Get the latest updates as we post them — right on your browser

. Last Updated: 07/27/2016

Kaspersky Warns of Web Chaos

The Russian Internet may have emerged relatively uninfected by a virus-driven web jam over the weekend that crippled servers around the world, but it is only a matter of time before similar attacks paralyze all of cyberspace, Russia's leading anti-virus software developer warned Monday.

A malicious worm dubbed Helkern infected tens of thousands of servers around the globe Saturday, bringing down virtually the entire network of the world's most-wired country, South Korea, and disabling 13,000 automatic teller machines across the United States.

"It's becoming more and more difficult to prevent these virus attacks because of the anarchy on the Internet," said Yevgeny Kaspersky, head of anti-virus research at Kaspersky Labs.

"Naturally, when a user is sure that he won't be found, he is more and more tempted to abuse the Internet."

The Helkern attack was the worst to affect the Internet in more than 18 months.

Unlike most viruses, this so-called worm infects a servers' memory, making it immune to most regular anti-virus programs.

It is designed to exploit a vulnerability in Microsoft SQL Servers 2000, a widely spread software used to run databases and web servers, but it can be fixed with a patch Microsoft made available for downloading in July.

Personal computers are not at risk.

Because the virus replicated itself quickly, it managed to slow global Internet traffic by 25 percent to 50 percent, according to various estimates.

"At the peak of the attack, from 10 a.m. to noon on Saturday, every fourth web site was inaccessible," Kaspersky Labs spokesman Denis Zenkin said.

Kaspersky Labs estimated the virus affected up to 80,000 servers around the world, while Network Associates, a network security company based in California, put the figure at a quarter of a million.

"We don't have precise statistics on the number of infected servers in Russia," Zenkin said. "Most of the messages we get are about attempts to infect servers, but patches were installed on most servers in Russia, and that is why we didn't experience a massive infection."

But Russia may not be so lucky next time -- the Internet has become so anarchic that it is becoming easier and easier to sabotage, Kaspersky said.

"The contemporary Internet is at the closing stage of its cycle and is just about to die."

Kaspersky said it is nearly impossible to reform the Internet by giving users personal identity numbers, one proposal that has gained wide backing. This process would involve political and economic problems that can not be solved in the modern world, Kaspersky said.

Instead, multinational companies could develop an alternative network with higher security standards and move their business communications there, reducing Internet traffic, he said.

The last comparable web attack was the Code Red virus that infected some 300,000 servers in July 2001. Like Code Red, Helkern does not cause any damage other than generating excessive Internet traffic.

The origins of the virus are not known, Zenkin said, adding, however, that the virus was first registered on a U.S. Internet provider's server Jan. 20.

At the peak of attack on Saturday, some 20 percent of data sent via the Internet was lost in transit -- a rate at least 10 times higher than normal.

Although the worm's activity has slowed down, experts are cautious about future attacks by similar worms, which could be created if the source code for Helkern is made available for viewing.

If destructive features are written into them, these viruses could cause much greater damage, Zenkin said.

Patches, also known as fixes, are available on Microsoft's TechNet support web site at

"It was a vulnerability, we knew about it, but someone is exploiting it," Microsoft chief security strategist Scott Charney told Reuters.

"We want our customers to be as secure as possible and install the patches."