![]() ![]() ![]() Several anti-virus and security vendors have also posted free-for-the-downloading tools that remove the Sasser worm from infected computers. An option for non-IE browser users is to download the tool and run it independently of Internet Explorer. Users of Internet Explorer can also sniff for and remove Sasser.a and Sasser.b - the first two variants of the worm - by using the ActiveX control tool found on the Sasser page Microsoft posted on Saturday. Companies should also monitor incoming traffic for packets targeting TCP port 9996 - the port an infected machine uses to await a connection from the attacker - and outgoing traffic destined for TCP port 5554, which is the port used by the FTP server that Sasser installs on compromised systems. Users can also filter traffic targeting UDP ports 135, 137, 138, and 445, as well as TCP ports 135, 139, 445, 593, and any ports above 1024, said Symantec in its analysis and advisory for Sasser. The patch can be retrieved using the Windows Update service, or downloaded directly from the Security Bulletin MS04-011. Microsoft first released the patch for the LSASS vulnerability 13 April as part of its monthly round of security alerts.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |