NEWS FROM THE LAB - Sunday, May 2, 2004

Sasser situation Posted by Mikko @ 16:59 GMT

We've received some reports of large corporations being hit in their internal networks. Otherwise things are still relatively calm. The main assumption remains that monday morning will decide how bad this is going to get. We've talked to several large companies, and most of them had succesully installed the needed Windows patches before this weekend. Good news.

In the meanwhile, a minor repacked variant of Sasser.A has been found. For now, we detect it as Sasser.A, but it will be renamed later to Sasser.C. There are no functional differences in this version.

Microsoft has posted an ActiveX scanning tool on their Sasser infopage, which you can use to easily check online if you're infected or not. Then again, if you are infected, you might not make it to that page before you're machine is rebooted again.

If you find yourself infected, you can use our Free F-Sasser Tool to clean the worm from your machine. You also need to install the Windows patches to prevent you from getting reinfected.

Also, about the rebooting problem: Windows XP users with the constant rebooting problem might want to try the "shutdown -a" Command Prompt command to abort an active reboot countdown.

In other news, we've also sent out a public alert on the situation.

People will be starting their working day in Sydney in five hours from now...