Threat Advisory: Network Associates McAfee AVERT Raises Risk Assessment to Medium on Newly Discovered W32/Sasser.worm.d
2004年5月4日 - 11:53PM
PRニュース・ワイアー (英語)
Threat Advisory: Network Associates McAfee AVERT Raises Risk
Assessment to Medium on Newly Discovered W32/Sasser.worm.d McAfee
AVERT Receives More than 1000 Customer Reports of the Virus
In-the-Wild BEAVERTON, Ore., May 4 /PRNewswire-FirstCall/ --
Network Associates, Inc. the leading provider of intrusion
prevention solutions, today announced that McAfee(R) AVERT(TM)
(Anti-virus and Vulnerability Emergency Response Team), the
world-class research division of Network Associates, has raised the
risk assessment to medium for W32/Sasser.worm.d, also known as
Sasser.d. Sasser.d is the fourth self-executing variant in the
Sasser family to attack the MS04-011 vulnerability announced by
Microsoft in April. McAfee AVERT has raised the risk assessment to
medium due to its prevalence in the field and its ability to move
without the support of email, which has been the primary vehicle of
delivery for most of the recent worms prior to the Sasser family.
This new worm is a self-executable program that spreads by scanning
random IP addresses for exploitable systems. To date, McAfee AVERT
has received several reports of the worm being stopped or infecting
users on several continents, with most of the reports coming from
the United States and Europe. Symptoms Sasser.d is a self-executing
worm that spreads by exploiting the Microsoft MS04-011
vulnerability
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx.
The primary purpose of the worm is to spread to as many vulnerable
machines as possible by exploiting un-patched Windows systems,
giving it the ability to execute without requiring any action on
the part of the user. Once activated, the worm copies itself to a
folder in the Windows System directory and adds a registry run key
to load at system start-up. Sasser.d has many similarities to the
previous Sasser variants, yet Sasser.d spreads with a different
filename, sends ICMP echo packets as a way to discover its
potential victims and creates a remote shell on TCP Port 9995.
Pathology After being executed, Sasser.d scans random IP addresses
on TCP port 445 for exploitable systems. When one is found, the
worm exploits the vulnerable system by creating a script and
executing it. This script instructs the target victim to download
and execute the worm from the infected host. As the worm scans
random IP addresses, it listens on successive TCP ports starting at
1068. It also acts as an FTP server on TCP port 5554 and creates a
remote shell on TCP port 9995. Cure Immediate information and cure
for this worm can be found online at the Network Associates McAfee
AVERT site located at http://vil.nai.com/vil/content/v_125012.htm.
McAfee AVERT is advising its customers to update to the 4357 DATs
to stay protected. McAfee AVERT Labs is one of the top-ranked
anti-virus and vulnerability research organizations in the world,
employing researchers in offices on five continents. McAfee AVERT
protects customers by developing and providing solutions that are
created through the combined efforts of McAfee AVERT researchers
and McAfee AVERT AutoImmune technology, which applies advanced
heuristics, generic detection and ActiveDAT technology to generate
cures for previously undiscovered viruses. About Network Associates
With headquarters in Santa Clara, California, Network Associates,
Inc. creates best-of-breed computer security solutions that prevent
intrusions on networks and protect computer systems from the next
generation of blended attacks and threats. Offering two families of
products, McAfee System Protection Solutions, securing desktops and
servers, and McAfee Network Protection Solutions, ensuring the
protection and performance of the corporate network, Network
Associates offers computer security to large enterprises,
governments, small and medium sized businesses, and consumers. For
more information, Network Associates can be reached at 972-963-8000
or on the Internet at http://www.networkassociates.com/. NOTE:
Network Associates, McAfee and AVERT are either registered
trademarks or trademarks of Network Associates, Inc. and/or its
affiliates in the United States and/or other countries. All other
registered and unregistered trademarks herein are the sole property
of their respective owners. (c)2004 Networks Associates Technology,
Inc. All Rights Reserved. DATASOURCE: Network Associates, Inc.
CONTACT: Tracy Ross of Network Associates, Inc., +1-408-346-5965 or
; or Kelly Delaney of Porter Novelli, +1-415-975-2229 or , for
Network Associates, Inc. Web site:
http://www.networkassociates.com/
Copyright
Cloudflare (NYSE:NET)
過去 株価チャート
から 6 2024 まで 7 2024
Cloudflare (NYSE:NET)
過去 株価チャート
から 7 2023 まで 7 2024