RENSE.COM


Virus Slows Worldwide
Internet Traffic
By Reed Stevenson and Kevin Krolicki
1-25-3

SEATTLE/LOS ANGELES (Reuters) - Worldwide Internet traffic suddenly slowed down dramatically for hours on Saturday, after a fast-spreading computer worm clogged pipelines of the global network, officials said.
 
Experts called it the most damaging attack on the Internet in 18 months as networks across Asia, Europe and America were effectively shut down.
 
Even though the worst of the disruptions appeared to have passed by Saturday afternoon, some network disruption was likely to continue until Monday when businesses return to work, experts said.
 
The explosive spread of the malicious program nearly cut off Internet providers in South Korea, disrupted automated bank teller machines in the United States and made online surfing, shopping and e-mail access difficult.
 
The exact origin of the attack remained a mystery, and some experts warned that more destructive variants of the worm could appear soon.
 
Known as "SQL Slammer," the malicious program targets a previously identified weakness in Microsoft Corp.'s MSFT.O software to shut down powerful server computers.
 
"It's very fast and very effective," said Alfred Huger, Senior Director of Engineering at Web security company Symantec Corp. SYMC.O in Cupertino, California.
 
The worm is a small program that quickly copies itself and sends rapid data requests in search of other server computers that manage computer networks.
 
Unlike an e-mail virus, the worm did not infect individual desktop computers, experts said. Instead, the brunt of the attack was felt in exceptionally slow download speeds and severe access to Web-based services such as online banking and shopping, they said.
 
The damage caused by the worm came from the way it overwhelmed networks by quickly cloning itself and spreading to other computer servers, experts said.
 
"Basically what it does is flood the pipeline, and that's what we're seeing," said Bill Murray a spokesman for the U.S.-government run National Infrastructure Protection Center.
 
The current version of the worm does not erase or steal data but more malign variants created by copycat hackers could appear in a few days and cause even more damage, said Joe Hartmann, Director of North American anti-virus research for Trend Micro Inc. 4704.T TMIC.O
 
"Someone could add a destructive payload to this one," Hartmann said.
 
Because the attack started at around midnight Eastern Time (0500 GMT) on Saturday, Russ Cooper, a computer security expert at TruSecure Corp. said that the worm might have been "seeded" in a number of machines by someone in the United States, while other experts said they suspected that it originated in Asia.
 
The Federal Bureau of Investigation said it was looking into the incident but had no indication who had created the malicious program.
 
The worm quickly hit servers on the East Coast of the United States and Northern Europe, said Tom Ohlsson, vice-president of marketing with Matrix NetSystems Inc., a network monitoring firm.
 
At the height of the attack Saturday morning in the United States, about 20 percent of the data traffic being sent across the Internet was being lost in transit, a rate at least 10 times higher than normal, he said.
 
As one result, voice traffic over the Internet, often used by financial institutions to connect far-flung trading floors, was effectively shut down.
 
The SQL (pronounced "sequel") Slammer attack drew comparison to the Code Red worm, one of the most costly security threats to the Internet that struck in the summer of 2001. The authors of that malicious code remain a mystery.
 
'ALL-OUT ATTACK'
 
The worm crashed almost all Internet services in South Korea, where 7 out of every 10 people are online. South Korea's largest Web access provider KT Corp. 30200.KS was brought down and other Web sites were taken offline. Government officials called it an "all-out attack on the country's Internet system."
 
In the United States, Bank of America Corp. BAC.N said that customers at a majority of its 13,000 automated teller machines were unable to process transactions as a result of the worm.
 
It was not immediately clear if other banks in the United States or elsewhere experienced similar disruptions, although American Express customer service representatives said they were unable to access customer and credit card information.
 
At the U.S. National Infrastructure Protection Center at FBI headquarters in Washington, investigators had captured the malicious virus and were looking into its make-up.
 
The worm targets servers that run Microsoft's SQL Server 2000 database software.
 
SQL Slammer exploits a security hole that was apparently known since last July, although a recently released critical security update, or patch, provides a fix for the problem.
 
The latest patch, called Service Pack 3, can be downloaded at Microsoft's Web site (http://www.microsoft.com/technet).
 
Officials from Microsoft in Redmond, Washington, were not immediately available, but Microsoft said on its Web site that it was testing its latest patch, released on Jan. 17.
 
About 150,000 to 200,000 servers have been compromised so far, said Vincent Gullotto, Vice President of the Anti-virus Emergency Response Team at Network Associates Inc. NET.N in Beaverton, Oregon.
 
As of Saturday afternoon, data loss on the Internet globally was running at about double the normal rate, with the slowest connections in Asia and Australia, experts said.


Disclaimer





MainPage
http://www.rense.com


This Site Served by TheHostPros