Napad crva... :: Pc Klinika ~ Doktori za vas kompjuter

Pa kako ga zakaci druze?ne znam za tog,ali sam imao isti problem sa slicnim crvicem.Smorio me!Formatirao sam disk,naravno ne zbog njega,vec mi se zeznuo windows installer.Onda sam nabavio Pandu(koja pojede RAM memoriju) i redovno mi zaustavlja takvu vrstu intrusion-a! Smile

Otidji na stranicu Kasperskog i vidi u bazi podataka ima li sta o njemu!
Inace Helkern je u svijetu poznat kao worm koji se najbrze siri!Mnogi preporucuju Anti-haker pro,kao sasvim solidnu zastitu od ovog smora i slicnih njemu.Anti-haker pro je jedan od rijetkih koji ima update svaka 3 sata!
Helkern (aka Helkern, aka Sapphire) is an extremely small (just 376 bytes) Internet worm that affects Microsoft SQL Server 2000. To get into victim machines the worm exploits a buffer overrun vulnerability (see below).

When the worm code gets into a vulnerable SQL server it gains control (by using a buffer overrun trick), it then assumes three Win32 API functions:

GetTickCount (KERNEL32.DLL)
socket, sendto (WS2_32.DLL)

The worm then gets a random counter by using the GetTickCount function and goes into an endless spreading or "spawning" loop. In the spreading loop the worm sends itself to random IP addresses (depending on the random counter), to the MS SQL port 1434.

The worm sends multicast packets, meaning with only one "send" command hits all 255 machines in a subnet. As a result this worm is spreading 255 times faster than any other worm known at the moment.

Because MS SQL servers are often used on the Web this worm may cause a global INet DoS attack, because all infected servers will try to connect to other randomly selected machines in an endless loop - and this will cause a global INet traffic overflow.
"Helkern" - 376 Bytes That Shook The World

Kaspersky Lab, an international data security software developer, is warning users to look our for the new Internet-worm "Helkern" (also known as "Slammer" or "Sapphire") that infects servers running under the popular Web-enabled database Microsoft SQL Server 2000. The extremely small size of the worm (only 376 bytes), a unique technology it employs for penetrating target computers and an extraordinarily high spreading speed allow us to proclaim "Helkern" one of the biggest dangers threatening the normal operation of the Internet to come along in years. There have already been reports of serious disruptions to Internet functioning in South Korea, Australia and New Zealand.

It is possible to say the worm has caused one of the largest virus outbreaks in history that has affected user from all corners of the globe: messages describing infections from "Helkern" are being received from Europe, the United States and Eastern Asia.

"Helkern" belongs to the "fileless" worms category. This type of malicious programs performs all operations (including infection and spreading) exclusively in the computer's operating memory without using any permanent or temporary files. These features seriously complicate the detection and disinfection of such worms using contemporary anti-virus technologies (on-demand and on-access scanners). The first malicious code of this type, "CodeRed", was discovered on July 20, 2001. At that time it caused a wide-scale outbreak infecting dozens of thousands of systems around the world. Up until now, with the exception of "CodeRed", "fileless" worms had not shown themselves.

"Helkern" infects only computers running Microsoft SQL Server 2000, a multi-functional database system widely used primarily on Web-servers. To home users of any Windows version without the installion of Microsoft SQL Server the worm poses no threat.

"Helkern" exploits a security breach ("Buffer Overrun") in Microsoft SQL Server that was first detected in July, 2002. To accomplish the "buffer overrun" exploit the worm sends a special request to a target computer. When the request is processed the system automatically executes the worm's code contained in this request. In this way a malefactor can run malicious code without a user's knowledge.

Next, "Helkern" initiates its spreading routine. This process features the extremely rapid sending of the worm's copies to other Internet users: "Helkern" starts an endless spawning loop that many times increases network traffic. "Within just 3 hours from the start of the outbreak began we have detected more than 20 thousand attempts by "Helkern" to penetrate our network, - says Igor Mitiurin, Head of the Information Security Department at Russlavbank, a major Russian financial institution, - Fortunately all these penetration attempts were successfully blocked thanks to our implementation of an effective information security policy that includes the timely installation of security patches for all software used in our corporate network."

Nowadays Microsoft SQL Server is one of the acknowledged leaders in the Web-enabled database market and is used on hundreds of thousands of computers the world over. These events show that many of these systems still contain the security breach allowing infection at the hands of "Helkern". "Helkern" is a real threat that can cause serious interruption to the workings of Internet because the worm generates a huge amount of redundant network traffic that jams data transmission channels. Moreover, in the future, there is a possibility that such attacks will happen with increasing frequency. These circumstances underline the necessity to develop a new approach confronting Internet virus outbreaks. Contemporary technologies have shown a low effectiveness when dealing with such challenges," said Eugene Kaspersky, Head of Anti-Virus Research for Kaspersky Lab. Smile