<<<
Monday, May 10, 2004
>>>
 
Sasser exploit Posted by Gergo @ 15:22 GMT

The FTP server in the Sasser worm family has an apparent buffer overflow vulnerability. A small program has appeared on the InterNet that exploits this vulnerabilty and opens a remote shell on TCP port 530 (by default).

The idea behind the exploit is unknown considering that computers infected with the Sasser worm are most likely vulnerable to MS04-011 already. On the other hand exploiting a vulnerabily in a virus is quite unusual.







<<< Sasser.E screenshot
|
Cycle: The new MS04-011 (LSASS) worm >>>