LSASS worm

posted by pingywon

Systems Affected:
Windows 2000
Windows XP

The “Sasser” LSASS worm discovered April 30, 2004 is a self-propagating executable written in Microsoft Visual C. It exploits the LSA buffer overflow vulnerability reported to Microsoft by eEye and patched in the MS04-011 security bulletin released on April 13, 2004. Similar to the MSBlaster RPC DCOM worm that struck in August of last year, “Sasser” uses a public exploit for the LSA vulnerability in order to obtain a SYSTEM-level command shell on its victims.

.:Vunerbility scanner:.

.:Actual Exploit:.
.:Technical Information:.

eEye Digital Security


Morning_wood Ripped off

Well well.

Only moments after posting the LSASS worm on I was contacted.

I was then shown the following:

morning_wood 1st alert


morning_woods 2nd alert

Notice the date on these posts (April 29th and April 30th) Both a full 2-3 days before had anything to say about this matter.

Both alerts made by non other then our resident morning_wood, both posts hold a striking similarity to the security alert made by
It is obvious that the folks over there at are stealing morning_woods posts/alerts, barely even modding them before posting them as a security alert on their own site and then mailing everyone on their mailing list (myself included).

I have talked with morning_wood and he has informed me that this is in no way the first time a larger “security” company has stolen his material and offered no recognition for it.

In an attempt to make it easier on the I have prepared the following apology letter that should be sent to morning_wood in light of the plagiarism that has taken place here.

[email protected]
Yazat Karatus Arazatus o-bey


One Columbia
Aliso Viejo, CA 92656

May 2, 2004

Exploit Labs
56** Eagle ***
********, Wa 98***

Dear morning_wood:

Thank you for notifying us of your complaint. We strive to provide you with the best possible service, and when you feel that it fails to meet your expectations, it’s important for us to know.
We’re sorry that you received service that prompted you to contact us with a complaint, and we regret any inconvenience or frustration that your experience has caused you. We thought we could steal your story and mass mail it to everyone on our mailing list, and you would never know.To ensure that our staff conducts itself in a manner that reflects the high regard that we have for our customers, we’ve notified the proper department of your complaint, and promise that nothing will ever get done about it.
Your patronage is important to us, and we hope that you’ll continue to give us opportunities to serve you.
Thank you again for bringing these matters to our attention.


Leave a Reply