|
New Sasser Worm Can Enter Your PC Just By Going On The Net
New Internt Worm Infecting Millions of Computers
STOCKHOLM (AFP) - A new Internet worm is spreading worldwide and has probably already infected millions of computers, a Finnish anti-virus expert told AFP. The Sasser worm can infect any computer that is switched on and connected to an Internet service provider, and unlike most other worms or viruses is not spread by email, said Mikko Hyppoenen, head of anti-virus research at the Finnish Internet security firm F-Secure. "This is one of few worms that spreads automatically. It is enough for your PC to be on," he told AFP in a telephone interview from Helsinki. The worm typically shuts down the computer then automatically re-boots it, repeating the procedure several times. Hyppoenen said computers behind a firewall should be spared from the attack. Sasser was first observed at 0001 GMT Saturday, and was infecting computers that had not installed the latest Microsoft software update in the past 18 days. Installing the patch fixes the problem, but many users may find that difficult because their computer keeps on shutting down, Hyppoenen said. He expected the number of computers affected by the worm to increase dramatically on Monday, when employees who had worked on laptop computers at home over the weekend returned to work and hooked them up to the office network. The antivirus company Symantec said on its website that Sasser spreads by scanning Internet computers for "vulnerable systems" -- computers that were permanently connected to their Internet service provider. Since laptops are not protected by company firewall systems if used on another server than the company's, they would run the risk of being infected, and in turn infect the company's network when used Monday in the office. |
Oh joy. :mad:
|
i dont get why folks are so slow in getting the ms updates downloaded
|
Quote:
Its really scary how many techno putzes are on the Net. If everyone would just learn some basic computing necessities these viruses would never be able to spread all over as much as they do. :BangBang: |
http://www.channelnewsasia.com/stori.../82779/1/.html
It was first spotted on Friday, and hahahahahahas 2000, hahahahahahas Server 2003 and hahahahahahas XP were the exposed operating systems. Other hahahahahahas systems, Linux and Macintosh, among others, were not affected. as usual winblows again best thing I ever done was get ride of winblows hahaha= winblows |
The worm spreads with the file name: avserve.exe . Unlike many recent worms, this virus does not spread via email. No user intervention is required to become infected or propagate the virus further. The worm works by instructing vulnerable systems to download and hahahahahahaha the viral code.
Indications of Infection The virus copies itself to the hahahahahahas directory as avserve.exe and creates a registry run key to load itself at startup HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\hahahahahaha s\ CurrentVersion\Run "avserve.exe" = C:\hahahahahahaS\avserve.exe As the worm scans random ip addresses it listens on successive TCP ports starting at 1068. It also acts as an FTP server on TCP port 5554, and creates a remote shell on TCP port 9996. A file named win.log is created on the root of the C: drive. This file contains the IP address of the localhost. Copies of the worm are created in the hahahahahahas System directory as #_up.exe. Examples c:\hahahahahahaS\system32\11583_up.exe c:\hahahahahahaS\system32\16913_up.exe c:\hahahahahahaS\system32\29739_up.exe A side-effect of the worm is for LSASS.EXE to crash, by default such system will reboot after the crash occurs. The following hahahahahaha may be displayed: Method of Infection This worm spreads by exploiting a recent Microsoft vulnerability, spreading from machine to machine with no user intervention required. This worm scans random IP addresses for exploitable systems. When one is found, the worm exploits the vulnerable system, by overflowing a buffer in LSASS.EXE. It creates a remote shell on TCP port 9996. Next it creates an FTP script named cmd.ftp on the remote host and hahahahahahahas it. This FTP script instructs the target victim to download and hahahahahahaha the worm (with the filename #_up.exe as aforementioned) from the infected host. The infected host is accepts this FTP traffic on TCP port 5554. The worm spawns multiple threads, some of which scan the local class A subnet, others the class B subnet, and others completely random subnets. The destination port is TCP 445 |
that is why the industry is going all condom..... damn this virus
|
Damn it my worm leaked.
|
I wonder why they hahahahaha useless viruses like that?
|
Yeah really, like we didn't have enough to worry about w/ one virus (HIV), now we have another. :feels-hot
|
<font size=10><b>FIREWALL</b></font>
|
Most people that are infected are new computer users or fresh installs. 10-15 seconds online without the updates or firewall and you will have at least 1 trojan installed. Its insane!
ZoiNk |
Damn, I was just at my Dad's trying to figure out why his lsass.exe kept popping up and shutting his computer down... my searches were fruitless...
GFY as an information source comes through again! |
I was infected. Took me 3 hours to remove the virus. :mad: I just hate these virus coders....!!!!!!!111
|
|
Yeah, I was infected as well right after I installed hahahahahahas on new comp!
Security Update helped for that problem. That stuff is insane nowadays. |
people should put their hahahahahahas updates on automatic, it would solve a lot of problems
|
Quote:
|
Quote:
I decided it would be quicker to wipe it, firewall it at my router (only permitting outbound port 80 access), then reinstall. This way I could download and install all the necessary updates without any worms bugging me. Win</b></b>dows sucks. |
can someone hahaha the hahahahas so my hahahahaha can stop running hahahaha?
|
Here's a good online service to quickly check how protected all your ports are. Its free also.
https://grc.com/x/ne.dll?bh0bkyd2 |
Quote:
|
Quote:
|
Great, I think one of my computers is infected. Keeps rebooting at random times :(
|
Quote:
:1orglaugh :1orglaugh :1orglaugh |
just ran a check, all clear!:thumbsup
|
Quote:
Very useful resource, thanks KRL :thumbsup |
I run my net computer behind 2 firewalls and the computer I use for work is off line . To get into that one they got to be fucking houdini lol.
|
Quote:
All attempts to get any information from your computer have FAILED. (This is very uncommon for a hahahahahahas networking-based PC.) Relative to vulnerabilities from hahahahahahas networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet. :thumbsup |
Quote:
Your system has achieved a perfect "TruStealth" rating. Not a single packet ? solicited or otherwise ? was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice. :Graucho |
Thanks for the post. I will expect the calls to roll in Monday morning from clients that just wont listen and protect themselves.
Lets hope everyone is running the frequent hahahahahahas updates. |
| All times are GMT -7. The time now is 10:49 PM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123