Reminder to run your Windows Update, folks...

Affects: Microsoft Windows 2000 and XP operating systems.

Sasser worm begins spreading

By Robert Lemos
Staff Writer, CNET News.com
[link]

Story last modified May 1, 2004, 8:25 AM PDT

A worm has started spreading through the Internet using a vulnerability in a widely used component of the Windows operating system.

The worm--dubbed Sasser by antivirus firms--began spreading Friday night and seems to be moving at a moderate pace, said Vincent Gullotto, vice president of Network Associates' antivirus emergency response team.

"We have had 25 to 50 reports from companies that have had up to a few hundred machines infected," he said. "One company wanted to patch this weekend, but the worm infected their network first."

This worm spreads by exploiting a recent vulnerability in a component of Microsoft Windows known as the Local Security Authority Subsystem Service, or LSASS. As previously reported by CNET News.com, security experts widely predicted that a worm would soon start spreading using that particular flaw.

The Sasser worm spreads from infected computer to vulnerable computer with no user intervention required. The worm scans for vulnerable systems, creates a remote connection to the system, installs a file transfer protocol (FTP) server and then downloads itself to the new host.

The worm opens up the initial connection on a specific application data channel, or port, numbered 9996. After the worm infects the new host, the FTP server listens on port 5554 for new files.

The worm uses multiple processes to scan different ranges of Internet addresses. The scans attempt to detect the vulnerable LSASS component on port 445. Microsoft has analyzed the worm and believes it also spreads through port 139. Both are data channels used by the Windows file sharing protocol and, in many cases, are blocked by Internet service providers.

A team of Microsoft engineers worked through the night to analyze the worm, said Stephen Toulouse, security program manager for the software giant.

"We are still studying the worm, but we do know customers that install the update are protected from Sasser," Toulouse said.

The worm will cause the LSASS component of Windows to crash, according to analyses. Infected systems will then perform a 60-second countdown before restarting. Microsoft has created a Web page telling customers how to manually clean up the worm.

Antivirus firms also continue to analyze the worm.

New Wonderfalls episodes are up in PDF format at Greetings from Wonderfalls: Resources for Fans.

Old and new include:
S01E02 - "Karma Chameleon" - written by Tim Minear
S01E03 - "Wound Up Penguin" - written by Liz Garcia
S01E04 - "Pink Flamingo" - written by Aaron Harberts and Gretchen Berg
S01E05 - "Crime Dog" - written by Krista Vernoff
S01E07 - "Muffin Buffalo" - written by Aaron Harberts and Gretchen Berg
S01E08 - "Lovesick Ass" - written by Dan E. Fesman and Harry Victor
S01E09 - "Safety Canary" - written by Liz Garcia and Alexander C. Woo
S01E10 - "Lying Pig" - written by Krista Vernoff
S01E11 - "Cocktail Bunny" - written by Bryan Fuller
S01E12 - "Totem Mole" - written by Harry Victor and Dan E. Fesman

Lots of media over there too. Take a look!

Unaired ep of Wonderfalls up in HTML: "Totem Mole". (Spoiler alert.)

Update:

Newest Sasser worm a greater danger

By Robert Lemos and Dawn Kawamoto

Staff Writer, CNET News.com

[link]

Story last modified May 3, 2004, 10:54 AM PDT

A newer, better-built version of the Sasser worm has boosted the infectiousness of the original, spreading to more than 10,000 computers over the weekend, antivirus company Symantec said on Monday.

The new worm, Sasser.B, like its predecessor Sasser.A, takes advantage of a vulnerability in unpatched versions of Windows XP and Windows 2000 systems. The worms infect vulnerable systems by establishing a remote connection to the targeted computer, installing a file transfer protocol (FTP) server and then downloading themselves to the new host.

The original version of the Sasser worm spread slowly, but the Sasser.B version released Saturday is infecting computers much faster.

See link at the top for more on the story, etc.

MPG and WMV files of Steve DeKnight accepting the Spacey award for Angel's 'Best Series' win.

Links are good for seven days or 100 downloads. Whichever comes first.

Thank you so much to everyone that responded to my request for filling out my survey for my school project. It turns out I’m taking an incomplete in that class, so if you’d still like to fill out the survey, I can probably take them for another week or so; e-mail me at my profile addy if you’re interested.

For those of you who responded and didn’t hear back from me with the survey, could you pop me another e-mail? Hotmail seems to be eating some of my sent messages, which is most frustrating. Also, if you sent me a survey and your name is not on the following list, could you resend it (if it’s still in your sent mail box…if it means you’d have to redo the survey, and that’s more time than you have, that’s totally cool)?

I got completed surveys from:

Allyson
Laura
Matt the Bruins Fan
Gudanov
beth b
Am-Chau
Moonlit
JenP
sj
AmyLiz
katefate
Sumiko
Sassy
Kate
billytea
DX
aurelia
erikaj
Debetesse
Ouise
Calli
connie neil
Dawn K
Katerina Bee
Betsy HP
Astarte
flea
Dana
Sue
Victor Infante 

NEWYORKISTA ANGEL FINALE PARTY

Hey, Kiddies. Y'all are invited over at 7:30 for goodies and bonding the night of the big bye-bye. Drop me a note and I'll give you my address.

::MWAH::

NEW ENGLAND BUFFISTAS AtS FINALE FIESTA

La Casa de Ferrets--Victor & Thessaly, curators--in Worcester, May 19th, festivities starting 6 p.m. ish.

Drop me a line for info.

I may be able to acquire a pair of tickets near the 8th pole for the Preakness on Saturday, May 25, but I need to let the current owner know tomorrow morning whether or not I want them.

Contact me at my profile addy if you're interested.