The
Sasser virus and its variants have been rampaging on the Internet
since May 2004. According to the information provided by Symantec,
Sasser is an Internet worm spreading through the MS04-011
(LSASS) vulnerability.
This
vulnerability is caused by a buffer overrun in the Local Security
Authority Subsystem Service, and will affect all machines
that are:
- Running
Windows XP or Windows 2000
- Haven't been patched against this vulnerability
- Are connected to the Internet without a firewall
Once
infected with the Sasser worm, the following symptoms may
occur:
- Computer
performance is decreased or network connection is slow
- One may see a dialog box that contains text that refers
to LSA Shell
- Computer may restart every few minutes without user input
Many
organizations and universities worldwide were hit really hard
at the time. Fortunately, most of our users hardly noticed
this epidemic because: