Tiki Central access problems? - General Tiki

C Cultjam Member Phoenix, Arizona Joined: Apr 21, 2002 Posts: 367	C Cultjam Posted posted on Mon, May 3, 2004 4:19 PM It's this: W32/Sasser-A is a network worm that spreads by exploiting the Microsoft LSASS vulnerability. Microsoft has issued a patch to secure against this vulnerability which can be downloaded from Microsoft Security Bulletin MS04-011. The worm copies itself to the Windows folder with the filename avserve.exe and sets the following registry key to auto-start on user logon: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\avserve = avserve.exe W32/Sasser-A attempts to connect out on port TCP/9996 and TCP/445 and exploit the LSASS vulnerability. An FTP script is then downloaded and executed which connects back on port 5554 to download a copy of the worm via FTP.

It's this:

W32/Sasser-A is a network worm that spreads by exploiting the Microsoft LSASS vulnerability. Microsoft has issued a patch to secure against this vulnerability which can be downloaded from Microsoft Security Bulletin MS04-011.
The worm copies itself to the Windows folder with the filename avserve.exe and sets the following registry key to auto-start on user logon:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\avserve = avserve.exe

W32/Sasser-A attempts to connect out on port TCP/9996 and TCP/445 and exploit the LSASS vulnerability. An FTP script is then downloaded and executed which connects back on port 5554 to download a copy of the worm via FTP.

Post #89599 by Cultjam on Mon, May 3, 2004 4:19 PM