Post in our forum for parents, teens - You! - at ConnectSafely.org.

Tuesday, May 04, 2004

Sasser not carried by email

Just when we thought we had a handle on virus-by-email-attachment. Neither you nor your kids could get your PCs infected by the Sasser worm by opening an email attachment. It just arrives through a port on PCs that aren't secured with the latest Microsoft patch. "The worm spreads by scanning different ranges of Internet addresses using a specific application data channel, or port, numbered 445," CNET reported. Four versions have been circulating around the Net just since last weekend. Fortunately, it "appears to do no lasting damage" to individual PCs, even though about 80% of PCs affected by it belonged to families or students, CNET later reported. It just annoyingly "causes the computer to shut down, then reboot ... continuously." The best prevention measure is to keep up to date with Microsoft patches and your firewall going. CNET explained that "the worms infect vulnerable systems by establishing a remote connection to the targeted computer, installing a File Transfer Protocol (FTP) server and then downloading themselves to the new host." As of Tuesday, Sasser versions didn't open a "backdoor" to PCs that would allow spammers and other hackers to take control of them. But PC security experts didn't rule that possibility out for future versions. Microsoft is considering a plan to automate worm-zapping, Internet News reports.

Here's SafeKids.com on the Sasser worm, complete with links to prevention and cure. And here's Microsoft's page specifically on Sasser. Also, the Washington Post tells how to remove Sasser.