Last week's attack by the self-spreading Sasser worm left security experts split as to whether cyberspace had seen the last of the new worm, or just the beginning.
Four Sasser variants,A, B, C and D,continued to run amok across the Internet last week in search of an LSASS (Local Security Authority Subsystem Service) buffer overrun vulnerability in Windows 2000 and XP platforms. The vulnerability was first announced on April 13 in Microsoft Security Bulletin MS04-011, said Debby Fry Wilson, director of Security Response Marketing at Microsoft, Redmond, Wash.
Sasser doesn't arrive as an e-mail attachment but enters a system through TCP port 445, said Kevin Kean, director of Microsoft's Security Response Center.
 | |
| |
W32.Sasser.B.Worm differs from W32.Sasser.Worm >> Uses a different mutex. >> Uses a different file name. Has a different MD5. >> Creates a different value in the registry. | |
David Perry, global director of education for security firm Trend Micro, Cupertino, Calif., agrees that Sasser may have had its day in the sun. "Sasser is a very successful sort of a ploy for a virus writer, but the limiting factor is that once you patch it, or block the entrance port, it gets knocked out completely," he said.
But Kevin Nelson, vice president of Threat Focus, a network security service in Tustin, Calif., said that after studying the worm author's motives, he expects a second wave of variants to strike, and possibly begin delivering malicious payloads. "There were some issues with the D version. [Sasser's author] backed some components out from the C version, and that tells me he was trying to do something, made a mistake, and will now come out with a new version," he said.
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Microsoft Shows Its Love In Valentine's Day Patch Release
- Worker Abuse Protest Targets Apple, Supplier Foxconn
- Microsoft Taps Cisco Exec To Manage Public Sector Business
- Microsoft Sets Feb. 29 For Windows 8 Consumer Preview Release
- Trend Micro Spruces Up SafeSync For The Channel
- Ingram Micro Adds Kaseya, Symantec, Trend Micro To Cloud Arsenal
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
