Setting up the Sasser Script Plugin.

Download the plugin.

Download the Sasser plugin from Here

Setup.

Unzip sasser_new.zip into a directory on the PatriotBox server. Launch the PatriotBox Console by double clicking on the orange icon in the system tray.

Next, right click in the services list and select "Add Script Service"

You will now have a new service in the service list labeled "0 Script", right click on that service and select properties.

For the port, enter 9996.

In the Command section, click on the browse button to the right of the box and browse to the location where you unzipped the sasser plugin file called Sasser.exe.

Now select Save.

Click ok to finish. Now the last step is to enable the service. Right click on the just created script service and select enable.

You should now see a green icon next to the 9996 script service which means a active listening port.

When a Sasser event gets triggered, you will see two events show up in the Log.

PatriotBox will also capture the Sasser worm and place it in a protective directory.

Since this is the actual Sasser worm, please take caution in handling the executable so as to not infect the PatriotBox server.

If you have any questions, please feel free to email us. Support