Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Sasser (computer worm)
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
{{Short description|A 2005 Windows [[computer worm]]}} {{Infobox computer virus | image = | caption = | common_name = | technical_name = * Win32/Sasser ([[Microsoft]]) * Worm:Win32/Sasser.[Letter] (Microsoft) * Net-Worm:W32/Sasser ([[F-Secure]]) * Net-Worm:W32/Sasser.[Letter] (F-secure) * W32.Sasser.Worm ([[NortonLifeLock|Symantec]]) * W32.Sasser.[Letter] (Symantec) * W32.Sasser.[Letter].Worm (Symantec) * W32/Sasser-[Letter] ([[Sophos]]) * Worm.Win32.Sasser.[letter] (Sophos) * W32.Sasser.Worm (Sophos) * W32/Sasser.worm.[letter] (Sophos) * WORM_SASSER ([[Trend Micro]]) * WORM_SASSER.[Letter] (Trend Micro) * BAT_SASSER.[Letter] (Trend Micro) | aliases = | family = | classification = | type = [[Computer worm|Worm]] | subtype = | isolation_date = | origin = | infection_vector = | author = [[Sven Jaschan]] | ports_used = | OS = [[Windows 2000]], [[Windows XP]] | filesize = | language = }} '''Sasser''' is a [[computer worm]] that affects computers running vulnerable versions of the [[Microsoft]] [[operating systems]] [[Windows XP]] and [[Windows 2000]]. Sasser spreads by exploiting the system through a vulnerable [[Port (computer networking)|port]]. Thus it is particularly virulent in that it can spread without user intervention, but it is also easily stopped by a properly configured [[firewall (networking)|firewall]] or by downloading system updates from [[Windows Update]]. The specific hole Sasser exploits is documented by Microsoft in its [http://technet.microsoft.com/en-us/security/bulletin/ms04-011 MS04-011] bulletin (CVE-2003-0533), for which a patch had been released seventeen days earlier.<ref>{{Cite web |date=Nov 11, 2004 |title=Win32/Sasser |url=https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Win32/Sasser |url-status=live |archive-url=https://web.archive.org/web/20221031111650/https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Win32/Sasser |archive-date=31 October 2022 |access-date=6 Feb 2023 |website=Microsoft Security Intelligence}}</ref> The most characteristic experience of the worm is the shutdown timer that appears due to the worm crashing [[Local Security Authority Subsystem Service|LSASS]].
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)