The Significance of
"SASSER"
|
The Sasser Worm ---
W32.Sasser,
I-Worm/Sasser.A or
I-Worm/Sasser.B thru F.
The Sasser Worm and other "New Worms"have ushered in a "New Era" of Virus.WT (Virus/Worm/Trojan) systems that have changed the very nature of the interface between Virus.WT systems, Anti-Virus software systems, the "End User" (both private and Corporate) and the very Internet itself.
Besides the fact that this Worm is much harder to remove and requires definite manual intervention,
See the Microsoft Knowledge Base article,
"Antivirus Tools Cannot Clean Infected Files in the Restore Folder," Article ID: Q263455.
http://support.microsoft.com/support/kb/articles/Q263/4/55.ASP
The really important point is that this agent does not require e-mail or User interaction to spread!
Sasser.A scans random IP addresses (on TCP port 445), it also logs IP addresses it has infected to the file c:\win.log.
This one point is so incredibly important and has totally changed the very nature of the Internet as we know it.
This new development seems to be grossly down played by the Anti-Virus community.
Imagine a bank robber with a "Star Trek" style "Transporter Device" and the papers would say "Oh by the way the robber can "Beam" through solid rock and steel, take whatever he wants and "Beam" back out but don't worry we can stop him from coming back a second time...maybe".
Remember this is not some futuristic, conceptual, theoretical software agent but one that is in full operation and in mass circulation at the time of this writing.
Add to this it's ability to Shut Down Your System, disable and/or mislead most of the Top Anti-Virus applications, block your ability to access Anti-Virus Websites and/or block Virus Definition downloads, disrupt and corrupt the installation of New Anti-Virus Software, blocks your ability to remove it manually by shutting down Regedit (about 2 seconds after it opens), closing the Configuration Utility and Task Manager (it even blocks these utilities in "Safe Mode").
These are not just things I have read but also have personally experienced on several occations in the field on onsite.
I have seen very little written conserning many of the above mentioned symptoms and effects of this Worm.
|
|
