Threat Advisory: Network Associates McAfee AVERT Raises Risk Assessment to Medium on Newly Discovered W32/Sasser.worm.b
2004年5月3日 - 3:19AM
PRニュース・ワイアー (英語)
Threat Advisory: Network Associates McAfee AVERT Raises Risk
Assessment to Medium on Newly Discovered W32/Sasser.worm.b McAfee
AVERT Raises Sasser.b to Medium due to Increased Prevalence
BEAVERTON, Ore., May 2 /PRNewswire-FirstCall/ -- Network
Associates, Inc. the leading provider of intrusion prevention
solutions, today announced that McAfee(R) AVERT(TM) (Anti-virus and
Vulnerability Emergency Response Team), the world-class research
division of Network Associates, has discovered the first
self-executing worm to attack the MS04-011 vulnerability announced
by Microsoft in April. McAfee AVERT has raised the risk assessment
to medium for W32/Sasser.worm.b, also known as Sasser.b, due to its
prevalence in the field and its ability to move without the support
of email, which has been the primary vehicle of delivery for most
of the worms seen recently. This new worm is a self-executable
program that spreads by scanning random IP addresses for
exploitable systems. To date, McAfee AVERT has received several
reports of the worm being stopped or infecting users on several
continents, with most of the reports coming from the U.S. Symptoms
Sasser.b is a self-executing worm that spreads by exploiting the
Microsoft MS04-011 vulnerability
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx.
The primary purpose of the worm is to spread to as many vulnerable
machines as possible by exploiting un-patched Windows systems,
giving it the ability to execute without requiring any action on
the part of the user. Once activated the worm copies itself to a
folder in the Windows System directory and adds a registry run key
to load at system start-up. Pathology After being executed,
Sasser.b scans random IP addresses on TCP port 445 for exploitable
systems. When one is found, the worm exploits the vulnerable system
by creating a script and executing it. This script instructs the
target victim to download and execute the worm from the infected
host. As the worm scans random IP addresses, it listens on
successive TCP ports starting at 1068. It also acts as an FTP
server on TCP port 5554 and creates a remote shell on TCP port
9996. Cure Immediate information and cure for this worm can be
found online at the Network Associates McAfee AVERT site located at
http://vil.nai.com/vil/content/v_125008.htm. McAfee AVERT is
advising its customers to update to the 4356 DATs to stay
protected. McAfee AVERT Labs is one of the top-ranked anti-virus
and vulnerability research organizations in the world, employing
researchers in offices on five continents. McAfee AVERT protects
customers by developing and providing solutions that are created
through the combined efforts of McAfee AVERT researchers and McAfee
AVERT AutoImmune technology, which applies advanced heuristics,
generic detection and ActiveDAT technology to generate cures for
previously undiscovered viruses. About Network Associates With
headquarters in Santa Clara, California, Network Associates, Inc.
(NYSE:NET) creates best-of-breed computer security solutions that
prevent intrusions on networks and protect computer systems from
the next generation of blended attacks and threats. Offering two
families of products, McAfee System Protection Solutions, securing
desktops and servers, and McAfee Network Protection Solutions,
ensuring the protection and performance of the corporate network,
Network Associates offers computer security to large enterprises,
governments, small and medium sized businesses, and consumers. For
more information, Network Associates can be reached at 972-963-8000
or on the Internet at http://www.networkassociates.com/. NOTE:
Network Associates, McAfee and AVERT are either registered
trademarks or trademarks of Network Associates, Inc. and/or its
affiliates in the United States and/or other countries. All other
registered and unregistered trademarks herein are the sole property
of their respective owners.
http://www.newscom.com/cgi-bin/prnh/19991104/NETALOGO
http://photoarchive.ap.org/ DATASOURCE: Network Associates, Inc.
CONTACT: Tracy Ross of Network Associates, Inc., +1-408-346-5965,
or ; or Kelly Delaney of Porter Novelli, +1-415-975-2229, or , for
Network Associates, Inc. Web site:
http://www.networkassociates.com/
Copyright
Cloudflare (NYSE:NET)
過去 株価チャート
から 6 2024 まで 7 2024
Cloudflare (NYSE:NET)
過去 株価チャート
から 7 2023 まで 7 2024