Net-Worm.Win32.Sasser On a Physical PC Network
HTML-код
- Опубликовано: 27 авг 2024
- If you hate me and want to skip over my glorious intro, the worm starts at 3:46.
The tenth anniversary of Sasser (April 30th, 2014) also marks the 10th anniversary of my interest in malware. Hopefully you enjoy this video as much as I enjoyed making it.
A lot of effort was put into the recording portion of this video. This is the final take (and the first that actually turned out well) out of about 20 total takes, representing over 40 hours of rerecording again and again. Hopefully the effort was worth it.
Thanks to my good friend Monarch for making a guest appearance in this video (and for helping me to avoid making a fool of myself once again trying to pronounce things).
Windows 2000 is like the man who gets knocked out halfway through an epic battle, only to wake up and find that all his competitors are dead.
Old Viruses: Goodbye to your computer!
New Viruses: "Helloo I am from microsoft how may I help you?"
Old Spyware: I r in ur background watchin ur pronz hehehe
New Spyware: Would you like to update your Facebook status?
Really old viruses(like DOS): i jast am doing dis for da lolz, i am not dat bad kome oon!!!1one!1!
New Spyware: Your Windows 10 upgrade is ready!
+Katch A Taco lol, nice
+Katch A Taco new spyware "The windows 10 anniversary update is ready"
I love this guy’s videos. Barely any editing, really high quality, pure honesty. Plus they’re just really interesting
old viruses: bye bye system32
new viruses: GIVE US UR MONEY OR UR FILES WILL STAY ENCRYPTED
ikr
Old viruses: Haha do you like this computer? Too bad...It is dead :)
New viruses: IV U DONT GIV MEH DA MONEH U DONT GET DA COMPUTR BAK! 11!!!11
Old: Being a dick for fun.
New: Being a dick for money.
I prefer old, tbh.
+xBIGFACEDSHADOWx viruses were so fun before trojans, rats, and keyloggers were made.
Atleast we are safe.
Imagine your about to have a LAN party of a game (AoE, quake, doom) and next thing you know your friends like "why my game lagging I'm on a geforce fx 5900" and then your other friends PC shuts down and your all like look shit
What about a online game like minecraft that requires someone to run the server through the console
If you would read the description, you would know that this virus is about 10 years old.
If you have a decent antivirus, you won't get infected, and this virus isn't in the wild.
Leet Wizard are you talking to me? i made it like its the year Sasser was viral not modern time, hence why the games and gfx card i said aren't "modern"
top 10 cs 1.6 server almost fucked my pc
@@irunasoft before joining any CS 1.6 server make your config files read-only.
When you're sick of the neighbors stealing your wifi
LMAO
If Im going down then im taking you with me!
Oh! I remember this one! When I was a child, we had one of those (back in '05-'06 I guess). I remember the countdown timer that popped up every single time I booted up. I had nightmares of that countdown timer for a couple of years more.
OMG SAME. i don't think i had sasser but the shutdown timer was absolutely terrifying to see as a child
1980: R.I.P Computer
2017: Ad in your browser
lol
4 years later
2017: Ransomware
2024: Entire GDI trojans that rip your screen apart in stages and play loud sounds
nah it was like 2000 year
I made a small fortune dealing with this. As one of only two computer-repair shops for like 40 miles in any direction, I had customers' machines stacked up like cordwood in my shop.
Whew. Must've made a killing back in the day huh?
@@saghwteam I hate to characterize it as a 'killing' since most of my customers were not exactly 'wealthy' and I did try to keep my labor rates reasonable. Running a computer-repair shop in a primarily rural setting pretty much guarantees you won't get rich.
But the sheer amount of work that arrived in such a short time did add up to a fairly substantial amount of income - at least for a few weeks.
oh the good ol days when all you had to do to remove a virus was delete a few files
Yes
Thats how you nuke malware these days too,but I haven't been infected with anything since I was in middle school.
@@monteanthony1022 clearly you don't do shady shit, if you did you would have to format your drive 5 times a day
@@monteanthony1022 its gotten wayyy more complicated pal
@@OmniPhantom I do lot's of shady shit ( pirating ) but not even infected once...
