Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Regular Intrusion.win.mssql.worm.helkern Attacks


  • Please log in to reply
3 replies to this topic

#1 unloaded

unloaded

  • Members
  • 398 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 28 May 2008 - 04:08 AM

And yes, I am getting constant (every 2-6hours) Intrusion.Win.MSSQL.worm.Helkern attacks, which is indicated by kaspersky internet security I use, what should I do? I am pretty sure that I am not infected just being targeted because I have a static ip.

Here's a printscreen of kaspersky:
Posted Image

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:18 AM

Posted 28 May 2008 - 11:05 AM

The MSSQL worm (aka: SQL Slammer/Helkern/Sapphire) exploits vulnerabilities in Microsoft SQL 2000 servers on port 1434 and only affects unpatched systems (SQL servers not running SP3 for Microsoft SQL Server Desktop Engine). See Microsoft Security Bulletin MS02-039.

Helkern (aka Helkern, aka Sapphire) is an extremely small (just 376 bytes) Internet worm that affects Microsoft SQL Server 2000.

Net-Worm.Win32.Slammer
"Helkern" - 376 Bytes That Shook The World

Firewall alert messages are a response to unrequested traffic from remote computers. These alerts are often classified by the network port they arrive on and allow you to see the activity of what is happening on your firewall. The alerts allow the firewall to notify you in various ways about possible penetration and intrusion attempts on your computer. It is not unusal for a firewall to provide numerous alerts regarding such attempted access. Botnets and Zombie computers scour the net and will randomly scan a block of IP addresses. These infected computers are searching for "vulnerable ports" and make repeated attempts to access them. Your firewall is doing its job by blocking this kind of traffic and alerting you about these intrusion attempts.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 unloaded

unloaded
  • Topic Starter

  • Members
  • 398 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 28 May 2008 - 04:17 PM

Thank you so much for the info!!

But I am a little confused here:
1. I use Xp Pro SP3, so am I suppose to download the patch?
2. if it is not unusal for a firewall to provide numerous alerts, does that mean I should just leave or ignore the same attacks?

I just read the "Helkern" article, which it mentioned "To home users of any Windows version without the installion of Microsoft SQL Server the worm poses no threat." So I should just ignore it.

Edited by unloaded, 28 May 2008 - 10:35 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:18 AM

Posted 29 May 2008 - 06:01 AM

If the alerts become too annoying, you should be able to go into your firewall settings and turn them off (Hide notification messages).
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users