Lurhq Reports Sasser Worm Rapidly Spreading Across Internet

CHICAGO, May 1, 2004— LURHQ, the leader in Managed Security Services for security professionals, today announced that earlier today LURHQ began monitoring suspicious traffic on port 445 indicating the possible emergence of a new worm. By late morning, LURHQ confirmed the presence of the new worm, named Sasser, which exploits the recently announced Microsoft Local Security Authority Subsystem Service (LSASS) vulnerability.

How Sasser Propagates

Once the Sasser worm exploits this vulnerability on a host it continues to spread to other hosts causing increased traffic, which could lead to a denial of service attack. LURHQ predicted the emergence of an LSASS-based worm in its April 29th Advisory announcing the availability of the LSASS exploit code. For more information on this advisory, please reference

Currently, LURHQ is monitoring Sasser-related activity across all its Managed Security Services client networks. To protect enterprise assets from the Sasser worm, organizations should patch windows systems and ensure all protection mechanisms, such as Intrusion Detection and Intrusion Prevention systems, have up-to-date signatures.

For more information on Sasser and its impact, please visit or contact LURHQ to arrange an interview.


LURHQ is the leading provider of Managed Security Services for security professionals. Founded in 1996, LURHQ empowers security professionals at more than 400 clients by providing effective Threat Management solutions. Threat Management integrates 24X7 protection, discovery, assessment, detection, response and early warning. Our Threat Management capabilities enable clients to enhance their security posture while reducing overall security program costs. LURHQ?s OPEN Service Delivery methodology facilitates a true partnership with clients by providing real-time enterprise security vision and service transparency. For more information visit

Don't miss