Common Sense is still your Best Antivirus
Bloody hell, Dan. You put a lot of effort into this video, setting up this entire network...not to mention it took you a lot of takes, as you stated in the description! Thank you for putting such effort and time into your videos, they are simply fantastic to watch :) It is fascinating to see how this worm works through a network...
yo I remember this shit.
once my brother decided to format his pc and got this virus in 5 minutes after he finished installing windows xp.
priceless.
+ProCreeper 2000 no it was probably WandoowsAxe-pee.bat
Oof.
I remember someone infecting whole school's network computers with a virus similiar to this, that was a mess haha
@@RUclipsPizzer Lol
@@nukecorruption That guy is fricking legend then.
This channel is glorious. And so i wondered why does it not have more subs and views? This channel is not for everyone but is sure one of the best hidden gems of youtube.
Ikr
As a CS major student, this is the most interesting stuff on youtube. Tho i do understand for most people who have little knowledge about coding find this boring to watch.
Yeah!
i love this stuff i dont know much about coding but i do know little things like fake virus tricks that you can do on notepad i also know how you can make a very nasty trojan that will kill a vital part of the operating system causing it to shut down but the trojan will also run on startup so although your computer boots up you wont be able to do a lot with it
I know extremely basic coding but I just find viruses interesting and I love dans voice
"It hogs everything for itself, and everything becomes slow and unresponsive" Are you sure you ran Sasser and not Google Chrome?
okay, thats a good one
Just might be a different iteration lol
I'm pretty sure Sasser has a variant called Google Chrome.
remove chrome embrace opera
@@piniokwilku2282 aka chrome but ur data goes to china rather than google
danooct1 before installing sasser on his computer network: "Some of you may die, but it's a sacrifice I am willing to make."
Sasser: uses 100% CPU
Compuer: *still fast af*
IM FAST AS FUK BOI
Probably because it's a raw unpatched install of XP.
I'M FAST AS FUCK BOI
*[MADE IN HEAVEN]*
I think it's because real machines are way faster than virtual machines, the latter Dan uses more commonly to demonstrate malware.
The VMs that Dan runs other malware on has a non-existent CPU that is very slow in order to prevent the virtualization being resource-hungry.
So if you run any OS on a VM today that is beyond the DOS & Windows 3.1 era, using real hardware is far more superior and flexible as opposed to VMs.
There's something charming about how down to earth these videos are.
Wow it’s been almost 10 years since I was 9 years old and watching your videos… now I’m about to graduate in cybersecurity! Thanks for inspiring my career 🙂
Old Viruses: *fake error message* *deletes system files*
New Viruses: R.I.P Task Manager
I ran a small ISP in Northern Michigan when this worm hit. My life was hell for a little bit until I discovered what was happening and how to stop it.
Really neat video, I love how you demonstrated how Sasser spreads through the LAN!
funny how Sasser and Mydoom still show up as examples in Windows Malicious Software Removal Kits
And Blaster
well.. happy 20th, sasser
and of course, happy 20 years of your interest in malware, dan❤
Someone: says that their computer is shutting down and restarting randomly
Windows 10: *nervous sweating*
My PC: *heavy breathing*
Dan, no one hates you, because you're awesome.
Thanks for educating this 14 year old of the malware of the past!
So are you 18 now?
20 probably.
perhaps 21
how about 23
Older viruses: Abra Kadabra! Your computer is now a brick!
Newer viruses: giv monyz
RUclips went down while I was watching danoct1 videos... This means something...
not a virus, the servers just shut down
he was making a joke -_-
it was a joke -_-
not a virus, the servers just shutdown
nort a voroos ze sorvors jerst swot don
Me: *sees no shut down option*
Me: *laughs in physical power off button or pulling the plug*
Also imagine the day when a computer exists that can cleanse itself of a virus by applying a hot fixes or patches at speeds so fast that your PC will have not been damaged in any way, and it being able to expertly extract encryption keys from any ransomware. Microsoft is probably going Macrohard just thinking about the future of their computers.
