KRL

New Internt Worm Infecting Millions of Computers

STOCKHOLM (AFP) - A new Internet worm is spreading worldwide and has probably already infected millions of computers, a Finnish anti-virus expert told AFP.

The Sasser worm can infect any computer that is switched on and connected to an Internet service provider, and unlike most other worms or viruses is not spread by email, said Mikko Hyppoenen, head of anti-virus research at the Finnish Internet security firm F-Secure.

"This is one of few worms that spreads automatically. It is enough for your PC to be on," he told AFP in a telephone interview from Helsinki.

The worm typically shuts down the computer then automatically re-boots it, repeating the procedure several times. Hyppoenen said computers behind a firewall should be spared from the attack.

Sasser was first observed at 0001 GMT Saturday, and was infecting computers that had not installed the latest Microsoft software update in the past 18 days.

Installing the patch fixes the problem, but many users may find that difficult because their computer keeps on shutting down, Hyppoenen said.

He expected the number of computers affected by the worm to increase dramatically on Monday, when employees who had worked on laptop computers at home over the weekend returned to work and hooked them up to the office network.

The antivirus company Symantec said on its website that Sasser spreads by scanning Internet computers for "vulnerable systems" -- computers that were permanently connected to their Internet service provider.

Since laptops are not protected by company firewall systems if used on another server than the company's, they would run the risk of being infected, and in turn infect the company's network when used Monday in the office.

__________________
If you would like to develop your domains, you can lease inexpensive foreign labor
from the leaders in the field at iWebmasters.com TO LOWER YOUR COSTS AND INCREASE YOUR PRODUCTION!
*** *** *** *** *** *** *** *** *** *** *** ***
Domains Adult News KRL's Newsletter Biz Tips Just Listed Domains

Tala

Oh joy.

__________________

ICQ: 11120676 | Google: mindcrime | Skype: suitemindcrime|E-Mail: mindcrime AT gmail.com|PR girl with great writing skills for hire!!!! Contact me to work for YOU!|TECHIEMEDIA? 24/7 support from some of the best techs in the biz. Tell Jim that I sent you.

ace0r

i dont get why folks are so slow in getting the ms updates downloaded

KRL

I know people that don't even know they have to update their virus definition files constantly and think once you install a virus scanner you're protected.

Its really scary how many techno putzes are on the Net. If everyone would just learn some basic computing necessities these viruses would never be able to spread all over as much as they do.

__________________
If you would like to develop your domains, you can lease inexpensive foreign labor
from the leaders in the field at iWebmasters.com TO LOWER YOUR COSTS AND INCREASE YOUR PRODUCTION!
*** *** *** *** *** *** *** *** *** *** *** ***
Domains Adult News KRL's Newsletter Biz Tips Just Listed Domains

sumphatpimp

http://www.channelnewsasia.com/stori.../82779/1/.html


It was first spotted on Friday, and hahahahahahas 2000, hahahahahahas Server 2003 and hahahahahahas XP were the exposed operating systems. Other hahahahahahas systems, Linux and Macintosh, among others, were not affected.


as usual winblows
again

best thing I ever done was get ride of winblows

hahaha= winblows

KRL

The worm spreads with the file name: avserve.exe . Unlike many recent worms, this virus does not spread via email. No user intervention is required to become infected or propagate the virus further. The worm works by instructing vulnerable systems to download and hahahahahahaha the viral code.

Indications of Infection

The virus copies itself to the hahahahahahas directory as avserve.exe and creates a registry run key to load itself at startup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\hahahahahaha s\
CurrentVersion\Run "avserve.exe" = C:\hahahahahahaS\avserve.exe
As the worm scans random ip addresses it listens on successive TCP ports starting at 1068. It also acts as an FTP server on TCP port 5554, and creates a remote shell on TCP port 9996.

A file named win.log is created on the root of the C: drive. This file contains the IP address of the localhost.

Copies of the worm are created in the hahahahahahas System directory as #_up.exe.

Examples

c:\hahahahahahaS\system32\11583_up.exe
c:\hahahahahahaS\system32\16913_up.exe
c:\hahahahahahaS\system32\29739_up.exe

A side-effect of the worm is for LSASS.EXE to crash, by default such system will reboot after the crash occurs. The following hahahahahaha may be displayed:

Method of Infection

This worm spreads by exploiting a recent Microsoft vulnerability, spreading from machine to machine with no user intervention required.

This worm scans random IP addresses for exploitable systems. When one is found, the worm exploits the vulnerable system, by overflowing a buffer in LSASS.EXE. It creates a remote shell on TCP port 9996. Next it creates an FTP script named cmd.ftp on the remote host and hahahahahahahas it. This FTP script instructs the target victim to download and hahahahahahaha the worm (with the filename #_up.exe as aforementioned) from the infected host. The infected host is accepts this FTP traffic on TCP port 5554.

