Web Hosting Forum | Lunarpages

Author Topic: Netsky and Sasser  (Read 7698 times)

Offline Jay

  • MR-Disabled
  • Über Jedi
  • *
  • Posts: 1555
Netsky and Sasser
« on: May 06, 2004, 07:27:50 AM »
I figured I'd post this here:

EDIT: Apparently, I should let you know, for those on 2000, backing up your system is recommended, as some of the patches according to one incident, have caused a major slow down in preformance.  I've not confirmed this on a 2000 box of my own, but I may do this later in the week to test.

With the onslaught of the Netsky virus and newer Sasser virus, this will probably be a good idea to read:

SASSER VIRUS INFORMATION

Anyone using Windows 2000 or Windows XP should immediately run Windows Update at http://windowsupdate.microsoft.com[/i]

BASIC OVERVIEW OF SASSER:
This virus is spreading rapidly across the Internet. Unlike viruses sent via Email attachments, this 'worm' virus can infect computers by taking advantage of a security vulnerability in Windows 2000 and Windows XP. It can be spread from computer to computer with no user intervention.

SYMPTOMS:
If your computer has been infected, the SASSER virus will cause your computer to frequently restart. While your computer is rebooting, you may also see pop-up systems messages regarding "NT Authority\System" or "LSA Shell". Your computer will attempt to infect other computers without your knowledge.

HOW TO PREVENT INFECTION

1. Run Windows Update:[/i]
All customers using Windows 2000 and Windows XP users should run Windows Update at http://windowsupdate.microsoft.com and follow the on-screen instructions to patch their systems and avoid infection.

2. Update your virus protection software:
If you already have virus protection software installed on your computer, you should update it immediately. If you do not have virus protection software installed on your computer, you can visit various free web scans.  One such place is Trend Micro:  http://housecall.trendmicro.com/

HOW TO REMOVE IT:

1. Download and run McAfee's Free Virus Removal Tool[/i] - Stinger If you believe that your computer has been infected, McAfee has released a stand-alone virus removal tool which can detect and can remove this virus. Their free 'Stinger' virus removal tool can be downloaded from their Website:
http://vil.nai.com/vil/stinger/

NOTE: Stinger can only remove the virus, it does not protect your computer from future infection by this virus or any other virus.

2. Run Windows Update:
After removing the virus, you should install the Microsoft update to be protected from the SASSER virus: http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

3. Update your virus protection software:
If you already have virus protection software installed on your computer, you should update it immediately. If you do not have virus protection software installed on your computer, you can visit various free web scans.  One such place is Trend Micro:  http://housecall.trendmicro.com/

ADDITIONAL INFO
To get additional details on the SASSER Virus, visit: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=125008

------------------------------------------------------------

NETSKY VIRUS INFORMATION

Be very cautious when opening Email attachments. it is recommended to be using an updated Virus Protection software package to avoid being infected by this or other viruses. If you receive an infected Email message, immediately delete it and empty your Deleted Items folder.

BASIC OVERVIEW OF NETSKY:
This virus arrives as an infected Email attachment and can infect your computer if the attachment is opened. The virus affects computers running Windows Operating Systems. Once infected, your computer can send out infected Email messages (without your knowledge) to others within your Email address book.

The name of the infected attachment, body of the Email message and the From: line all vary greatly (See below).

TYPICAL SUBJECT LINES FOR EMAIL MESSAGES INFECTED WITH THE NETSKY VIRUS:
- Correction  
- Hurts  
- Privacy
- Password    
- Wow
- Criminal    
- Pictures    
- Text    
- Money  
- Stolen  
- Found  
- Numbers
- Funny  
- Only
- love?  
- More
- samples    
- Picture
- Letter  
- Question    
- Illegal

TYPICAL BODY TEXT OF EMAIL MESSAGES INFECTED WITH THE NETSKY VIRUS:
- Please use the font arial!  
- How can I help you?
- Still?  
- I've your password.
- Take it easy!  
- Why do you show your body?  
- Hey, are you criminal?  
- Your pictures are good!
- The text you sent to me is not so good!
- True love letter?  
- Do you have no money?  
- Do you have asked me?  
- I've found your creditcard.
- Check the data!
- Are your numbers correct?  
- You have no chance...  
- Wow! Why are you so shy?    
- Do you have more samples?  
- Do you have more photos about you?  
- Do you have written the letter?
- Does it hurt you?  
- Please do not sent me your illegal stuff again!!!  

