Symantec Security Response - W32.Sasser.B.Worm:
"W32.Sasser.B.Worm is a variant of W32.Sasser.Worm. It attempts to exploit the LSASS vulnerability described in Microsoft Security Bulletin MS04-011. This worm spreads by scanning randomly selected IP addresses of vulnerable systems.… "

Notes:
The MD5 hash value of this worm is 0x1A2C0E6130850F8FD9B9B5309413CD00.

Symantec Security Response has developed a removal tool to clean the infections of W32.Sasser.B.Worm.

Block TCP ports 5554, 9996, and 445 at the perimeter firewall and install the appropriate Microsoft patch (MS04-011) to prevent the remote exploitation of the vulnerability.

--------------------------------------------------------------------------------

W32.Sasser.B.Worm can run on, but not infect, Windows 95/98/Me computers. Although these operating systems cannot be infected, they can still be used to infect the vulnerable systems to which they are able to connect. In this case, the worm will waste a lot of resources so that programs cannot properly run, including our removal tool. (On Windows 95/98/Me computers, the tool should be run in Safe mode.)

http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html

http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html