Welcome to the Tiki Central 2.0 Beta. Read the announcement
Celebrating classic and modern Polynesian Pop

Tiki Central / General Tiki / Tiki Central access problems?

Post #89599 by Cultjam on Mon, May 3, 2004 4:19 PM

You are viewing a single post. Click here to view the post in context.
C

It's this:

W32/Sasser-A is a network worm that spreads by exploiting the Microsoft LSASS vulnerability. Microsoft has issued a patch to secure against this vulnerability which can be downloaded from Microsoft Security Bulletin MS04-011.
The worm copies itself to the Windows folder with the filename avserve.exe and sets the following registry key to auto-start on user logon:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\avserve = avserve.exe

W32/Sasser-A attempts to connect out on port TCP/9996 and TCP/445 and exploit the LSASS vulnerability. An FTP script is then downloaded and executed which connects back on port 5554 to download a copy of the worm via FTP.