A new Internet worm Sasser is spreading rapidly around the world and have infected millions of computers. The worm exploits the Windows LSASS vulnerability, which is a buffer overrun vulnerability that enables a hacker to execute arbitrary code remotely and gain full control over attacked systems. After Microsoft announced the LSASS vulnerability on April 13, 2004, major information security companies have predicted that worms like Blaster would appear soon. And the first exploit was announced on April 25 2004, then appeared the Sasser worm on May 1st 2004.

Recent versions of Microsoft’s Windows not patched are vulnerable to this worm. Sasser is not like a traditional virus that travels through e-mails; it propagates itself by scanning for random IP addresses and breaking in to vulnerable computers. Computers affected by this worm would shut down and then automatically re-boot.

According to BSST’s (BroadWeb Security Service Team) observation, Sasser is spreading at an exponential rate. Any computer connected to the Internet is attacked by this worm thirty or forty times per hour. BroadWeb urges Netkeeper users to upgrade the signature pattern to version 2.39, released on May 3rd , to protect themselves from this threat. The figure below shows that Sasser worm has been detected by NetKeeper and thrown away.