aktuelno: Slammer :: Internet ~ Novosti ~ Provideri

Toolbar

Pravilnik foruma

Burek marketing

Najčešća pitanja

Posetite Burek Prodavnicu

Zatvori

BUREK marketing

Burek :: Forumi :: > Tehnicki deo foruma > Internet ~ Novosti ~ Provideri

Tema: aktuelno: Slammer (Moderator: Crowz)

Trenutno vreme je: 26. Apr 2024, 04:43:59

Korisnici koji su trenutno na forumu 0 članova i 1 gost pregledaju ovu temu.

Stranice:

Tema: aktuelno: Slammer (Pročitano 3643 puta)

Killer

28. Jan 2003, 00:38:50

Prijatelj foruma

Zvezda u usponu

Zodijak
Pol
Poruke	1391

izvor pc mikro

Slammer usporio Internet, ali ga nije zaustavio
----------------------------------------------------------------------
Nov racunarski crv krenuo je u napad prosle subote iskoriscavajuci poznati propust u
Microsoftovim Web serverima SQL 2000 i prilicno je usporio ili gotovo zaustavio
saobracaj na Internetu sirom sveta, sto je kompanije koje prate njegovo sirenje navelo
da ga porede s druge dve bezbednosne pretnje koje su ranije protutnjale Mrezom - Code
Red i Nimda.

Izdato je cak desetak biltena u kojima se opisuje crv zaveden pod oznakom W32/SQL
Slammer (treskadzija) ili Sapphire (safir). Crv preplavljuje Mrezu paketima tako sto
iskoriscava propust poznat kao prepunjavanje bafera i stvara efekat slican napadima koji
izazivaju servere da odbijaju izvrsenje usluga zbog prevelikog broja zhateva.

Tim za hitne antivirusne intervencije kompanije Network Associates (Anti-Virus
Emergency Response Team, AVERT) procenjuje da je zarazeno 150.000 do 200.000 servera
sirom sveta.

Kad je napad zapoceo (u subotu oko 5.30 ujutro po Grinicu) gubici paketa na Internetu
narasli su na 20 posto, izvestila je teksaska kompanija Matrix NetSystems koja prati
mrezni saobracaj. Uobicajeni proceat izgubljenih paketa najcesce ne prelazi jedan posto.

Najvise je bila pogodjena Juzna Koreja u kojoj vecina korisnika fiksnih i mobilnih veza
nije mogla da se poveze s Internetom skoro pola dana.

"Mreze juznokorejskih dobavljaca Internet usluga bile su dobrim delom nedostupne od
14.30 po lokalnom vremenu", izjavio je tehnicki pomocnik korejskog tima za hitne
racunarske intervencije cije je sediste u Seulu. "Od tada pa nadalje vecina ljudi u
Juznoj Koreji nije mogla da koristi Internet."

Deset sati po izbijanju napada saobracaj je poceo da se uspostavlja i procenat
izgubljenih paketa pao je na pet posto, izmerio je Matrix NetSystems.

Oporavljanje od napada je jednostavno, slazu se sve bezbednosne kompanije: instaliranje
Microsoftovog nedavno objavljenog servisnog paketa SQL Server 2000 Service Pack 3 resava
problem. Ima i preporuka da adminstratori sistema blokiraju saobracaj koji pristize s
nepoznatih masina preko ulaza 1434.

Ono u cemu se ne slazu odnosi se na ozbiljnost pretnje. Trend Micro oznacava ovog crva
etiketama "Destruktivan" i "Visokorizcan", dok Symantec smatra da je steta koju moze da
izazove "mala". Network Associates i eEye Digital Security, jedna od prvih kompanija
koja je registrovala pojavu Slammera i analizirala njegov kod, izdali su upozorenja u
kojim navode da je u pitanju pretnja visokog rizika.

Mada je odbrana od ovog crva lako izvodiva, veliki broj sistema je jos uvek nezasticen
i ranjiv.

"Situacija je trenutno verovatno gora nego pre tri ili cetiri sata i nece se rascistiti
tako brzo", izjavio je potpredsednik AVERT-a Vinsent Guloto priblizno dvanaest sati
posto je napad zapoceo.