I had a hard drive crash on me on a Pentium 4 computer while I was using it. It started loosing a lot of programs and dropping memory until LSASS crashed. It was basically the same thing but with hardware.
Hey Bro,
you got 19 days left to activate Windows XP
-1940 days, to be precise
what an awesome channel! I am so glad I found this. I remember these (all of these viruses you profile) causing genuine fear in me as a child, and now it's amazing to look back on it and see the ingenuity of the virus creators - and sometimes their idiocy too, like the virus that asks you if you want to delete your hard drive.
Man i really miss the old youtube, was so much cleaner and better to navigate
I remember on my old XP, I had one game on it, maybe a few programs and a lot of pictures. I was younger then, didn't know a thing about computers. It would just be slow all the time. Took 5-10 minutes to load a folder of a program. I'm still curious on what caused it to be so slow. o.o
Either the hardware was old, or a virus failed to infect it, but filled it with crap, so your hard drive was overloaded.
Actually that is a given with older Windows Systems. The longer you use it, the slower it gets. I have the habit of formatting my hard drive about twice a year, but thats because I use my computer constantly.
i know why ur pc was slow! u had alot of pictures, u should have deleted some :/
Did it have internet, probably some trojan/Worm - even multiple ones.
Depending on the hardware, even on a 233Mhz it doesn't take 5 MINUTES to load a folder.
I once had a Vista PC, however after foolishly delving into Megavideo I got a virus that permanently disabled its ability to connect to the Internet (and its firewall). I've always been curious as to which virus it actually was.
My antivirus stopped Sasser B, but good lord...this thing is scary...
+ZilkenianDagger My dads old computer had Sasser A
Asura the Latias ラティアス and you destroyed it? The virus, I mean
I have a old windows 7 virus which used to have more than 7 viruses and it was unusable, IE kept crashing when I loaded it and you couldn't download anti viruses or anything good, just more viruses. I had to reformat the drive and it runs normally now.
Ah man this is so nostalgic. The first ever computer worm for me. Oh how the time flies.
Nearly an 18 year anniversary.
6:11 so it basically turns all infected systems into Vista machines?
"I've got a Windows OS Upgrade, but at what cost"
LMAO
Love historical videos like this ... And love the computers you have on that network. Those Toshiba Tecras were tanks back then. I remember this worm, though I managed to evade it somehow.
A worm which devastated computer networks all over the world due to its bugginess.
Viruses in 1996: Goodbye, computer.
Viruses in 2006: Ads in your web browser
Viruses in 2016: MMMMOOOOOOONNNNNEEEEEEYYYYYY!!!
Now I get why the name is Sasser. Because L-SASS.
sassy
Sassy, sassy, sassy!
Sissy
Wow! I actually remember our old family PC having this virus too. We took it to the PC store and they gave us a floppy disk to fix it. That's a long time ago, damn!
Nobody:
My recommended: "Hello everyone, today I have a very special worm video for you."
Old viruses: Time to bsod this computer and delete all files!
New viruses: Oh look, a saved password for PayPal! Time to steal their money.
Both are still pretty bad, I'd say.
@@FluffyGameplay But not as amazing to look at.
The first one is better because you can recover data
These days they're doing both at once with cryptominer viruses. Take all your computers resources and render it useless, potentially damage your hardware if you don't get it fixed quickly enough and hike up your electricity bill while mining cryptocurrency for the hacker.
People is change
Got this on my 9 year old Laptop, those were the years... of unsaved work xD
can you show us the new internet explorer bug?
Look. Microsoft got hacked so DO NOT USE Internet Explorer. Download Google Chrome and never use again Internet Explorer. I saw that on the news. They said that Internet Explorer got hacked and infects your computer!
Is not a lie! I saw it on News in Netherland!
NO. Go to www.jeugdjournaal.nl
And find it.
Missy Briarwood
i like how you bold all of your comments
it really makes it easier to hear you, thanks
pitok9 it didnt get hacked.... there was an exploit. Almost every major program in the world has had major exploits at one point. SSL had a HUGE exploit but that didnt mean everyone dropped SSL to get another kind of encryption program.
