posted by pingywon
UPDATE IN FULL NEWS!!!
Systems Affected:
Windows 2000
Windows XP
Description:
The “Sasser” LSASS worm discovered April 30, 2004 is a self-propagating executable written in Microsoft Visual C. It exploits the LSA buffer overflow vulnerability reported to Microsoft by eEye and patched in the MS04-011 security bulletin released on April 13, 2004. Similar to the MSBlaster RPC DCOM worm that struck in August of last year, “Sasser” uses a public exploit for the LSA vulnerability in order to obtain a SYSTEM-level command shell on its victims.
UPDATE AT BOTTOM !!!
.:Actual Exploit:.
.:Technical Information:.
eEye Digital Security
———————————————————————-
Morning_wood Ripped off
Well well.
Only moments after posting the LSASS worm on illmob.org I was contacted.
I was then shown the following:
And
Notice the date on these posts (April 29th and April 30th) Both a full 2-3 days before Eeye.com had anything to say about this matter.
Both alerts made by non other then our resident morning_wood, both posts hold a striking similarity to the security alert made by Eeye.com.
It is obvious that the folks over there at Eeye.com are stealing morning_woods posts/alerts, barely even modding them before posting them as a security alert on their own site and then mailing everyone on their mailing list (myself included).
I have talked with morning_wood and he has informed me that this is in no way the first time a larger “security” company has stolen his material and offered no recognition for it.
In an attempt to make it easier on the Eeye.com I have prepared the following apology letter that should be sent to morning_wood in light of the plagiarism that has taken place here.
[email protected]
Yazat Karatus Arazatus o-bey
5/2/04
—————————————————————————————
Eeye.com
One Columbia
Aliso Viejo, CA 92656
May 2, 2004
morning_wood
CEO
Exploit Labs
56** Eagle ***
********, Wa 98***
Dear morning_wood:
Thank you for notifying us of your complaint. We strive to provide you with the best possible service, and when you feel that it fails to meet your expectations, it’s important for us to know.
We’re sorry that you received service that prompted you to contact us with a complaint, and we regret any inconvenience or frustration that your experience has caused you. We thought we could steal your story and mass mail it to everyone on our mailing list, and you would never know.To ensure that our staff conducts itself in a manner that reflects the high regard that we have for our customers, we’ve notified the proper department of your complaint, and promise that nothing will ever get done about it.
Your patronage is important to us, and we hope that you’ll continue to give us opportunities to serve you.
Thank you again for bringing these matters to our attention.
Sincerely,
Eeye.com