Summary:  Network security personnel at many Universities (and other locations) are reporting the outbreak of a new variant of the Gaobot/Polybot worm (now also called "sasser") which is aggresively targeting unpatched Windows systems. Machines compromised by this worm may have certain functions crash and/or begin displaying a system shut-down countdown timer. Infected systems may also begin scanning the network for new victims, resulting in increased network traffic, etc and poor or sluggish system performance.

Recommended Actions:  Microsoft systems that have been patched as per Security Bulletin MS04-011 should be invulnerable to this expolit. It is recommended that you read bulletin MS04-011 and (if appropriate) apply the patches imediately. Update your Anti-virus software definitions to the latest versions immediately. The latest Symantec definitions are believed to be effective at catching this infection.

ITS Actions:  At this time, ITS is taking no specific actions to counter this threat. An update will be issued if this situation changes.

Resources:
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
http://isc.incidents.org/diary.php?date=2004-04-27
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=125006

Windows-based scanner for unpatched hosts:
http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/scanning.htm

NOTE:  PLEASE DO NOT REPLY TO THIS ALERT.  Alerts distributed by ALARM are not intended to supplant whatever security measures you are currently following. Technology coordinators, as well as the entire Ualbany computing community should continue to take all necessary precautions against threats to system security and information integrity.

Current Students  |  New Students  |  Distance Learners  |  Faculty  |  New Faculty  |  Staff Training  |  Schedules / Hours  |  Forms  |  FAQs & User Guides  |  Policies  |  About ITS  |  Home