The worm spawns multiple threads, some of which scan the local class A subnet, others the class B subnet, and others completely random subnets. The destination port is TCP 445

__________________
If you would like to develop your domains, you can lease inexpensive foreign labor
from the leaders in the field at iWebmasters.com TO LOWER YOUR COSTS AND INCREASE YOUR PRODUCTION!
*** *** *** *** *** *** *** *** *** *** *** ***
Domains Adult News KRL's Newsletter Biz Tips Just Listed Domains

pornstar2pac

that is why the industry is going all condom..... damn this virus

__________________
Trump haters gonna hate. that's all they can do

KMR Stitch

Damn it my worm leaked.

Pornwolf

I wonder why they hahahahaha useless viruses like that?

__________________
I've trusted my sites to them for over a decade...

Webair, bitches.

VicMartin

Yeah really, like we didn't have enough to worry about w/ one virus (HIV), now we have another.

__________________
Winning isn’t everything, but wanting to win is. –Vince Lombardi

MrJackMeHoff

<font size=10><b>FIREWALL</b></font>

__________________

ZoiNk

Most people that are infected are new computer users or fresh installs. 10-15 seconds online without the updates or firewall and you will have at least 1 trojan installed. Its insane!

ZoiNk

__________________
"People can have the Model T in any color - so long as it's black." - Henry Ford

MattO

Damn, I was just at my Dad's trying to figure out why his lsass.exe kept popping up and shutting his computer down... my searches were fruitless...

GFY as an information source comes through again!

cayne

I was infected. Took me 3 hours to remove the virus. I just hate these virus coders....!!!!!!!111

__________________
If lesbian anal is wrong, I don't want to be right.

jimmyf

read all about it

http://securityresponse.symantec.com...sser.worm.html

__________________
Epic CashEpic Cash works for me
Solar Cash Paysite Plugin
Gallery of the day freesites,POTD,Gallery generator with free hosting

sumz

Yeah, I was infected as well right after I installed hahahahahahas on new comp!
Security Update helped for that problem.
That stuff is insane nowadays.

Ash@phpFX

people should put their hahahahahahas updates on automatic, it would solve a lot of problems

KRL

Wow. What timing.

__________________
If you would like to develop your domains, you can lease inexpensive foreign labor
from the leaders in the field at iWebmasters.com TO LOWER YOUR COSTS AND INCREASE YOUR PRODUCTION!
*** *** *** *** *** *** *** *** *** *** *** ***
Domains Adult News KRL's Newsletter Biz Tips Just Listed Domains

rowan

I had exactly that prob when I first installed XP a couple of months ago. For some stupid reason I assumed that the CD would be reasonably up to date, but I was very wrong. I didn't even think about autonomous worms since I had used 98 until that point with relatively few incidents (apart from IE holes)

I decided it would be quicker to wipe it, firewall it at my router (only permitting outbound port 80 access), then reinstall. This way I could download and install all the necessary updates without any worms bugging me.

Win</b></b>dows sucks.

strats

can someone hahaha the hahahahas so my hahahahaha can stop running hahahaha?

KRL

Here's a good online service to quickly check how protected all your ports are. Its free also.

https://grc.com/x/ne.dll?bh0bkyd2

__________________
If you would like to develop your domains, you can lease inexpensive foreign labor
from the leaders in the field at iWebmasters.com TO LOWER YOUR COSTS AND INCREASE YOUR PRODUCTION!
*** *** *** *** *** *** *** *** *** *** *** ***
Domains Adult News KRL's Newsletter Biz Tips Just Listed Domains

rowan

Yeah, but how many would it cause? I have mine set to prompt so I see the updates, but that doesn't mean I want to install them all... and especially not quietly in the background!

Juicy D. Links

I ran that and it said my penis is vulnerable to being attacked by women looking for action

zzgundamnzz

Great, I think one of my computers is infected. Keeps rebooting at random times

__________________

KRL

Virus hahahahahars should be chopped up into little pieces and thrown into the shark tank.

__________________
If you would like to develop your domains, you can lease inexpensive foreign labor
from the leaders in the field at iWebmasters.com TO LOWER YOUR COSTS AND INCREASE YOUR PRODUCTION!
*** *** *** *** *** *** *** *** *** *** *** ***
Domains Adult News KRL's Newsletter Biz Tips Just Listed Domains

Babagirls

just ran a check, all clear!

__________________




Need a Text Writer?
Blogs|Reviews|Descriptions|Paysites|TGP's|Stories
ICQ: 397892500

X37375787

Very useful resource, thanks KRL

tony286

I run my net computer behind 2 firewalls and the computer I use for work is off line . To get into that one they got to be fucking houdini lol.

BVF

Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a hahahahahahas networking-based PC.) Relative to vulnerabilities from hahahahahahas networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.

__________________

Black Pussy
Click On Mr Cosby..CCbill, 60/40, 136 FHG's....The Cos Loves Black Ghetto Pussy!!

AgentCash

Your system has achieved a perfect "TruStealth" rating. Not a single packet ? solicited or otherwise ? was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

Furious_Male

Thanks for the post. I will expect the calls to roll in Monday morning from clients that just wont listen and protect themselves.

Lets hope everyone is running the frequent hahahahahahas updates.

__________________
Living in Virtual Reality
Contact: Email (preferred): furiousmale .at. gmail - Skype: live:shanedws