I love the dedication to testing this one. Great worm. Love your channel.
Today is April 30th! Happy 17th birthday, Sasser!
I remember Sasser hitting at where I worked at the time. The XP machines all took a hit, but the NT4 boxes just chugged along without any issue.
I'm somewhat surprised, to be honest. XP is based on NT, so that's a strange thing to have happen.
Although 2K and XP do indeed have their roots from NT 3.x and subsequently 4.0, they have enough differences (and more importantly, more open ports) that make them more vulnerable by default. One easy way to verify this back in the day was to run the Shields Up test at grc.com in various versions of Windows. You could also verify with netstat and other networking commands. As strange as it sounds, Windows 3.x would have no vulnerable ports open by default, 95 would have the next fewest, and so on as you move up the line in Windows releases.
It was a mixed blessing that the company I worked at hadn’t yet migrated all their workstations from NT4 to XP. They also hadn’t yet migrated their servers from NT4 to 2000, and Server 2003 was still too new to be approved. I didn’t work directly for the teams that made these decisions, but having access to an NT4 box that fateful Saturday made it easier to research what was going on and forward what I found to the teams that needed to act fast. We also had some UNIX / Solaris boxes that naturally chugged along, and their IBM mainframes & midframes never flinched.
That’s the power of diversifying!
ok this was my first malware too.. was connecting first time my home to the internet and my windows 2000 got infected almost instantly after getting connection to the internet... on 2004 i was running an antivirus from 1999
ahhh i used shutdown -a command but the system continued slow
David Sucesso
really ?
I thought a loop of
" %windir%\system32\Shutdown.exe -a "
will stop the Shutdown
Yeah he just said that
Future viruses: You have 1 hour to give me $1000 before the battery in your laptop violently explodes.
Happy 15 years:)
I wish I was smart enough a long time ago to know what my first virus was. I didn't get my first computer until 2007 and I didn't know *anything* about them. All I remember is running a file and my computer just shutting off and refusing to boot. Essentially, the virus buttfucked my MBR and we stupidly took it in to get repaired. Now I work in IT and I wish I could have saved us $300 back then by fixing it myself.
Other than that, the only other piece of malware I've ever gotten was sdtr.exe, a rootkit that can be pretty annoying to get rid of.
Oh, and Conduit, but that's easy to pick up from anywhere.
Me, I got a Trojan horse that opened itself up as an ad that would not let you sign into AOL, our family uses that as a browser back then, unless you click on it (these ad things usually have a small button at the corner that says, 'No thanks'.) The ad was for a printer, nothing special. Then the next day we could not boot up the computer without it displaying the BSoD. (I used to think the blue screen ment 'system failure' until I saw the real message the computer would display if such thing happened.) My dad took it to the repair shop and the technician said that it was infected with a virus.
If you think Conduit was bad, what might be your feelings towards TimeSink and Zango. (They pop up ads even if we weren't using the Internet and it made the fans overheat.)
Conduit and EasyLife are fucking annoying as hell
Remember running Shutdown -a or something and that shit is gone :D
Thats how I got around it.
it can reappear and be a pain in the ass having to open up cmd.exe and type "shutdown -a" everytime the pop-up appears. tho yes youre right.
I have a question, Dancoot. Did you set up a completely separate network for the computers on this test, or did you just use your existing connection but turn on the firewall on your regular computers (the computers not in the test) and install an antivirus as an extra precaution or something?
this is on its own isolated network running through a switch, you can see it resting on top of the laptop keyboards blinking away.
danooct1 Thanks.
Really, Dancoot?
Dankoct lol
***** you're wrong.
Old Viruses: Bye Bye Computer. :D
New Viruses: Gimme your lunch money.
I think that sasser is the only virus I've ever really had to deal with. I think it was very largely spread
The funny thing is that my laptop was recently, about 2 weeks ago, got taken down by a virus. It made some files run on 64-bit, therefore unbootable, and finally took out C:Windows/System32/boot?, or basically took out System32.
