Wilders Security Forums  

Go Back   Wilders Security Forums > Other Security Topics > malware problems & news
Reload this Page WORM_SASSER.C
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Search this Thread
  #1  
Old May 3rd, 2004, 11:05 AM
Marianna's Avatar
Marianna Marianna is offline
Spyware Fighter
  
Join Date: Apr 2002
Location: B.C. Canada
Posts: 1,215
Default WORM_SASSER.C
Virus type: Worm

Destructive: No

Description:



Note: This worm is covered by the Red alert on the SASSER family of worms (variants A, B, and C).

This worm exploits the Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the infected system. This vulnerability is discussed in detail in the following pages:

MS04-011_MICROSOFT_WINDOWS
Microsoft Security Bulletin MS04-011
To propagate, it scans for vulnerable systems at TCP port 445 and sends a specially-crafted packet to produce a buffer overflow on LSASS.EXE. The packet runs a remote shell that opens port 9996. This worm commands the remote shell to download its copy from the original infected source via port 5554 using FTP.

More: http://www.trendmicro.com/vinfo/viru...=WORM_SASSER.C
 

Wilders Security Forums > Other Security Topics > malware problems & news « Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 09:14 PM.

Contact Us - SSL - Wilders Security - Archive - TOS/Privacy - Top

Powered by vBulletin® Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums