Notices
NSC-040503: "Sasser" Worm has Arrived
An exploit for the LSASS program flaw in Windows computers, (which is fixed by the MS04-011 security patch), was launched onto the Internet over the weekend. The University is currently dealing with dozens (perhaps hundreds) of computers infected with the "Sasser" worm.
The Sasser worm spreads via the network, which means NO user interaction such as opening an email attachment, is required in order to have a machine become infected. If the latest security patches announced by Microsoft in early-April have not been installed on (Windows 2000, XP, and Server 2003) computers, they are LIKELY to be infected at this time.
The ITS Help Desk is receiving reports of Windows computers re-booting themselves every 60 seconds, which is caused by Sasser activity. Infected machines will act noticeably slow to the user because the worm will use most of the computers resources to spread. Network activity related to the Sasser worm is extremely high.
Infected computers detected by the IT Security Office are being disabled from the network until they are repaired. Information is available from the ITS Help Desk web site (see below) to assist with repairs.
For more Information:
http://helpdesk.its.uiowa.edu/virus/entry.asp?id=11
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html