Sasser virus detected on Teletxt :-)

[Wim Hamhuis]

What does it do ?
It didn't infect my computer because i was in time with the update. Keep
your antivirus definitions updated in time !

w.f.g.
Wim Hamhuis

 

[optikl]

What does it do ?
It didn't infect my computer because i was in time with the update. Keep
your antivirus definitions updated in time !

w.f.g.
Wim Hamhuis

See Below:


http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SASSER.A


http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SASSER.B

 

[nondisputandum.com - honest software - famous free]

What does it do ?
It didn't infect my computer because i was in time with the update. Keep
your antivirus definitions updated in time !

w.f.g.
Wim Hamhuis

Read more...

Sasser A:
http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=46865
nasty stuff, heavy threat..

SasserB:
http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=46875
Medium threat...

Good to keep out of your system ;-)
http://www.nondisputandum.com/html/antivirus___firewall.html

 

[John Bowen]

Frankly, I think you are quite wrong. You antivirus program will detect and
remove the Opaserv and Sasser viruses but it won't prevent the infection.
These viruses come in by pinging your IP address and exploiting Windows
vulnerabilities and items like life sharing the root of your C drive. I
know... I just spent a few days removing Opaserv ... several times. The
reinfections were coming from port 137 and somebody had my number. My old
laptop was running McAfee and was up-to-date but it got infected anyway.
What is interesting is that it came over a dial up port. I was sharing files
because I sometimes connected that laptop to my home network. I needed both
a fix from Windows and a change in the way I shared files... McAfee, Sophos,
Proland and Norton just removed the virus and a few minutes later I was
infected again.

John B

 

[FromTheRafters]

McAfee, Sophos,
Proland and Norton just removed the virus and a few minutes later I was
infected again.

I'm not absolutely sure, but I think that if you were to revisit those
sites describing the worms you would find information (or links to
information) about the security considerations involved. Most of
these vendors spend considerable time in trying to explain security
as it applies to the specific malware in question. The problem is,
that people visting those sites in a crisis situation tend to ignore
much (if not most) of the information offered. I find more value
in the AV vendor's sites information content than I do in the AV
program's ability to remove specific malware.

It would be okay with me (and perhaps better all around) if the
AV program only identified the malware and *required* the
victim to perform the manual removal procedures offered by
them. Perhaps they would be more careful the next time.

 

[Beauregard T. Shagnasty]

Quoth the raven named FromTheRafters:

It would be okay with me (and perhaps better all around) if the AV
program only identified the malware and *required* the victim to
perform the manual removal procedures offered by them. Perhaps they
would be more careful the next time.

Now there is a Good Idea™!

<hoot!>
Especially if it disabled internet access until the problem was fixed.
</hoot!>

 

[FromTheRafters]

Quoth the raven named FromTheRafters:


Now there is a Good Idea™!

<hoot!>
Especially if it disabled internet access until the problem was fixed.
</hoot!>

Absolutely - the affected box shouldn't be allowed on the network
(especially in the case of worms) until it is fixed.

 

[Jason Wade]

Absolutely - the affected box shouldn't be allowed on the network
(especially in the case of worms) until it is fixed.

But the victim needs to get on the Internet to find out
the removal process.

Just let the ISP block the viral propagation ports (if any)
for that user's account.

--
+----------------> Jason Wade <----------------+
| (e-mail address removed) |
| "Swen, Bagle, come, come, come." |
| "Destroying viruses, 'til there're none." |
+----------------------------------------------+

 

[FromTheRafters]

But the victim needs to get on the Internet to find out
the removal process.

Not with a malware spewing machine they don't. The victim
could use a public library machine (or something) to get the
requisite information or removal program. The additional
hassle of having to do this would be a deterrent to continued
use of unsafe computing practices.

Just let the ISP block the viral propagation ports (if any)
for that user's account.

Yeah, I suppose that could work also. In any event, having
the AV provide removal (locally) isn't always a good thing
in the long run.

 

[The Doctor]

Frankly, I think you are quite wrong. You antivirus program will
detect and remove the Opaserv and Sasser viruses but it won't prevent
the infection. These viruses come in by pinging your IP address and
exploiting Windows vulnerabilities and items like life sharing the
root of your C drive. I know... I just spent a few days removing
Opaserv ... several times. The reinfections were coming from port 137
and somebody had my number. My old laptop was running McAfee and was
up-to-date but it got infected anyway. What is interesting is that it
came over a dial up port. I was sharing files because I sometimes
connected that laptop to my home network. I needed both a fix from
Windows and a change in the way I shared files... McAfee, Sophos,
Proland and Norton just removed the virus and a few minutes later I
was infected again.

Hi John,

Did you have a firewall like ZoneAlarm on your laptop? Would that have
stopped the virus if you had the echo port blocked?

Just curious.
Anthony

 

[Wim Hamhuis]

Hi John,

Did you have a firewall like ZoneAlarm on your laptop? Would that have
stopped the virus if you had the echo port blocked?

Just curious.
Anthony

I think it's not neccasary if the echoport didn't match a certain seqiuence.
Then the program should estimate how long it keeps the user from deleting
this virus from memory with his antivirus program. In some way, internet
anti virus programs should be able to connect to exchange their virus
definitions in a encrypted way so no virusprogrammer could ever notice the
virus is also destroyed in a network speed. Signatures are short ;-)

If other people make use on a network basis with this port it would "only"
block the virus i suppose...
or get instructions directly from the microprocessor to use a spare port
instead, the processor could allso inform other systems i guess. This system
would lock the virus on the internet and creates different communication
without desturbing the internet. When the port is used the way it should be,
the program doesn't hang but continues...the way it should be. These are
programming suggestions for good antivirus software i think it will be
appreciated.

with friendly greetings from the Netherlands.
Wim Hamhuis