Other Hackers Pick Up Where The Sasser Author Left Off: Variant F Appears
– The code of Sasser.F is only slightly different form the original worm, suggesting that it has been created by an inexperienced hacker
– Variants of Sasser or new worms that exploit the Windows LSASS vulnerability are expected to continue appearing
– To avoid falling victim to malicious code that exploits the LSASS vulnerability, install the patch released by Microsoft to fix it
PandaLabs has detected the appearance of the new Sasser.F worm. This variant is very similar to the original worm, as it only includes a few small differences, such as the format in which it is packed.
The date that Sasser.F was created appears as April 30, the same day the first Sasser worm emerged. “It seems that an inexperienced hacker has created Sasser.F by slightly modifying the code of the original worm. Another possibility is that the author of Sasser did not work alone, and that another person is releasing these previously created variants. However, studying the evolution of Sasser, the fact that variant F does not include any new features confirms that it is the work of a different person,” says Luis Corrons, head of PandaLabs.
It is highly probable that new variants of Sasser and Cycle, or new viruses that exploit the LSASS vulnerability will appear. “In order to avoid falling victim to these viruses, the first thing users must do is install the patches released by Microsoft to fix the LSASS vulnerability. Given that a large number of viruses that exploit this flaw are in circulation -and that more could appear – computers are extremely vulnerable to infection,” explains Corrons.
In order to avoid falling victim to Sasser.F or any of its variants, Panda Software advises users to take precautions, keep their antivirus software updated and to apply the Microsoft patch, -which can be downloaded from Microsoft. – as computer will continue to be infected by this virus until the vulnerability has been fixed. Panda Software has made the updates necessary to detect and disinfect this new worm available to clients.