Robin Keir (author of K9 - http://keir.net) shared a link as response to my post re: above subject
"or you could download Foundstone's version that was released *3 weeks ago*, one day after the vulnerability was announced and has no restrictions on the size of network you can scan
See here: http://news.grc.com/news.exe?cmd=article&group=grc.security&item=89364&utag=
As a service to the network security community, eEye has announced the availability of a free tool to scan network computers and detect if any are vulnerable to the "Sasser.A" worm currently circulating worldwide. The tool allows administrators to quickly identify vulnerable workstations that do not contain the patch required to protect from the attack, and it provides information on where to locate the patch made available from Microsoft.
Download the FREE Retina Sasser Audit Tool here:
The Retina Sasser audit tool is based off of eEye's award-winning Retina Network Security Scanner. Current customers of Retina may scan for the LSASS vulnerability that the Sasser worm is using to infect servers.
This vulnerability is rated as critical and should be remediated immediately.
Detecting the Vulnerability
Both the full version of Retina and the free scanning tool will detect if a workstation is vulnerable to the worm, not if the workstation is infected. Due to the nature of the worm, an infected workstation will not register as either "Patched" or "Unpatched".
If you suspect that the worm has infected a workstation, you can install a network traffic analyzing tool like eEye's Iris on the same subnet as the server to monitor traffic to and from the machine. Once an infection is verified, you should restart the machine (shutting down an infected workstation will remove any trace of the worm) and apply the necessary software patch.
Current Version: 1.0
Release Date: May 1, 2004
The Retina Sasser Worm Scanner is being made available free of charge by eEye.
More info http://www.eeye.com/html/Research/Tools/Sasser.html