"Slammer ne unistava, ne uklanja, ne krade i ne izdvaja nikakve podatke", saopstio je
Tom Olson iz kompanije Matrix NetSystems. "Medjutim, izuzetno je agresivan kad je rec o
samoumnozavanju."

Slammerova brzina sirenja podseca na jednu drugu napast koja je zadesila Mrezu sredinom
2001. i zarazila na stotine hiljade servera: crva Code Red.

Uprkos tome sto je postojala zakrpa Code Red je napravio stetu od dve milijarde dolara,
sudeci prema podacima jedne istrazivacke kompanije. Nove infekcije nastavile su da se
sire jos citavih godinu dana posle njegove pojave.

"'Treskadzija' je slican 'Sifri crveno' po brzini sirenja ali nije mu ni blizu po
destruktivnosti", smatra Olson.

Predstavnik americkog centra za zastitu nacionalne infrastrukture (National
Infrastructure Protection Center, NIPC) potvrdio je da ovaj centar ispituje problem.
NIPC nije postavio nikakvo novo upozorenje u vezi propusta koji ovaj crv zloupotrebljava
jos od vremena kad ga je Microsoft identifikovao u julu 2002.

Portparol federalnog istraznog biroa (FBI) odbio je da detaljnije komentarise najnovije
probleme na Internetu i samo je izjavio "da je Biro svestan ovih napada i pomno prati
sta se desava".

"Crv ne sadrzi nikakav podatak o autoru", saopstio je Denis Zenkin, portparol moskovske
kompanije Kaspersky Labs. "Izgleda da je autor veoma vodio racuna o velicini crva i
nastojao je da bude sto manji. Ima svega 376 bajta i dodavanje bilo kakvog imena samo bi
ga ucinilo vecim."

"Nemamo konkretnih podataka ali ja bih rekao da je poreklom iz Kine", izjavio je Miko
Hiponen, rukovodilac u finskoj kompanioji F-Secure. "Mogao bi to biti isti autor koji je
napravio crva Lion za Linux jer je u jednoj diskusionoj grupi objavio nekoliko poruka u
kojima raspravlja o teorijskim osnovama Slammera."

Mala velicina otezava pracenje jer se crv prenosi veoma brzo, dodao je Hiponen. "Ovo je
jedan od najmanjih crva koje smo videli. Tvorac verovatno nije imao na umu zagusivanje
Interneta ali ocigledno nije imao ni predstavu o tome kojom brzinom ce se prenositi."

Crv se pojavio svega jedan dan posto je juznokorejsko ministarstvo za informisanje i
komunikacije objavilo upozorenje o mogucim napadima izazivanjem odbijanja usluge,
prenose lokalni mediji. Ministarstvu je navodno dojavljeno da ce juznokorejski racunari
biti upotrebljeni kao odskocna daska za napade, navodi novinska aagencija Yonhap.

Cetrdeset osam sati posle prve registrovane pojave sirenje ovog crva je usporeno i
trenutno nema izvestaja o vecim prekidima i smetnjama u radu Interneta.

U subotu je bilo izmedju 200.000 i 300.000 napada na sat a u nedelju 9000 do 10.000,
koliko i Nimda prosecno izaziva dnevno.

Novi napadi mozda ce buknuti u ponedeljak kad zapocne novi radni dan ukoliko osoblje
koje se stara o bezbednosti racunarskih mreza nije preduzelo neophodne mere u nedelju.

Microsoftov bezbednosni bilten koji se odnosi na pomenuti propust nalazi se na adresi
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-039.asp
. CERT je svoj savet objavio na aderesi http://www.cert.org/advisories/CA-2003-04.html .
(M.V.)

IP sačuvana

Zatvori

Puky

Poruka #1

28. Jan 2003, 23:50:56

Prijatelj foruma

Zvezda u usponu

Zodijak
Pol
Poruke	1973

Izvor: Elektronske vesti casopisa Mikro

Spor odziv na Slammerov napad stavio NIPC na muke
----------------------------------------------------------------------
FBI se u ponedeljak nasao na udaru kritika jer je u subotu "spavao na nogama" dok se racunarski crv W32.Slammer brzinom rakete prenosio po svetu i zarazio na stotine hiljada racunara u prvih nekoliko sati posto je uocen.

