Worm Attack Disrupts US, Asia, Europe
A virus-like 'Slammer' worm Internet server infection that launched a "Denial of Service " atttack disrupted Internet service in the United States, quickly spread through the world's digital networks early Saturday, disrupting computer networks in Asia and Europe.
Once again, taking advantage of another security hole in Microsoft's SQL Server Software, this underestimated 'Slammer' worm shows Microsoft's sloppy security QA.
Initial reports suggested that, outside the United States, the problems were most severe in technology-dependent areas of Asia. Users and news media reported outages or slowdowns in Thailand, Japan, South Korea (news - web sites), Malaysia, the Philippines, South Korea and India.
In Finland, phone operator TeliaSonera said some of its customers reported difficulties connecting to servers using Microsoft's SQL outside of Finland and Sweden
In Thailand, domestic servers also were operating normally, but connections to international servers for some users ground to a halt around 12:30 p.m. EST, according to a technical support representative for Internet Thailand.
In Japan, NHK television reported that heavy traffic had swamped some of the country's Internet connections. A public university computer had been hit by more than 200,000 transmissions in one hour and security firms were looking into the incident, it said.
In South Korea, millions of Internet users were hampered when traffic-directing computers at Korea Telecom Freetel and SK Telecom failed to function.
The system was restored after several hours, but service remained slow, officials said.
Kim Chang-rae, a chief system engineer at KT Freetel, said excessive traffic caused one of KT's main domain servers to fail, forcing other servers to shut down in a chain reaction.
The failure affected busy weekend Internet banking and shopping traffic ahead of the Lunar New Year holiday a week away.
In Taiwan, a customer service operator at Chunghwa Telecom Co. Ltd — one of the island's biggest Internet providers — said its service "experienced difficulties" and that some customers weren't able to access the Web.
The official would not say how many customers were affected.
"We are in the middle of managing the situation, so we really can't talk about it now," he said.
In Malaysia, TimeDotCom, a privately owned Internet service provider, said it had received numerous complaints from customers of partial or no access to the Internet.
Internet users in New Delhi complained of service interruptions, but no problems were reported in India's software development centers of Hyderabad and Bangalore.
In the Philippines, one Internet service provider detected an increase in signals early Saturday that it said was an apparent attempt to cause congestion in the network. In response, the company temporarily shut down its dial-up service.
Officials in the United States said the attack sought out vulnerable computers on the Internet using a known flaw in popular software from Microsoft Corp. called "SQL Server." But the attacking software code was scanning for victim computers so randomly and so aggressively — sending out thousands of probes each second — that it overwhelmed many Internet data pipelines.
In May 2000, the so-called Love Bug virus, released in the Philippines, overwhelmed e-mail systems worldwide and caused tens of millions of dollars in damage. Prosecutors in the Philippines dismissed all charges against a man accused of releasing the virus because of a lack of applicable laws.
Monitors reported detecting at least 39,000 infected computers, which transmitted floods of spurious signals disrupting hundreds of thousands of other systems worldwide. Sites monitoring the health of the Internet reported significant slowdowns, although recovery efforts appeared to be succeeding.
"Everything is starting to come back online," said Bill Murray, a spokesman for the FBI (news - web sites)'s National Infrastructure Protection Center. "We know what the issue was and how to mitigate it, and we're just imploring systems administrators to apply the patches that will prevent this from propagating again."
Bank of America Corp., one of the nation's largest banks, said many customers could not withdraw money from its 13,000 ATM machines because of technical problems caused by the attack. A spokeswoman, Lisa Gagnon, said the bank restored service to nearly all ATMs by late Saturday afternoon and that customers' money and personal information had not been at risk.
"It's not debilitating," said Howard Schmidt, President Bush (news - web sites)'s No. 2 cybersecurity adviser. "Everybody seems to be getting it under control." Schmidt said the FBI's cybersecurity unit and experts at the federally funded CERT Coordination Center (news - web sites) were monitoring the attack and offering technical advice to computer administrators on how to protect against it.
"We as a technical group are getting better at identifying these things and putting filters in place in a timely manner," said Marty Lindner of the CERT Coordination Center.
Tiffany Olson, spokeswoman for the President's Critical Infrastructure Protection Board, said the White House may not determine the scope of damage "for at least a couple of days, and we may not know the full impact of this attack at all." She said companies often don't report such damage to the government.
The virus-like attack, which began about 12:30 a.m. EST, sought out vulnerable computers on the Internet to infect using a known flaw in popular database software from Microsoft Corp. called "SQL Server 2000." The attacking software was scanning for victim computers so randomly and so aggressively, sending out thousands of probes a second, that it saturated many Internet data pipelines.
Most home users did not need to take any protective measures.