What You Should Know About the Sasser Worm


We're currently tracking the Sasser worm and we're posting updated information on Microsoft.com as we get it. Check out the following page for information related to this worm:

What You Should Know About the Sasser Worm

Microsoft teams and law enforcement authorities are investigating reports of a worm, identified as W32.Sasser.worm, that is currently circulating on the Internet. Microsoft has verified that the worm exploits the Local Security Authority Subsystem Service (LSASS) issue fixed in Microsoft Security Update MS04-011 on April 13, 2004.

We're linking to the TechNet page on the MSDN Developer Centers

Comments (8)

  1. Edward says:

    Do ya think this one will be as big as Blaster?

    Will you have to get everyone manning the phones?

    I’m just pictureing the "I survived Sasser.A T-Shirts now"

  2. Brian says:

    It’s hard to say. I would love for this NOT to be t-shirt worthy. I think the most important thing is that we get people to Windows Update, get them to turn on ICF, and install AV software. 🙂

    Cheers,

    Brian

  3. Scott says:

    I would be happy with people updating the AV software they have. I can’t tell you how many times I have seen PC’s with AV software that hasn’t been updated in 2+ years.

  4. Aaron Lewis says:

    If anybody at Microsoft is listening, I’d like to do a mental exercise with you. Break out your persona cards and if the persona I’m going to propose to you isn’t already there, add it…

    Close your eyes (*after* reading the rest — lol) and picture a grandmother who’s purchased a Windows XP computer off the shelf at the local computer store.

    She bought it so that she could send and receive e-mail between herself and family members who no longer live nearby.

    Her husband uses it to keep up-to-date on happenings with the Veteran’s Administration, and he’s found a nice group of people to chat with while playing backgammon online.

    Now tell them to enable a firewall, and tell them to do so in such a way so that they feel stupid for not knowing what a firewall is, what a virus is, what a worm is… They bought the computer to *use* it, and they just "want it to work."

    My point is, Windows security flaws are occupying far too much mental real estate, especially in the minds of people it really shouldn’t be bothering. They have to actively participate in securing their machines (via updates, clicking to install, etc.).

    I’m pretty sure these personas aren’t a key demographic. If they aren’t, then the platform has failed them miserably. If they are, then I’ve got to wonder exactly how out-of-control the codebase is.

  5. TEN says:

    I just had to give nuff respect to the comments of Aaron Lewis. while fixing my sisters 2 computers this weekend i was thinking exactly the same thing! well said man, and microsoft wake up!

  6. Brian says:

    Hi Aaron,

    The persona you describe is definately one that we use when we describe actions that need to be taken around these worms.

    The site we have set up for people to protect their PC’s is here:

    http://www.microsoft.com/security/protect/

    When XPSP2 is release, then this problem will be reduced.

    In the meantime we’ll just have to get people to go to Windows Update and to the Protect Your PC site to get them protected.

    Cheers,

    Brian

  7. Liam says:

    My experience of the sasser worm kind of sucks. I formatted my computer as it was getting slow and i wanted to put a new game on. Everything was fine, all set up; when i connected onto the internet and was immediatly shut down. It took me over an hour to get onto the microsoft site just to see "sasser b worm". I had no way of downloading updates; or scanning my computer. I think there should be a simple "email me the manual guide to removing sasser b" so users facing that problem can get it fixed without needing to use the startup.exe -a command 500 times, many people wont have a clue whats happening and how to fix it.

    Just my suggestion; i have several friends who couldnt stay online long enough to download the update, microsoft must recognise this problem.

  8. Brian says:

    I’m sorry to hear you had trouble Liam. We created a couple of light pages for quick printing (To hopefully beat a reboot cycle). If anybody needs these, here are the links:

    Windows XP

    http://www.microsoft.com/security/incident/sasser_printxp.asp

    Windows 2000

    http://www.microsoft.com/security/incident/sasser_print2000.asp

    You can also call 1-866-PCSAFETY and they will help you out with this.

    Best of luck,

    Brian

Skip to main content