What is the Sasser worm virus?

The Sasser worm, known as the "Concussion wave" worm, is also known as the "killer" worm. The Sasser worm uses the LSASS vulnerability on the Microsoft Windows NT kernel platform to randomly scan the IP ports of computers in other networks and then spread them. Although firewalls can be used to block the spread of this computer worm, security experts suggest that ms04-011 patches to the system are the most fundamental solution.

Although the worm attacks Windows 2000, Windows XP, and does not infect computers that install the Windows 95/98/me operating system, it can run on these operating systems and become a source of propagation.

Within a few days of the worm's propagation, a variety of worms, such as Sasser.b,sasser.c,sasser.d,sasser.e,sasser.f, appeared successively. The variants E and F, which appeared after the writer was arrested, are widely estimated to have leaked the worm's source code.

May 7, 2004, a 18-year-old teenager from Lower Saxony, Land Rotenburg, Germany, Sven Jaschan was arrested on suspicion of writing the worm. In the ensuing interrogation, the teenager had admitted that the previous worm had been written by him. July 8, 2005, the German court of Verden City found that he created a concussion wave worm, four changes in data and three times the destruction of computer crimes, sentenced to 1 years another 9 months probation, the probation period must be completed 30 hours of probation work.

Affected operating System

Microsoft Windows NT Workstation 4.0 Service Pack 6a

Microsoft Windows NT Server 4.0 Service Pack 6a

Microsoft Windows NT Server 4.0 Terminal Server version Service Pack 6

Microsoft Windows Service Pack 2, Microsoft Windows Service Pack 3, and Microsoft Windows Service Pack 4

Microsoft Windows XP and Microsoft Windows XP Service Pack 1

Microsoft Windows XP 64-bit Edition Service Pack 1

Microsoft Windows XP 64-bit Edition Version 2003

Microsoft Windows Server 2003

Microsoft Windows Server 2003 64-bit Edition