I remember all the computers in my shop lab in high school got this. This brings back good memories. First real payload I had ever seen first hand.
Old virus:I will kill your computer
New virus: all I want is money don't care about your pc
Man, I can't imagine what would happen if say a school were to get this virus. Ouch.
Ouch! ikr
I'll upload a video of that soon!
Jk
+Gabe Griggs My school had a mix of XP and 2K back in 2004, I remember this happening in classrooms actually. NEver realised that this was why but it makes sense.
+Gabe Griggs Something similar happened to my school, about 15 years ago according to my IT teacher. Basically a student teacher came in and she put a disk into one of the pcs and then she said it didn't work. She did it another 2 times, then she realised she had infected every pc in the school. My IT teacher had to reinstall windows on every pc, and some pcs didn't work any more. Theres still 2 or 3 old junker pcs in my computer room. So it had definitely happened at least once. It was definitely not Sasser, as it would have infected the computers in either 1999 or 2000.
+Aepsis m8 you are completely wrong Sasser was patched on XP and Vista+ is immune to it.
That CNN article was posted on my 5th birthday...
May the 4th be with you
***** HA
It was 3 days after my 3rd birthday
it was posted on my 14th birthday
So you were born May 4th, 1999? Too young for youtube, reported
Fun fact: Sasser has a huge rivalry with Mydoom.
I really miss the old youtube designs, the dislikes… I love this video, but my whole childhood was spent on watching RUclips videos ever since 2010, I miss the old designs 😢
1990 : Spyware
2010 : Spamware (Ads)
Dqdqdadadarqhdajtajfware
I remember this in highschool every computer on the network was infected SMH took us 4 months to get rid of it on every system
Old Computer Viruses = eats ur data
New computer virus = eats all ur money
MEMZ = am i a joke to you???
2nd RUclipsr I watch with a milestone recently. Congrats Dan. :D
4 XPs, one 2000. Why must everything have Windows XP?!
WindowsCollector2000 cool icon
WindowsCollector2000 because it's cool
Common OS. That’s why
Windows 2000 and XP are my two favourite Windows OS's. Especially when it comes to CPU's from before the NX and PAE CPU era
old viruses: say byebye to your computer! mwhahahaha!
new viruses: hello this is tech support how can i help you?
this video was awesome. one of my fav that you put out. it was amazing to see the worm in action across many PCs over a network. going to school for this shit so it was a cool thing to actually see.
i was an xp kid almost until windows 8 came out (the OS was damn well around as old as i am but we weren't as well-off back in the early noughties to tens as we are now) but sasser never got to me; didn't stop me from ruining my personal machine once or twice until i finally grew to be more savvy
Old viruses: Time to die!
New viruses: WARNING: YOUR ZTE HAS BEEN INVECTED WITH A VIRUS. PRESS OK TO CONTINUE.
it isnt really infected, that is coded into the site you are on, clicking ok and installing its app is what will infect you
People still use HiJachThis, i also remember CastleCops, miss then.
I remember building a new PC with a friend, we put Windows XP on it. It was an old version, so first thing we do is turn on ethernet and go to windowsupdate website. PC was infected in less than a minute. We had to reformat it. Good times haha
Everybody gangster until Task Manager is no longer responding.
When Sasser propagates to a new computer it finds, does it coordinate/delegate what IP range to start searching at? Or does each version of the worm just start with a random IP range?
I'm curious as to how it splits up the workload.
Worms enter a network and relies in security failure and vulnerabilitys, when it finds one vulnerability/failure on the security it enters.
That's like asking why is the sjy blue and then receiving the answer "the sky is blue"
He's not asking what it does, he's asking how it does it
Egh, not very tedious when a simple batch script can perform the removal process.
I know this is two years in the future but I love this video
this was the first ever virus we got in our local network in 2004. bitdefender was busy displaying how the worm was trying to access each and every pc on the network.
Dan, awesome video on my birthday 3
My first virus was a trojan I got after downloading a wallpaper of a llama.
I don't know what the name of the trojan was, but it made my computer bluescreen after only a few minutes, and there were some error messages that I can't remember what they said.