TYPICAL EMAIL ATTACHMENT NAMES INFECTED WITH THE NETSKY VIRUS:
- corrected_doc.pif  
- hurts.pif  
- document1.pif  
- passwords02.pif
- image034.pif    
- myabuselist.pif
- your_picture01.pif  
- your_text01.pif
- your_letter.pif
- your_bill.pif  
- my_stolen_document.pif  
- visa_data.pif  
- pin_tel.pif
- your_text.pif  
- loveletter02.pif    
- all_pictures.pif    
- your_letter_03.pif  
- your_picture.pif    
- abuses.pif  

SYMPTOMS:
Your computer can only be infected with the NETSKY virus if you opened one of the attachments detailed above. Once infected, your computer will begin sending out copies of the virus Email message without your knowledge, so it is difficult to detect.


HOW TO PROTECT YOURSELF FROM INFECTION

1. Delete infected messages and empty your Deleted Items folder.[/i]

2. Update your Virus Protection software:[/i]
If you already have virus protection software installed on your computer, you should update it immediately. If you do not have virus protection software installed on your computer, you can visit various free web scans.  One such place is Trend Micro:  http://housecall.trendmicro.com/

HOW TO REMOVE IT:

1. Download and run McAfee's Free Virus Removal Tool[/i] - Stinger If you believe that your computer has been infected, McAfee has released a stand-alone virus removal tool which can detect and remove this virus. Their free 'Stinger' virus removal tool can be downloaded from their Website:
http://vil.nai.com/vil/stinger/

NOTE: Stinger can only remove the virus, it does not protect your computer from future infection by this virus or any other virus.

2. Update your virus protection software:[/i]
If you already have virus protection software installed on your computer, you should update it immediately. IIf you do not have virus protection software installed on your computer, you can visit various free web scans.  One such place is Trend Micro:  http://housecall.trendmicro.com/

ADDITIONAL INFO
To get additional details on the NETSKY Virus, please visit: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=124873

Offline donavin410

  • Galactic Royalty
  • *****
  • Posts: 324
    • http://d-410.com
Netsky and Sasser
« Reply #1 on: May 10, 2004, 09:35:56 AM »
Thanks for the heads up :thumb:
d-410.com

Offline donavin410

  • Galactic Royalty
  • *****
  • Posts: 324
    • http://d-410.com
Netsky and Sasser
« Reply #2 on: May 11, 2004, 10:09:58 AM »
Yea I did this update on both of my machines and now one of them takes 10 minutes to boot. The one that take for ever is May windows 2000 pro machine... My windows 2000 server and the both of the xp machines work great.... so take the advice of the install wizard and back up your system first... you never know... :?
d-410.com

Offline Jwink3101

  • Über Jedi
  • *****
  • Posts: 1831
  • The one and only.
Netsky and Sasser
« Reply #3 on: May 18, 2004, 04:28:01 PM »
Also remeber to never install a patch that you get from an email. That is even if you knwo who sent it. When i say in an email i mean as an attachment. My grandfather got an email from a friend saying he shoudl install this patch notificication. Being a smart man my grandfather called his friend and aksed if he sent it. Sure enought he did.

My grandfather figured it would be okay to then install it but what he happened to miss was that if was a fake email (make to look very real) that was sent five degrees back and all the people were just trying to notify thier friends.

If you get a message form microsoft linking you to a site with the doman microsoft.com then you may do it. Better yet go to the site jay pointed out and just install from thier.

Offline kwdavids

  • Galactic Royalty
  • *****
  • Posts: 324
    • Netsmart Technologies
Re: Netsky and Sasser
« Reply #4 on: December 28, 2005, 12:27:12 PM »
It's better not to click on an email link even if it is to Microsoft.com, because various tricks can be used to misrepresent where the link really goes. Better type in the URL by hand.
Kevin

Offline Jwink3101

  • Über Jedi
  • *****
  • Posts: 1831
  • The one and only.
Re: Netsky and Sasser
« Reply #5 on: December 28, 2005, 06:27:31 PM »
I tell people to go to copy link and paste and then, if it is a legit link hit okay. At this point there is no strange linking things

Offline RAT

  • Wizard of Telecastria
  • Global Moderator
  • Über Jedi
  • *****
  • Posts: 2800
  • HAIRNT !
    • RATtreks.com
Re: Netsky and Sasser
« Reply #6 on: December 28, 2005, 07:01:38 PM »
Quote
Yea I did this update on both of my machines and now one of them takes 10 minutes to boot.

Now I am scared to do it.

Offline GMTurner

  • Berserker Poster
  • *****
  • Posts: 7499
    • Turner's Lounge
Re: Netsky and Sasser
« Reply #7 on: December 28, 2005, 08:14:42 PM »
Quote
Yea I did this update on both of my machines and now one of them takes 10 minutes to boot.

Now I am scared to do it.

Well, do keep in mind that was posted in May of 2004, so...
The above information may or may not reflect current policy, opinions, or views since it was likely made almost 10 years ago.

 

Share |