John0904
05-04-2004, 02:14 PM
http://www.techtv.com/screensavers/answerstips/story/0,24330,3685161,00.html
Sasser essentially looks for a port vulnerability on a randomly generated IP address. When it finds an opening, it overflows a buffer in LSASS.EXE. Sasser then uses FTP and connects back to the originating computer to download a copy of the worm.
and
If you do not have Sasser, or you just removed it from your system, you need to prevent future infection by installing the security update that fixes the LSASS vulnerability. The update is labeled 835732 and is available at Microsoft's Windows Update site.
Sasser essentially looks for a port vulnerability on a randomly generated IP address. When it finds an opening, it overflows a buffer in LSASS.EXE. Sasser then uses FTP and connects back to the originating computer to download a copy of the worm.
and
If you do not have Sasser, or you just removed it from your system, you need to prevent future infection by installing the security update that fixes the LSASS vulnerability. The update is labeled 835732 and is available at Microsoft's Windows Update site.