Panda Software Detects Sasser.F - Other Hackers Pick Up Where Sasser Author Left Off

Panda Software Detects Sasser.F Other Hackers Pick Up Where Sasser Author Left Off • Code of Sasser.F is only slightly different form the original worm, suggesting that it has been created by an inexperienced hacker • Variants of Sasser or new worms that exploit the Windows LSASS vulnerability are expected to continue appearing • To avoid falling victim to malicious code that exploits the LSASS vulnerability, install the patch released by Microsoft to fix it GLENDALE, CA - May 11, 2004 - PandaLabs has detected the appearance of the new Sasser.F worm. This variant is very similar to the original worm, as it only includes a few small differences, such as the format in which it is packed. The date that Sasser.F was created appears as April 30, the same day the first Sasser worm emerged. “It seems that an inexperienced hacker has created Sasser.F by slightly modifying the code of the original worm. Another possibility is that the author of Sasser did not work alone, and that another person is releasing these previously created variants. However, studying the evolution of Sasser, the fact that variant F does not include any new features confirms that it is the work of a different person,” says Luis Corrons, head of PandaLabs. It is highly probable that new variants of Sasser and Cycle, or new viruses that exploit the LSASS vulnerability will appear. “In order to avoid falling victim to these viruses, the first thing users must do is install the patches released by Microsoft to fix the LSASS vulnerability. Given that a large number of viruses that exploit this flaw are in circulation -and that more could appear – computers are extremely vulnerable to infection,” explains Corrons. In order to avoid falling victim to Sasser.F or any of its variants, Panda Software advises users to take precautions, keep their antivirus software updated and to apply the Microsoft patch, -which can be downloaded from http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx- as computer will continue to be infected by this virus until the vulnerability has been fixed. Panda Software has made the updates necessary to detect and disinfect this new worm available to clients. More information about these and other IT threats is available from: http://www.pandasoftware.com/virus_info/encyclopedia/ Panda Software’s online support center also offers help to users at: http://www.pandasoftware.com/support/ Panda Software clients can update their antivirus through the applications installed on their computers. Users can also scan and disinfect their computers using Panda ActiveScan, the free, online scanner available from: http://www.pandasoftware.com/activescan About PandaLabs On receiving a possibly infected file, Panda Software's technical staff gets right to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users. For more information: Alan Wallace [email protected] Tel. (818) 543-6909