There’s a new Windows worm: W32.sasser. It exploits a vulnerability in the Local Security Authority (LSASS.exe) service; the vuln was fixed by the MS04-011 patch. The original MS bulletin and patch were issued on 4/13, and the MS alert on Sasser was released on 5/1, so you can see the gap between patch and exploit is getting shorter. I’m sure all of you out there have already patched your systems, but tell a friend: install patches when they’re released.
Anecdote: on Saturday, 5/1, Delta Airlines had a little dispatch problem that resulted in all their flights out of Atlanta being grounded for almost seven hours. The problem appears to have been with the airport computers used to calculate weight and balance according to FAA specs. One passenger on an affected flight reports that the flight crew attributed the delay to the “Mayday virus”. I wonder what the real cause was?
Update: this WSJ article‘s last paragraph mentions Delta, Goldman Sachs, and JP Morgan Chase as companies affected; it also says that a Delta spokesman wouldn’t say whether Sasser was to blame.
Sasser on the loose
Comments Off on Sasser on the loose
Filed under General Stuff, Musings
Paul's Down-Home Page 