Wurm Helkern gefährlichster Virus - AlertCon 4 ausgerufen

AlertCon 4 beschreibt die ISS wie folgt: "AlertCon 4 - Catastrophic threat. Critical security situations within a network dictate an immediate and focused defensive action. This condition may be imminent or ongoing." Auch Kaspersky warnt mittlerweile vor dem Wurm: Pressemitteilung "Helkern": 367 Bytes That Shook The World A new "fileless" worm causes a global outbreak Kaspersky Labs, an international data security software developer, is warning users against the new Internet-Worm "Helkern" (also known as "Slammer") that infects servers running under the popular Web-enabled database Microsoft SQL Server 2000. The extremely small size of the worm (only 367 bytes), a unique technology of penetrating target computers and extraordinarily high speed of spreading allow us to proclaim "Helkern" one of the biggest dangers threatening the normal operation of the Internet to come along in recent years. There have already been reports of serious disruptions in Internet operation in South Korea, Australia and New Zealand. It is possible to say the worm has caused one of the largest virus outbreaks in history that has affected user from all corners of the globe: messages describing infections from "Helkern" are being received from Europe, the United States and Eastern Asia. "Helkern" belongs to the "fileless" worms category. This type of malicious programs performs all operations (including infection and spreading) exclusively in the computer's operating memory without using any permanent or temporary files. These features seriously complicate the detection and disinfection of such worms using contemporary anti-virus technologies (on-demand and on-access scanners). The first malicious code of this type, "CodeRed", was discovered on July 20th, 2001. At that time it caused a wide-scale outbreak infecting dozens of thousands of systems around the world. Up till now with the exception of "CodeRed", "fileless" worms had not shown themselves. "Helkern" infects only computers running Microsoft SQL Server 2000. This software is a multi-functional database system widely used primarily on Web-servers. For home users of any Windows versions who have not installed Microsoft SQL Server the worm poses no threat. "Helkern" exploits a security breach ("Buffer Overrun") in Microsoft SQL Server first detected in July, 2002. To complete this task the worm sends a special request to a target computer. When the request is processed the system automatically executes the worm's code contained in this request. In this way a malefactor can run malicious code without a user's knowledge. Next, "Helkern" initiates its spreading routine. This process features extremely rapid sending of the worm's copies to other Internet users: "Helkern" starts an endless spawning loop that many times increases network traffic. . Nowadays Microsoft SQL Server is one of the acknowledged leaders in the Web-enabled database market and is used on hundreds of thousands of computers the world over. These events show that many of these systems still contain a security breach allowing infection at the hands of "Helkern". <"Helkern" is a real threat that can cause serious interruption to the normal operation of the Internet because the worm generates a huge amount of redundant network traffic jamming data transmission channels. Moreover, in the future, there is a possibility that such attacks will happen with increasing frequency. These circumstances prove the necessity to develop a new approach confronting Internet virus outbreaks. Contemporary technologies have shown a low effectiveness when dealing with such challenges>, - said Eugene Kaspersky, Head of Anti-Virus Research for Kaspersky Labs.