05/03/04: W32/Sasser Virus Alert
This is a warning about a new self-executing virus/worm called W32/Sasser that spreads by exploiting a Microsoft Windows vulnerability in versions of Windows XP and Windows 2000. Unlike recent viruses that spread via email, this virus does not need user intervention to spread. The worm instructs vulnerable machines to download the viral code. After the viral code is executed, the machine will automatically reboot. This worm affects:
- Microsoft Windows XP and Windows XP Service Pack 1
- Windows 2000 Service Pack 2, Windows 2000 Service Pack 3, and Windows 2000 Service Pack 4
All users with the above Operating Systems need to visit the Microsoft Windows Update site to download the latest Microsoft patches at:
Microsoft has also released more information about this virus at:
You can download a cleaner called Stinger at http://vil.nai.com/vil/stinger/ if you suspect that your computer has been infected.
After you clean the virus off of your computer, we recommend that you download Sophos Antivirus free of charge at http://www.bol.ucla.edu/software/
If you already have Sophos on your computer, please run Remote Update to update your IDE (virus definition) files and the Sophos client on a Windows computer. If you are using Sophos for Macintosh, you will need to update the IDE and client manually. Please refer to the documentation on the Software Central site at: http://www.ats.ucla.edu/software/antivirus/sophos.htm .
If you have any questions, please contact us at (310)825-7452, option 1, or at consult@ucla.edu.