Active Scan. Scan your PC free
Download Cloud Antivirus Gratis

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.


Threat LevelHigh threatDamageSevereDistributionNot widespread
Common name:Sasser.E
Technical name:W32/Sasser.E.worm
Threat level:Medium
Alias:W32.Sasser.Worm, W32/Sasser.worm.e, WORM_SASSER.E

It restarts the computer. It spreads by exploiting the LSASS vulnerability.

Affected platforms:

Windows 2003/XP/2000/NT/ME/98/95

First detected on:May 9, 2004
Detection updated on:Dec. 15, 2005
Proactive protection:
Yes, using TruPrevent Technologies

Brief Description 


Sasser.E is a worm that spreads via the Internet by exploiting the LSASS vulnerability in remote computers. This vulnerability is critical only for Windows XP/2000 operating systems that are not properly updated.

Sasser.E restarts the computer automatically when it attempts to exploit the already mentioned vulnerability.

Sasser.E only spreads automatically to Windows XP/2000 computers. However, computers with other Windows operating systems can also be a source of transmission when a malicious user runs the file containing the worm in any of these computers.

If you have a Windows 2003/XP/2000/NT computer, it is highly recommendable to download the security patches for the LSASS vulnerability from the Microsoft website.

Visible Symptoms 


Sasser.E is easy to recognize, as it restarts Windows XP/2000 computers when it attempts to affect them by exploiting the LSASS vulnerability. When this action is carried out, Sasser.E displays the following message on screen:

In addition, once Sasser.E has been run, it displays the following message on screen every two hours:

1. Your computer is affected by the MS04-011 vulnerability

2. It can be that dangerous computer viruses similar

the Blaster worm infect your computer.

3. Please update your computer with the MS04-011 LSASS patch

from the website.

4. This is an message from the SkyNet Team for

malicious activity prevention.