Prairie View A&M University - Information Technology

systems

Known as SasserA, SasserB, SasserC, and SasserD, the worm is targeting
Windows 2000, Windows XP, and Windows 2000 and 2003 servers, including
Windows 95, 98 and ME which could be indirectly affected. There are
currently emails in wide circulation offering a fix for the Sasser
worm, that actually infects your machine with a different worm call
Netsky-AC.

Remember to never open unsolicited email without knowing or verifying
the source! The worst thing you can do is open the attached file to
any suspicious email! Several large networks have already been
crippled by the current worm and the virus security alert level has
been raised to 4.

A computer worm raises the threat risk because it requires no
intervention by the user to infect the host. The Sasser worm spreads
through a Windows vulnerability known as LSASS, Local Security
Authority. The Sasser worm scans random Internet computer addresses
until it finds a vulnerable system. Then it copies itself into the
Windows directory as an executable file, and is launched the next time
the computer is booted.

Microsoft issued a patch, or fix for this vulnerability last week. To
verify that your system has the latest Microsoft updates please go to
the Internet url,
http://v4.windowsupdate.microsoft.com/en/default.asp. Without the
Microsoft update your computer can become infected even if you do run
an anti-Spam program. If you do not already have an anti-Virus
program, note that all Prairie View A&M University students, faculty,
and staff can contact the Helpdesk at x2525 to receive a copy or
receive instructions on how to download a copy of the home version.
The Enterprise version is available for all University owned computers
and can be downloaded from http://www.pvamu.edu/itdept/virus.htm. The
University’s anti-Virus page also provides helpful links and
information. You must be connected to the campus network to access the
anti-virus program resource software.

A computer with the Sasser worm can be infected without the User ever
knowing. One symptom is that the computer will restart every time you
try and go online. As the Sasser worm travels from computer to
computer it is possible for an attacker to gain control of your
computer remotely. Windows 98, 95 and ME computers can not be
infected, but they can be used to spread the worm.

The IT department has taken safeguards to block this virus by
disallowing inbound traffic via the Internet, to Internet Protocol tcp
ports identified as being used by the worm. The threat still remains
with computers and laptops brought from home or other locations, as
well as users who connect to the campus network remotely from home
using dialup or VPN. Prevention is the key, by keeping your anti-virus
software up to date and your Microsoft updates current helps your ITD
staff keep your information safe and the University's network running
smoothly.


	PV Home	IT Home	Staff	Mission	Contact Us


	Virus Support and Security Center

	-Computer Worm Security Alert- We are currently experiencing a large number of calls related to computers infected with the Internet worm Sasser and several variants. In order to keep other computers from infected portions of the network has been disconnected. For all other users please go to the Microsoft Updates site and make sure you have the latest patches. http://v4.windowsupdate.microsoft.com/en/default.asp For more details read the information below which was provided in a previous IT Updates & Notices email. Monday, May 3, 2004 Posted: 5:19 PM EDT (2119 GMT) (CNN) -- Computer security experts are dealing with at least four variants of a worm that is spreading quickly through Windows operating systems Known as SasserA, SasserB, SasserC, and SasserD, the worm is targeting Windows 2000, Windows XP, and Windows 2000 and 2003 servers, including Windows 95, 98 and ME which could be indirectly affected. There are currently emails in wide circulation offering a fix for the Sasser worm, that actually infects your machine with a different worm call Netsky-AC. Remember to never open unsolicited email without knowing or verifying the source! The worst thing you can do is open the attached file to any suspicious email! Several large networks have already been crippled by the current worm and the virus security alert level has been raised to 4. A computer worm raises the threat risk because it requires no intervention by the user to infect the host. The Sasser worm spreads through a Windows vulnerability known as LSASS, Local Security Authority. The Sasser worm scans random Internet computer addresses until it finds a vulnerable system. Then it copies itself into the Windows directory as an executable file, and is launched the next time the computer is booted. Microsoft issued a patch, or fix for this vulnerability last week. To verify that your system has the latest Microsoft updates please go to the Internet url, http://v4.windowsupdate.microsoft.com/en/default.asp. Without the Microsoft update your computer can become infected even if you do run an anti-Spam program. If you do not already have an anti-Virus program, note that all Prairie View A&M University students, faculty, and staff can contact the Helpdesk at x2525 to receive a copy or receive instructions on how to download a copy of the home version. The Enterprise version is available for all University owned computers and can be downloaded from http://www.pvamu.edu/itdept/virus.htm. The University’s anti-Virus page also provides helpful links and information. You must be connected to the campus network to access the anti-virus program resource software. A computer with the Sasser worm can be infected without the User ever knowing. One symptom is that the computer will restart every time you try and go online. As the Sasser worm travels from computer to computer it is possible for an attacker to gain control of your computer remotely. Windows 98, 95 and ME computers can not be infected, but they can be used to spread the worm. The IT department has taken safeguards to block this virus by disallowing inbound traffic via the Internet, to Internet Protocol tcp ports identified as being used by the worm. The threat still remains with computers and laptops brought from home or other locations, as well as users who connect to the campus network remotely from home using dialup or VPN. Prevention is the key, by keeping your anti-virus software up to date and your Microsoft updates current helps your ITD staff keep your information safe and the University's network running smoothly.			Security Release Notices › 05/18/04 - Worm Security Alert › 04/18/04 - Trojan virus Alert › 01/02/04 - MS Exploit Alert ___________________________ ____________________________ PVAMU Network Virus Stats › Weekly Graph › Monthly Graph
	Should you require immediate assistance contact the PVAMU helpdesk at X2525.

	additional help