• About us
• Noticeboard
• In the news
• Business survival
• Knowledge centre
• Business helpline
• Humour
• Contact Us

You are here: Home > Noticeboard > Virus alerts > 'Sasser' worm upgraded to Category 4 threat

• Business diary
• Can you help . . .
• Features and offers
• IT tips
• Quick wins
• Tax and Red Tape
• Virus alerts
• What's new on topenterprise
• Could you help answer our short survey?
  Please Click Here

'Sasser' worm upgraded to Category 4 threat

The threat posed by the Sasser worm was one of the Critical items advised by Microsoft in their April 2004 Security Bulletin

01 05 2004

The security threat from the Sasser worm has been upgraded due to its spread to large numbers of vulnerable computer systems. Note that the Sasser worm is transmitted through the Internet without any emails being involved.

This worm runs when you start Windows, it obstructs attempts to shut down or restart the computer, causes significant degradation in performance and can result in loss of data by causing computers to reboot. It also spreads itself to other vulnerable systems.

The original Sasser worm was first discovered in January 2004 and its latest variant affects Microsoft Windows computer systems. It exploits a vulnerability in Windows operating systems that was highlighted in Microsoft’s April 2004 Security Bulletin -

Read here about Microsoft’s Security Bulletin (page opens in a new window)

Symantec (Norton Anti-Virus and Personal Firewall) says that the number of systems affected by the Sasser worm has now reached the thousands. The Security Response has been upgraded from Category 3 to Category 4.

Symantec recommends that users of Norton Firewall should block TCP ports 5554, 9996 and 445 as a perimeter defence against attack and install the appropriate Microsoft patch to prevent the Sasser threat.

Containment is described as ‘Easy’ and difficulty of removal ‘Moderate’. Symantec has developed a removal tool to clean systems that are infected by this worm.

Read more about the Sasser worm and how to deal with it on Symantec’s web site (page opens in a new window)

McAfee describes a symptom of the Sasser worm that causes a program to crash and results in the computer rebooting (restarting) automatically. A message with this heading may be presented on the computer screen in a new window:

LSA Shell [Export Version] has encountered a problem and needs to close. We are sorry for this inconvenience.

This automatic ‘reboot’ can result in loss of data that was being used at the time, but it may be possible to recover it later.

McAfee have a ‘Stinger’ tool to assist users when dealing with an infected system. Stinger has been updated to detect and remove the Sasser worm.


© 2004 Copyright topenterprise uk ltd All rights reserved
Property of topenterprise uk ltd and made available under the terms of use notice on this web site


Back to top of page

More like this View keywords

Related Articles:

• Mimail steals credit card information – upgraded to Level 3 risk by Symantec
• MyDoom worm
• Netsky Internet worm
• UK small businesses trail behind Europe on cyber-security
• Critical threats to Windows users – April 2004
• What is an Internet worm?
• Bagle running wild on the Internet
• Small companies must respond to computer virus danger warnings
• Where did these come from?

• Privacy
• Copyright
• Terms of use