Discovered on: June 10, 2004
Last Updated on: June 11, 2004 02:58:37 PM
Uses different port numbers, used by FTP server and the remote shell: 1023 and 1022.
Has an updated routine for finding vulnerable computers. W32.Sasser.G sends an ICMP echo request before attempting to make a connection. This change may prevent the worm from properly executing on Windows 2000 systems.
W32.Sasser.G can run on, but not infect, Windows 95/98/Me computers. Although these operating systems cannot be infected, they can still be used to infect vulnerable computers.