Home > Company > News > 2004 Archives > PR20040501
News
eEye Digital Security Releases Detailed Advisory Covering the Sasser Worm and Issues Tool to Combat its Propagation

Microsoft Windows® Users Urged to Immediately Scan Their Networks for Vulnerable Machines

(ALISO VIEJO, CA) May 1, 2004 — eEye® Digital Security, a leading developer of network security software solutions, released a detailed advisory today to alert its clients and security administrators worldwide of a rapidly spreading new worm. The worm, labeled the Sasser Worm, has been propagating by leveraging a flaw in Local Security Authority Service Subsystem (LSASS) vulnerability that was discovered by eEye’s Research team and reported to Microsoft on October 8, 2003.

The worm begins by targeting Microsoft Windows 2000 and XP workstations that have not been properly patched for the LSASS vulnerability. Once the worm infects such a system, it continues propagating by scanning random IP addresses for vulnerable systems. When one is found, the worm exploits the system by executing a script instructing the target victim to download and execute the worm from the infected host. The nature of this vulnerability allows Sasser to execute without requiring any action on the part of the user.

“It is absolutely imperative that administrators scan their networks and identify vulnerable systems and take corrective actions,” said Firas Raouf, chief operating officer of eEye Digital Security. “It is fortunate that this particular worm is somewhat benign, although it may be a precursor to more destructive ones.”

For further information and a technical description of underlying vulnerability, as well as an analysis of the worm, please visit:
http://www.eeye.com/html/Research/Advisories/AD20040501.html

eEye is committed to enhancing security for the Internet community and helping companies maintain a safe computing environment by offering a free scanning tool to facilitate the discovery of vulnerable machines. The Retina® Sasser audit tool scans network computers and detects if any are vulnerable to the Sasser worm, allowing administrators to efficiently protect their networks. The Retina Sasser audit tool is based on eEye’s award winning Retina® Network Security Scanner product. While this particular tool allows for quick auditing by searching for a particular vulnerability, the complete Retina product detects over thousands of vulnerabilities to provide ongoing, comprehensive vulnerability assessments for any network.

For organizations where manual patching is not an option, eEye offer automated patch and configuration management with Retina Remediation Manager. Retina Remediation Manager is an enterprise-class patch and configuration automation solution for the efficient execution of remediation activities. Retina Remediation Manager queries network devices to determine which machines require security fixes, such as the LSASS patch. For more information on Retina Remediation Manager please visit:
http://www.eeye.com/html/Products/RemediationManager/index.html

The free Retina Sasser audit tool can be found by visiting:
http://www.eeye.com/html/Research/Tools/Sasser.html

For more information on Retina Network Security Scanner please visit:
http://www.eeye.com/html/Products/Retina/index.html

About eEye Digital Security

eEye Digital Security® is pioneering a new class of security products:integrated threat management. This next-generation of security detects vulnerabilities and threats, prevents intrusions, protects all of an enterprise’s key computing resources, from endpoints to network assets to web sites and web applications, all while providing a centralized point of security management and network visibility.eEye’s research team is consistently the first to identify new threats in the wild, and our products leverage that research to deliver on the goal of making network security as easy to use and reliable as networking itself. Founded in 1998 and headquartered in Orange County, California, eEye Digital Security protects more than 9,000 corporate and government organizations worldwide, including half of the Fortune 100. For more information, please visit www.eeye.com

Primary Agency Contact

Victor Cruz
MediaPR
(508) 655-4397 eEye@mediapr.net

EMEA Agency Contact

Ralph Klöwer
INTERFACE Relations
+49 (0) 89-552 688-66 r.kloewer@interface.pr.de

Corporate Contact

Stacy Newman
eEye Digital Security
(949) 900-4131 press@eEye.com