New Sasser virus on the loose

Link: Sasser virus strikes back despite arrest

Sasser F is virtually identical to the previous five versions of the worm and spreads via a flaw in unpatched Windows operating systems.

The release, coming after the arrest of the chief suspect for Sasser’s invention, suggests source code for the exploit has been released or that the virus is a join effort within a still operational team.

‘To me this would suggest that the source code is out there,’ said Jack Clark, technology consultant for security software vendor Network Associates.

‘But there could be any number of reasons. Sasser could come from a group and technically it could be been released ages ago and only just activated – although that’s highly unlikely.’

Once on a PC Sasser writes itself onto the drive as NAPATCH.EXE. It then attempts to connect to random IP addresses on ports 445 and 9996.

Related reading

Life Belt with Computer Folders
HMRC banknotes