The Sasser worms continue to attack users around the world, especially corporate environments. Even though many users are installing the patch released by Microsoft to correct the vulnerability that these malicious codes exploit, the number of infections still looks set to increase given the speed with which the worms move across networks. The four variants of the worm are all among the top ten most frequently detected viruses according to the data collected by the Panda ActiveScan free online scanner.

More data is continually coming in on the companies that have been hit by this worm. The Finnish company Sampo took the precaution of closing its 130 offices for a few hours and a third of the computers in the Taiwan postal services were out of action because of this new worm. The UK Coastguard has also reported that its network was attacked by the Sasser worm.

Of the four variants, Sasser.B is the one currently causing damage to users computers. This could largely be due to the 128 processes that this variant launches in memory to continue its propagation.

Microsoft has confirmed that users have 9.5 million copies of the patch to resolve the LSASS vulnerability exploited by Sasser to infect computers.

Luis Corrons, head of PandaLabs comments, As users install the patch released by Microsoft, the epidemic should begin to decrease. We are, however, on the alert for new variants that may appear or other malicious codes that try to exploit the LSASS vulnerability. In order to protect against attack, users should install the patch and make sure they have a good updated antivirus.

To mitigate the effects of the Sasser epidemic, Panda Software has made its PQRemove tools available to users. These applications not only disinfect computers but also restore system configurations altered by the worm.

One of the PQREMOVE tools is specifically designed for networks, and removes Sasser and all its variants from any network that could have been infected. Click here to access it.

The other PQREMOVE applications can disinfect any computer attacked by any of the variants of the Sasser worms. Click here for more information.

Users can detect and disinfect the new worm with an up-to-date antivirus, but it is important to install the Microsoft patch to ensure that Sasser doesnt re-infect computers. The vulnerability exploited by this worm was reported by Microsoft recently in bulletin MS04-011 (, along with the patch. Panda Software has made the updates necessary to its products available to clients.

Panda Software clients can update their antivirus through the applications installed on their computers.

In addition, the users can scan their computers on line for free with the ActiveScan solution, available in the company web page

More information about these and other IT threats is available from

About Panda Software's Virus Laboratory
On receiving a possibly infected file, Panda Software's technical staff get straight down to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users.

Comments (0)

Add a Comment

This thread has been closed from taking new comments.

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter