Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
New Worm Targets Sasser-Infected Systems
The latest infection, called Dabber, uses a vulnerability within the Sasser worm to attack and infect systems.
1 Min Read
Researchers at managed-security-services provider LURHQ Corp. say they've discovered a new worm they've dubbed Dabber.
Dabber is targeting only systems infected with the Sasser worm, and, according to Joe Stewart, senior security researcher at LURHQ's Threat Intelligence Group, the worm hasn't infected many systems yet. "We're seeing one or two scans an hour," he said Thursday.
What's unusual about the Dabber worm is that it's not using an operating-system vulnerability to spread itself. Instead, it's using a vulnerability within the Sasser worm to attack and infect systems.
Once a system is infected with Dabber, Stewart says, the new worm takes steps to remove the Sasser worm as well as viruses. It also sets up a server for itself to send its code to new targeted systems and sets up a backdoor that listens for commands on TCP port 9898.
Stewart says Dabber uses exploit code that was recently released on the Internet and can be used to attack a buffer-overflow flaw within Sasser's File Transfer Protocol server.
About the Author(s)
You May Also Like
More Insights
Webinars
Generative AI: Use Cases and Risks in 2024
May 29, 2024Smart Service Management
June 4, 2024Tales of a Modern Data Breach: The Rise of Mobile Attacks
June 11, 2024
Editor's Choice
May 2, 2024
While there are plentiful options in cyber resiliency and business continuity tools and platforms, there isn’t one that can knock out everything from sudden cloud outages to prolonged ransomware attacks in a single punch. What can you do to keep the company on its feet no matter what is thrown at it? Find out in this new virtual event.
Reserve Your Seat Now