WORM_SASSER.D

Discussion in 'malware problems & news' started by Marianna, May 3, 2004.

Thread Status:
Not open for further replies.
  1. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Virus type: Worm

    Destructive: No

    Description:



    This worm exploits the Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the infected system. This vulnerability is discussed in detail in the following pages:

    MS04-011_MICROSOFT_WINDOWS
    Microsoft Security Bulletin MS04-011
    To propagate, it scans for vulnerable systems at TCP port 445 and sends a specially-crafted packet to produce a buffer overflow on LSASS.EXE. The packet runs a remote shell that opens port 9995. This worm commands the remote shell to download its copy from the original infected source via port 5554 using FTP.

    More: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SASSER.D
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.