I was able to do a system restore after the bluescreen and everything was fine.
I remember getting this on our Windows XP family computer in the mid-2000s. Distinctly remember one instance when I was chatting with someone and the shutdown message popped up. That was a mad scramble :p (Also: I remember HijackThis, holy crap. Hadn't thought about that in years)
“the computer becomes practically unusable” welcome to the club
Well done. Congratz to ten years.
He hasn't made his channel in 2004. In fact it is impossible, since youtube didn't exist back then.
he's talking about when he got interested in malware dumb fuck
Linkehh I'm not dumb, besides, why congratulate someone for being interested for a long period of time?
***** because if he never became interested then we wouldn't be here watching his videos.
projackX Fine, I admit my stupidity. And I congratulate danooct1 as well.
you can make this video on a VMWare virtual box
This is nostalgic, because this was also my first virus! Good job on the video.
I remember that thing being so annoying - but I think the timer was way shorter - I barely had time to stop the shutdown
Every time I reinstalled Windows (2000 in my case back then) I had to keep the command prompt ready when downloading a firewall
How my dad's XP broke: I was watching RUclips then BOOM
BSOD
nothowthisworks.exe
I use xp....
*****
Division by 0 is an automatic red flag for lying. Division by 0 in windows XP does not cause an error, it just freezes for a secnde then quits whatever program caused the equation. I'll only believe you if I see some hard evidence (proff) it happened.
FAMICOMASTER Remember this: We cannot detect sarcasm over text.
Yes, I know. I had no intention of sarcasm in that text.
When i first saw Lsass.exe is thought it said IsAss.exe
My first computer had a virus like this. It was a 2nd hand one though. The trick to avoid the countdown was set the PC datetime a few hours back so the countdown insted of being 1 min was 1 min + the amount of time you went back in the clock setting.
God. I had this virus back in the day. I still don't understand how it happened. It was around 2002 or 2003 or so, and we had literally JUST gotten internet for the first time on our computer. I didn't know crap about computers back then though. I was like 12 years old. It was so annoying having it shut down so often. I never knew what was causing it and never did fix it.
just type in the CMD (Command Prompt) shutdown -a to stop the shutdowning
It probably wouldn't have let you do that, as LSASS crashed, so you no longer have permissions to run the shutdown command.
*****
he already did it , look at 12:31
Tolga Beytula So why did you put in the comments? xD
idk xD
thecomputerman100 he Posted the comment before watching the whole video
Can you talk about dgen.exe virus?
Oh... Dgen the SEGAEmulator, Dgen the bitcoin miner?
Which one?
However, if you harddrive has a Folder called:
C:\Program Files\PCDApp\
taskkill the Dgen.exe and delete the dgen.exe inside.
You can't delete programs while their running.
next, open regedit, go to the path HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and delete the key pointing to dgen.exe.
Reboot your stuff.
I was there, Gandalf. I was there three thousand years ago. This virus was the most annoying I ever experienced because at the time no one even knew how to abort the shutdown and panic was widespread.
"You definitely wanna have an antivirus, especially back in the day, when malware was more malicious in just attempting to mess with your computer or your files rather than trying to make money as it's doing nowadays".
Now we're in 2017 and have ransomware that does both.
Likes 3,333
Dislikes: 33
Wow, first of all how could there be so few dislikes? I mean this is like unheard of for me, and secondly what a coincidence.
I did this to my school
Aren't you a wonderful little douchebag.
GOOD JOB! :D
lol
:D
I probably shouldn't do this to my school, because they have a HUGE network that goes all the way out to canada, where it reaches their internet servers, and the computers are slow enought already XD
Antonio Barzan so did I and they couldn’t figure it out
Now in 2016, there are still old XP Dell Optiplex machines running in a production environment. There are several at my work, being used as tester machines that run in-circuit and functional test software on circuit boards. Why can't computers be built like that anymore?
What, why can't PC's be made old and used for a job that it doesn't need high power for?
I almost want to see what happens if it gets installed it on Windows 10