Have you done all of your windows updates ?
Or made sure your firewall is working ?
if not, you might be in for a rough ride :)
and here's why
Quote:
Sasser
New Worm Spreads without User Interaction
Severity: Medium
(May elevate to high in the next few days)
1 May, 2004
About the Virus
Beginning Friday evening a new worm called Sasser (technically known as W32/Sasser.worm) began spreading on the Internet. Like previous worms (such as Slammer, and to some extent, CodeRed and Nimda), Sasser relies on exploiting a recent flaw in Microsoft Windows to spread. If the worm finds a computer vulnerable to the specific Windows flaw, it infects that PC without any user interaction. Worms like Sasser that require no user interaction tend to spread wildly. The good news is that if you have kept up to date with the Microsoft patches , Sasser should pass you by.
What It Does
Unlike most worms, Sasser does not rely on email to spread. Instead, the worm attempts to connect to random victims on TCP port 445 and exploits a Microsoft Windows vulnerability we described in an April 13 alert (specifically MS04-011). Its name arises from the fact that it exploits a buffer overflow in LSASS (Local Security Authority Server Service) .
If the exploit is successful, the worm downloads a copy of itself to your machine and adds the file "avserve.exe" to the default Windows directory. The worm also adjusts the registry to ensure that it can restart the next time you reboot. In fact, using a special Windows API, AbortSystemShutdown, Sasser makes it difficult to restart or shut down your PC.
Finally, Sasser installs an FTP server on your computer, running on TCP port 5554 so that your machine can deliver the worm to others.
Once installed on a victim machine, Sasser repeats the entire process by randomly scanning IP addresses on port 445, searching for exploitable machines. Out of the randomly scanned IPs, 50% are totally random, 25% have the same first octet as your IP address and the last 25% have the same first two octets as your IP address. This helps Sasser to spread efficiently both on the Internet and within your local network.