Network Computing is part of the Informa Tech Division of Informa PLC
How To Protect PCs Against The Sasser Worm
The first chore is to install a firewall if one isn't already present on the network or an individual PC. Like the MSBlast worm of last summer, Sasser infects systems without any human intervention, can spot a vulnerable machine quickly while it's online, and can cause the machine to constantly reboot, making it difficult to retrieve the fix.
The long-term defense against Sasser, said security analysts, is to apply the patch against the LSASS vulnerability on Windows XP, Windows 2000, and Windows Server 2003 systems. (But as noted last week, the patch is itself flawed, and can make some Windows 2000 machines to crash at startup; Microsoft has yet to deploy a patched patch.)
Microsoft first released the patch for the LSASS vulnerability April 13 as part of its monthly round of security alerts. The patch can be retrieved using the Windows Update service, or downloaded directly from the Security Bulletin MS04-011.
Users can also filter traffic targeting UDP ports 135, 137, 138, and 445, as well as TCP ports 135, 139, 445, 593, and any ports above 1024, said Symantec in its analysis and advisory for Sasser. Companies should also monitor incoming traffic for packets targeting TCP port 9996 -- the port an infected machine uses to await a connection from the attacker -- and outgoing traffic destined for TCP port 5554, which is the port used by the FTP server that Sasser installs on compromised systems.
Recommended For You
With the move to the cloud, CISOs must shift priorities from operating security programs to overseeing (monitoring and auditing) outsourced cybersecurity programs.
2022 was a boon year for IT salaries. 2023 came in like a beast with layoffs, raise freezes, and ChatGPT, but that beast has few teeth.
Age is only a number. Don't let a high number cancel your career.