Ispostavilo se da je spor odziv Federalnog istraznog biroa (FBI) na subotnju pojavu i brzometno sirenje novog virulentnog racunarskog crva nazvanog Slammer posledica nedavne reorganizacije americke vlade kojom je stvoreno novo ministarstvo za bezbednost zemlje (Department of Homeland Security) i povecane zabrinutosti zbog pretnji kiberterorizma s drugih strana.

FBI-eva ruka zaduzena za kiberterorizam - Centar za zastitu nacionalne infrastrukture (National Infrastructure Protection Center, NIPC), nije se oglasio u vecem delu subote dok su poznate antivirusne kompanije kao sto su Internet Security Systems (ISS) i Network Associateov ogranak McAfee AVERT (Anti-Virus Emergency Response Team - Tim za hitne antivirusne intervencije) odmah izdale saopstenja o sirenju Slammera.

Reporteri koji su pozivali ovu vladinu agenciju u potrazi za komentarima dobijali su odgovor da NIPC "prati situaciju", ali ne i bilo kakve zvanicne biltene.

NIPC je prvi savet pod naslovom "Crv cilja na propust u bazi SQL" (Worm Targets SQL Vulnerability) objavio na svojoj Web strani tek u 18.41 po Grinicu, cak 13 sati posle njegove pojave. U to vreme mnoge organizacije su vec identifikovale opasnost i preduzele mere zastite i sprecavanja daljeg sirenja.

U diskusiji preko Interneta koju je organizovao neprofitini institut SANS (SysAdmin, Audit, Networking and Security) i u kojoj su ucestvovali strucnjaci za bezbednost, predstavnici savezne vlade i Microsofta, Markus Saks, direktor za zastitu komunikacione infrastrukture u odeljenju Bele kuce zaduzenom za kiberbezbednost (White House Office of Cyberspace Security) rekao je da je kombinacija loseg tajminga i nedavnog preseljenja centra NIPC i drugih vladinih bezbednosnih odeljenja u novo ministratvo za bezbednost zemlje mozda odigrala glavnu ulogu u trapavom odzivu agencije na pojavu Slammera.

"Crv nije mogao izabrati bolje vreme da se pojavi", nasalio se Saks.

Inauguracija novog ministarstva proslavljena je dan ranije, u petak. Pored toga osoblje NIPC-a je koordiniralo svoj rad s ostalim osobljem zaduzenim za bezbednost saveznih racunarskih resursa ali na temu koja je u vezi s Irakom.

Rezultat svega je da se vecina NIPC-ovih istrazivaca nalazila kod kuce kad je Slammer krenuo u svoj pohod a bilo je problema i da se okupi "pravo osoblje" koje ce odgovoriti na Slammerov napad, objasnio je Saks.

Medjutim, NIPC-ov predstavnik za stampu Bil Mari porice da je bilo ikakavog kasnjenja u odzivu na sirenje Slammera. "NIPC objavljuje upozorenja i savete tek kad je sasvim siguran da su informacije proverene i kompletne."

Mari je odbio da okarakterise NIPC-ov odziv u subotu kao spor ili brz i dodao je da nema nameru da se poredi s antivirusnim kompanijama u pogledu objavljivanja informacija o iznenadnim mreznim pretnjama.

"Verujemo da je NIPC uradio ono sto je bio duzan da uradi i sto je ovlascen da uradi. Analizirali smo pretnju i objavili oprecizno upozorenje", istakao je Mari i dodao da ce buduci odzivi biti ocenjivani od slucaja do slucaja.

IP sačuvana

Gravitacija je vrlo zajebana sila - nikada ne zakaze.

Zatvori

Puky

Poruka #2

28. Jan 2003, 23:59:26

Prijatelj foruma

Zvezda u usponu

Zodijak
Pol
Poruke	1973

Kaspersky Labs analyzes the consequences of the latest epidemic.

