There's lots of good stuff about Sasser-* on the Sophos website (
http://www.sophos.com)
I'm sure Graham (downstairs!) won't mind me quoting from the Sophos Website about Sasser:
"The Sasser worm spreads in a similar way to last year's serious Blaster outbreak, in so much as it travels via the internet exploiting security holes in Microsoft's software and does not use email," said Graham Cluley, senior technology consultant for Sophos. "At the moment it's not travelling as fast as Blaster did, but computers which are not properly protected with anti-virus updates, firewalls and Microsoft's security patch are asking for trouble."
The security vulnerability, which Microsoft has described as "critical", is said to affect the following Microsoft software:
Microsoft Windows NT Workstation 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 2
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP
Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft NetMeeting
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
Microsoft Windows Millennium Edition (ME)
However, the Sasser worm is only capable of successfully infecting Windows XP and Windows 2000 systems.
"System administrators should note that Sasser doesn't spread by email - so internet email scanning services will not be able to detect this worm, and an absence of reports at your email gateway does not mean you can rest on your laurels," said Graham Cluley. "Companies should deploy the patch from Microsoft, ensure their firewall is set up correctly and update the anti-virus on their desktop and servers."
The patch from Microsoft is at
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx but you can also get it using Windows Update (
http://windowsupdate.microsoft.com/)
Sasser does not infect via email, however there's a new varient of Netsky (
http://www.sophos.com/virusinfo/analyses/w32netskyac.html) that DOES come by email that claims to be a "fix" for Sasser. Keep a lookout for that one too :!:
Neil
(emphatically NOT entering into the "this OS is better than that OS" debate - but you will note that Sasser affects almost all of the Windows varients - 95 isn't supported any more!)