Unlike many worms, Sasser does not spread by emails. Sasser attacks through a software bug found in the Microsoft Operating System. The software bug is documented here. Users are encouraged to apply patch to their Windows Operating System through the Windows Update facility. Other than installing patches, users who run firewalls are also encouraged to block incoming TCP port 5554, 9996, and 445.

A successful exploit will grant attackers full access to the victims' computers. The worm is known to setup FTP server at port 5554 and also altered a windows API to inhibit users' attempt to shut down and restart his/her PC.

The Worm has mutated since its initial release. The latest mutation is W32.Sasser.C. Symantec has developed removal tools for Sasser variants. The removal instructions and tools can be found here.

If you believe you have become infected or have any questions regarding worm, please do not hesitate to contact us. As always, as a Green Apple user you are welcome to bring in your computer for us to examine and, where possible, fix.
 

Home / Access / Development / Support / Hosting / Local Links / Computers
 Contact Us / Green Apple News / Jobs / Site Map / Link To Us / Policy

Lancaster-Fairfield County Chamber of Commerce, 2000 Small Business of the Year
www.greenapple.com · tel. (740) 653-9890 · toll free. (866) 653-9890
Copyright © 1995 - 2007, Green Apple, Inc.