The "Helkern" epidemic has become huge, not only in the number of
infected severs (nearly 80,000), geographic coverage and its rate of
spreading, but also in the consequences it has caused regarding the
general functioning of the Internet. Never before has a malicious
program threatened to tear apart the composite parts of the worldwide
network and destroy communications between regions. "Helkern" has
managed to: disrupt the operation of and temporarily shutdown the
Internet installations in the U.S., South Korea, Australia and New
Zealand. According to Kaspersky Labs, "Helkern", at the peak of the
epidemic (January 25, 2003), slowed the Internet's performance by 25%.
This means that every 4th site was either unable to respond or was under
duress. Similarly manifestations were seen in other services using the
Internet, such as email, FTP servers, Internet messaging among others.

Is "Helkern" an isolated event or unpremeditated attack? Or is it the
next step for cyber-terrorists exposing network weaknesses that model
the collapse of the Internet? What consequences will result from this
epidemic have on the future of the Internet? These questions raise
concerns for everyone who is in some way exposed to the Internet.

It is essential to understand the real danger posed by "Helkern". It
attacks only servers; so many Internet users may feel that safe as if a
computer does not have the database management system Microsoft SQL
Server installed, the worm is unable to inflict damage. However, the
scale at which "Helkern" spreads and the consequence of exponential
rises in Internet traffic could lead to an Internet outage. Therefore,
all Internet users are at the least indirectly made to suffer.

The future of the Internet is not only put in jeopardy just by "Helkern"
but by the application of technologies that can in a flash slowdown
networks. More than likely, very soon, just after the source code of
this worm appears in sites and forums dedicated to computer viruses, the
computer underground will set to the task of cloning "Helkern". New
modifications will be created that will distinguish themselves with even
greater spreading capabilities and destructive payloads. The
consequences of this developing event and the potential damages to the
world economy are practically beyond placing a value.

The "Helkern" attack demonstrates the general vulnerability of the
Internet. It graphically demonstrates one of the weakest points through
which it is possible to, on the whole, halt network operation, namely,
vulnerabilities (breaches) in security systems that viruses can
unimpeded exploit to penetrate computers. It would be hard to find a
better example of this danger than with the current circumstances
involving "Helkern".

It is well known that the 100% protection of software does not exist.
Each day up to 10 vulnerabilities are discovered in a myriad of
operating systems and applications, for which their creators quickly
release patches. Weak system kernels, as is often the case, is an
unavoidable human factor. Making matters worse is that many system
administrators infrequently install these patches, leaving their
networks open to potential attack from new malicious programs. The
"Helkern" experience has shown just how "productively" it is possible to
take advantage of these shortcomings. The main threat lies in the fact
that nothing can stop virus writers from continuing to create network
worms targeting software vulnerabilities. Pandora's Box is open and
already there is nothing that can be done to rein in its destructive
power. From another side, the amount of software vulnerabilities
existing today is enough for the release of "Helkernesque" worms each
and every day over several years. Under such circumstances the Internet
would fail as a means for business communications, entertainment or
information searches.

The danger posed by the abuse of software vulnerabilities was foreseen
by Kaspersky Labs experts several years ago with the appearance of the
first "stealth" worms ("BubbleBoy" and "KakWorm"), which penetrated
computers via security system vulnerabilities. Until recently this
information remained with a narrow circle of specialists who
intentionally did not leak it to the public for fear of instigating a
catastrophe. However, in August 2001 Nicholas Weaver of the University
of Berkeley, published research analyzing the technologies used to
create the worm "Warhol" (a.k.a. "Flash-worm"), which over just fifteen
minutes could manage to spread around the entire world. For this very
reason the worm was given its moniker, as it was Andy Warhol who coined
the phrase, "In the future everybody will have 15 minutes of fame".
Today, this idea has been realized, and thus we can observe how virus
authors have taken it to heart.

This provokes the question of whether or not "Helkern" was created to
"test the water" of the Internet in order to detect weak spots, only to
later follow up with a full scale attack. We are far from conspiracy
thoughts however; most likely this is just usual cyber hooliganism.
Hooliganism in terms of approach, but when considering results - it is
indeed terrorism. Usually the scale of the consequences differentiates
these two terms. In this specific case, where there has been a
deliberate attack on and violation of global communication systems, it
is possible to be classified as a cyber-terrorist act. To our opinion,
without urgent preventive and prophylactic measures in the nearest
future this situation might go out of control and even cause us to
question the Internet's existence.

