Racing against time – Defeating Sasser


So it was finally the time I was ready to install Visual Studio .Net 2003. Cool, I felt all my hardwork has paid off. My system was (supposedly) working, I had the VS.Net software, and the database project was well on its way. But the thing I hadn’t considered, Sasser!

You see, this Sasser thing exploits a hole in a Windows component called the Local Security Authority Subsystem Service, or LSASS. Now that is one crucial component in the Windows environment. And then the RPC server crashes, rendering many basic operating system services unavailable and Windows useless for the session. The most noticeable things that might make you fret over are the absence of copy-paste, unavailablity of general programs like Media Player, Word etc because they depend on the RPC, Internet Explorer somehow forgets all the cookies, wouldn’t redirect to sites etc, and the bogging down of the system, although no visible heavy processes are running. I find it amazing that the Microsoft people could leave such a large gaping hole in such a crucial component of their flagship product.

You dont need to open any unsafe email attachment to get infected, your presence, on the Internet, is reason enough to get infected.

The worm spreads to other systems from an infected system by opening ftp connections. It then could tranfer its copies to other systems, infecting them as well. It could also arrive in the email as well, and it could send itself from an infected machine to others if it could find addresses in the Windows Address Book. The attachment is usually a file called PP.exe, and this worm generally makes use of an IFrame exploit in IE.

I had installed Service Pack 1 and patched my system accordingly, but to no avail. Having no way out, I set about the task of installing .Net.

Now I dont know what got into the head of these Microsoft people. They have seemingly modified their VS.Net installer and now make use of webpages. Did I mention that Sasser exploits IFrame in IE?

VS.Net on average takes 1.5 hours to install. I had in mind that my system would become infinitely slow since it was infected, so I decided to root out all the “readme.eml” files I could find in the VS.Net directory.

Now it was time to tackle head on the gigantic task of actually installing Visual Studio.

[To be continued…]

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: