Kaspersky Anti-Hacker log

Kaspersky Anti-Hacker log

offline
  • Pridružio: 22 Jul 2006
  • Poruke: 43
  • Gde živiš: Podgorica

Moze li neko malo detaljnije da mi objasni linije log-a!
Hvala
3/21/2007 11:22:53 PM Your computer has been attacked from host86-141-37-61.range86-141.btcentralplus.com. Attack - Helkern. The attack has been successfully repulsed.
3/25/2007 1:16:11 AM Your computer has been attacked from 203.174.47.4. Attack - Helkern. The attack has been successfully repulsed.
3/25/2007 3:27:42 PM Your computer has been attacked from h-68-167-220-157.nycmny83.covad.net. Attack - Helkern. The attack has been successfully repulsed.
3/25/2007 9:56:37 PM Your computer has been attacked from host81-129-203-64.range81-129.btcentralplus.com. Attack - Helkern. The attack has been successfully repulsed.
3/26/2007 11:55:30 AM Your computer has been attacked from zte-mum-203.94.209.243.mtnl.net.in. Attack - Helkern. The attack has been successfully repulsed.



Registruj se da bi učestvovao u diskusiji. Registrovanim korisnicima se NE prikazuju reklame unutar poruka.
offline
  • Rogi  Male
  • Mod u pemziji
  • Najbolji košarkaš koji
  • je ikada igrao ovu igru
  • Pridružio: 31 Avg 2005
  • Poruke: 11687

Znači da te neko napao sa host86-141-37-61.range86-141.btcentralplus.com.
Da je napad Helkern, i da je uspešno odbijen!
Ovo važi i za druge linije loga, ja sam ti samo objasnio prvu!
Najvažnije, za tebe, da je napad uspešno odobijen!

http://www.viruslist.com/en/viruslist.html?id=59159

Technical details
Helkern (aka Helkern, aka Sapphire) is an extremely small (just 376 bytes) Internet worm that affects Microsoft SQL Server 2000. To get into victim machines the worm exploits a buffer overrun vulnerability (see below).

When the worm code gets into a vulnerable SQL server it gains control (by using a buffer overrun trick), it then assumes three Win32 API functions:


GetTickCount (KERNEL32.DLL)
socket, sendto (WS2_32.DLL)

The worm then gets a random counter by using the GetTickCount function and goes into an endless spreading or "spawning" loop. In the spreading loop the worm sends itself to random IP addresses (depending on the random counter), to the MS SQL port 1434.

The worm sends multicast packets, meaning with only one "send" command hits all 255 machines in a subnet. As a result this worm is spreading 255 times faster than any other worm known at the moment.

Because MS SQL servers are often used on the Web this worm may cause a global INet DoS attack, because all infected servers will try to connect to other randomly selected machines in an endless loop - and this will cause a global INet traffic overflow.

The worm is memory only, and it spreads from an infected machine's memory to a victim machine's memory. The worm does not drop any additional files and does not manifest itself in any way.

There are text strings visible in the worm code (a mix of worm code and data):

h.dllhel32hkernQhounthickChGet
Qh32.dhws2_f
etQhsockf
toQhsend



offline
  • Pridružio: 22 Jul 2006
  • Poruke: 43
  • Gde živiš: Podgorica

Ok zahvaljujem! Smile

Ko je trenutno na forumu
 

Ukupno su 1064 korisnika na forumu :: 35 registrovanih, 5 sakrivenih i 1024 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, _Rade, Apok, babaroga, BlekMen, bojanM84, Denaya, DPera, draganca, dule10savic, FileFinder, HrcAk47, Insan, Karla, Lieutenant, Metanoja, MiGac, MikeHammer, MrNo, nebidrag, Nemanja.M, novator, ozzy, procesor, Romibrat, ruma, Sirius, sol, solic, suton, theNedjeljko, wolf431, Wrangler, yrraf, šumar bk2