However, under current conditions to dramatically alter how we approach
preventative measures is almost impossible. An effective system aimed at
virus epidemic detection and prevention cannot rely on today's standards
of identifying Internet users, which is now basically chaotic. When such
an epidemic occurs it is almost impossible to locate its epicenter -
with the exception of when the virus author by mistake gives himself
away. In the event of the wide spread of a malicious program, in order
to prevent it from spreading further, entire regions of the network must
be disconnected and switched off. These measures are meaningless, you
can endlessly patch the holes in a security system, but this won't
prevent further attacks. Basically today we are fixing consequences
rather than the causes - while at the moment the sheer volume of
"consequences" or symptoms have already reached such a level that it
would be cheaper, faster and in the end more efficient to cure the
problem at its roots.

As was mentioned earlier, the reason it is so difficult to prevent virus
attacks is due to Internet anarchy. It is much more tempting to abuse
the network when one is sure he or she can't be tracked. On the other
hand, to reform the Internet in order to fix this problem (to introduce
personal IDs) appears to be almost impossible as this process is
confronted with extremely complex political and economic problems at an
international level. The only possible and realistic solution would be
if large multinational corporations - the "locomotives" of the modern
economy develop a parallel network where they concentrate all their
business communications and limit this network's exposure to the
Internet; doing this will allow the processing of new standards to
happen faster and less painfully.

To summarize, we must note that the scale of virus epidemics similar to
that of "Helkern" will happen again and that the frequency of such
epidemics will most likely only increase. Eventually, using the Internet
will become so inconvenient, with constant interruptions and
malfunctions at the hands of viruses and hacker attacks, that users will
be forced to switch to other means of communication. Naturally, "snail
mail" and telephone communications do not offer the kinds of
conveniences that the Internet does. Therefore the development of a
parallel network that offers a high level of reliability and security is
today a matter of high priority.

Kaspersky Labs Corporate Communications

~~~
Singi ing by Kaspersky Lab.

IP sačuvana

Gravitacija je vrlo zajebana sila - nikada ne zakaze.

Zatvori

Stranice:

Burek :: Forumi :: > Tehnicki deo foruma > Internet ~ Novosti ~ Provideri

Tema: aktuelno: Slammer (Moderator: Crowz)

Trenutno vreme je: 26. Apr 2024, 04:43:59

Prebaci se na:

Oznake: malicious bafera programs virus aktuelno racunarski computer micro trend Slammer
attack consequences patch powered future helkern kaspersky slamer observing

Poslednji odgovor u temi napisan je pre više od 6 meseci.

Temu ne bi trebalo "iskopavati" osim u slučaju da imate nešto važno da dodate. Ako ipak želite napisati komentar, kliknite na dugme "Odgovori" u meniju iznad ove poruke. Postoje teme kod kojih su odgovori dobrodošli bez obzira na to koliko je vremena od prošlog prošlo. Npr. teme o određenom piscu, knjizi, muzičaru, glumcu i sl. Nemojte da vas ovaj spisak ograničava, ali nemojte ni pisati na teme koje su završena priča.

Forum Info: Banneri Foruma :: Burek Toolbar :: Burek Prodavnica :: Burek Quiz :: Najcesca pitanja :: Tim Foruma :: Prijava zloupotrebe

Izvori vesti: Blic :: Wikipedia :: Mondo :: Press :: Naša mreža :: Sportska Centrala :: Glas Javnosti :: Kurir :: Mikro :: B92 Sport :: RTS :: Danas

Prijatelji foruma: Triviador :: Domaci :: Morazzia :: TotalCar :: FTW.rs :: MojaPijaca :: Pojacalo :: 011info :: Burgos :: Alfaprevod

Pravne Informacije: Pravilnik Foruma :: Politika privatnosti :: Uslovi koriscenja :: O nama :: Marketing :: Kontakt :: Sitemap

All content on this website is property of "Burek.com" and, as such, they may not be used on other websites without written permission.