• Welcome to Valhalla Legends Archive.
 

Sasser - From Microsoft

Started by iago, May 05, 2004, 07:27 PM

Previous topic - Next topic

iago

http://www.microsoft.com/security/incident/sasser.asp

To quote:

QuoteMicrosoft teams have confirmed that the Sasser worm (W32.Sasser.A and its variants) is currently circulating on the Internet.
Thank God these guys are getting paid a small fortune!


QuoteIf you have a hardware firewall in place for your home or workplace connection, or if you use the firewall included with Windows XP, the Sasser worm is most likely blocked.
Thank God they have confidence in their own software!

<Edit: Spelling>
Thanks for spelling suggestion from Trust:
Quote[19:25:42] Trust: They have a lot of truts in their products, eh?
(the guy who can't spell his own name)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


effect

#1
Quote
If you have a hardware firewall in place for your home or workplace connection, or if you use the firewall included with Windows XP, the Sasser worm is most likely blocked.

This is completly un-true we have hardware and software firewalls here at work , and we were infected (quite seriously). We are still feeling the effects from it , as some systems are still infecrted (Extra high network traffic)
Quote from: Mangix on March 22, 2005, 03:03 AM
i am an expert Stealthbot VBScript. Recognize Bitch.

hismajesty

Quoteiago: omg
iago: " if you use the firewall included with Windows XP, the Sasser worm is most likely blocked"
iago: WTF?
iago: "most likely"?
me: lol
me: They have a lot of truts in their products, eh?
me: trust even
iago: I'll say!
iago: Trust can't spell trust.  Ouch, the irony!

Skywing

Quote from: effect on May 05, 2004, 07:30 PM
Quote
If you have a hardware firewall in place for your home or workplace connection, or if you use the firewall included with Windows XP, the Sasser worm is most likely blocked.

This is completly un-true we have hardware and software firewalls here at work , and we were infected (quite seriously). We are still feeling the effects from it , as some systems are still infecrted (Extra high network traffic)
Obviously, if you configure the firewall to not block the necessary ports, it won't do you any good.

Of course, it also won't do you any good if somebody brings an infected machine into the network behind the firewall...

effect

#4
Quote from: Skywing on May 05, 2004, 07:35 PM
Quote from: effect on May 05, 2004, 07:30 PM
Quote
If you have a hardware firewall in place for your home or workplace connection, or if you use the firewall included with Windows XP, the Sasser worm is most likely blocked.

This is completly un-true we have hardware and software firewalls here at work , and we were infected (quite seriously). We are still feeling the effects from it , as some systems are still infecrted (Extra high network traffic)
Obviously, if you configure the firewall to not block the necessary ports, it won't do you any good.

Of course, it also won't do you any good if somebody brings an infected machine into the network behind the firewall...


We have a stiff policy against this (however there is defiently no way to be 100% sure) , the moral of the story is dont listen to anything microsoft says.

edit: And keep your system up to date  ;)
Quote from: Mangix on March 22, 2005, 03:03 AM
i am an expert Stealthbot VBScript. Recognize Bitch.

MyndFyre

pshh.  I have that Linksys router and we have experienced 0 infections.
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.

Falcon[anti-yL]

I use Sygate Firewall and if it gets past that then I always got The Cleaner and McAfee Virus Scan. ;)

hismajesty


quasi-modo

I do not know much about sasser... just what i have seen in headlines really. Does it do a sort of port scan when it looks for ips? If that is the case then if you are behind a hardware firewall on your router and your ports are stealth you would be pretty safe.
WAR EAGLE!
Quote(00:04:08) zdv17: yeah i quit doing that stuff cause it jacked up the power bill too much
(00:04:19) nick is a turtle: Right now im not paying the power bill though
(00:04:33) nick is a turtle: if i had to pay the electric bill
(00:04:47) nick is a turtle: id hibernate when i go to class
(00:04:57) nick is a turtle: or at least when i go to sleep
(00:08:50) zdv17: hibernating in class is cool.. esp. when you leave a drool puddle

hismajesty

It randomly generates an IP.

Grok

Quote from: effect on May 05, 2004, 07:38 PM
Quote from: Skywing on May 05, 2004, 07:35 PM
Quote from: effect on May 05, 2004, 07:30 PM
Quote
If you have a hardware firewall in place for your home or workplace connection, or if you use the firewall included with Windows XP, the Sasser worm is most likely blocked.

This is completly un-true we have hardware and software firewalls here at work , and we were infected (quite seriously). We are still feeling the effects from it , as some systems are still infecrted (Extra high network traffic)
Obviously, if you configure the firewall to not block the necessary ports, it won't do you any good.

Of course, it also won't do you any good if somebody brings an infected machine into the network behind the firewall...


We have a stiff policy against this (however there is defiently no way to be 100% sure) , the moral of the story is dont listen to anything microsoft says.

edit: And keep your system up to date  ;)

Yes, there is a way.  Learn how to use your DHCP server.  If you only allocate LAN IPs to trusted machines, those you have built and know the MAC address of, no contractor or manager can hook a laptop up to your network and infect it.  If you make their only connect method via terminal server or VPN, you are controlling your own LAN.

Accept responsibility for your own LAN and own machines.

Mephisto

Quote from: effect on May 05, 2004, 07:38 PM
the moral of the story is dont listen to anything microsoft says.

Why do you insist on thinking that?  I'm so sick of people who just randomly *hate* Microsoft and pretend that everything they say is BS and all of their products are, etc.

SNiFFeR

My entire school is infected with it. I'm cracking up in their faces because nobody listened to me when it happened.

Newby

Quote from: SNiFFeR on May 06, 2004, 09:50 AM
My entire school is infected with it. I'm cracking up in their faces because nobody listened to me when it happened.
My school has Mac's so I don't think you can infect those. :P!
- Newby

Quote[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

Quote<TehUser> Man, I can't get Xorg to work properly.  This sucks.
<torque> you should probably kill yourself
<TehUser> I think I will.  Thanks, torque.

iago

Quote from: Mephisto on May 06, 2004, 09:24 AM
Quote from: effect on May 05, 2004, 07:38 PM
the moral of the story is dont listen to anything microsoft says.

Why do you insist on thinking that?  I'm so sick of people who just randomly *hate* Microsoft and pretend that everything they say is BS and all of their products are, etc.

Note my quotations - they aren't even sure what they're doing :P
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*