IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New Sasser does serious damage in Australia

One of the big banks had to revert to hand processing of transactions as all its ATMs & most PCs went down.

Telstra (largest ISP in Australia half govt owned) is in a mess today & people haven't been able to log in to its authentication & login servers. (I was 1/2 way thru a last big download of a 600MB file & got cut off at 9am this morning).

Other business are reporting problems as well. Getting lots on news coverage & Microsoft keeps getting mentioned.

One os NSW's larger dept stores was quoted yesterday as being interested in moving to Linux.

Doug M

New MS exec contacted us today - says 2nd Sasser on loose

From: Richard Lingard [link|mailto:richlin@microsoft.com|mailto:richlin@microsoft.com]
Sent: Wednesday, 5 May 2004 3:25 PM
To: abc.xyz@metcash.com
Subject: W32.SASSER WORM RELATING TO MS04-011

Dear [sent to my boss],

Please take the time to read the below security alert.

UPDATE:
- Earlier today a second version of SASSER was released. This version was also analyzed, and while it spreads differently, it too drops no damaging payload.

- Microsoft has developed a cleanup tool for W32.Sasser.worm. You will find this removal tool at [link|http://www.microsoft.com/downloads/details.aspx?FamilyId=76C6DE7E-1B6B-4FC3-90D4-9FA42D14CC17&displaylang=en|http://www.microsoft...mp;displaylang=en] and the corresponding Knowledge Base article KB841720 at [link|http://support.microsoft.com/default.aspx?scid=kb;EN-US;841720|http://support.micro...d=kb;EN-US;841720]. This tool exists for customers infected with Sasser. Microsoft strongly encourages you to apply MS04-011 as soon as possible.

On April 30th, Microsoft has been made aware that a worm identified as \ufffdW32.Sasser.worm\ufffd is currently circulating on the Internet. The worm exploits the Local Security Authority Subsystem Service (LSASS) vulnerability fixed in Microsoft Security Update MS04-011 on April 13, 2004. You or someone in your organization has likely received the Bulletin detailing these security updates. As a valued customer, we are contacting you again so you have the information and resources you need to help address any security issues that may arise. If you or your customers are still evaluating or testing these updates, we strongly recommend that you expedite your review and deployment of these updates. For the latest information please go to [link|http://www.microsoft.com/security|http://www.microsoft.com/security].

Microsoft Product Support Alert Details:
- Microsoft has been made aware of a worm identified as \ufffdW32.Sasser.worm\ufffd and it is currently circulating on the Internet. The worm exploits the Local Security Authority Subsystem Service (LSASS) vulnerability fixed in Microsoft Security Update MS04-011 on April 13, 2004.

- Microsoft encourages customers to protect themselves against this worm by installing Microsoft Security Bulletin MS04-011 <www.microsoft.com/technet/security/bulletin/ms04-011.mspx> immediately.

- Customers who have enabled the Windows XP Firewall are protected from the vector this worm attacks, which is TCP Port 139. Most third party firewalls also block this attack vector by default.

If you have any questions regarding the security updates or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.

Thank you,

Richard Lingard
Corporate Account Sales
Microsoft Pty Ltd
Phone: (02) 9870 2384
Mobile: 0413 584 569
Email: richlin@microsoft.com
Expand Edited by dmarker May 5, 2004, 01:51:52 AM EDT
     Sasser does serious damage in Australia - (dmarker) - (1)
         MS exec contacted us today - says 2nd Sasser on loose - (dmarker)

It's a Berkeley DB file - neat! I love retro.
55 ms