s poor abilities at plugging holes can cost if worst come to the worst.
Frantic phone call today, 15 users all at remote sites with ADSL/NTL broadband with “A Virus” all need to be fixed asap
I think my patch CD will come in handy for the next two days :agree:
It was like a morecambe & wise sketch in our IT dept
Throwing CD’s to each other from half way accross room
As they created them to patch IT’s computers so they could
get a free machine clean to use the broadband connect to
grab all the patches for NT4/2000/server etc etc
Well funny 
Bah - no such fun here…
1000 desktops, 50 servers… not a sniff…
Couple of home user mates have been hit with it. It has tried and failed to get on ours though
Thank you again Radar for supplying our linux box :kisskiss: