- SEATTLE/LOS ANGELES
(Reuters) - Worldwide Internet traffic suddenly slowed down dramatically
for hours on Saturday, after a fast-spreading computer worm clogged pipelines
of the global network, officials said.
-
- Experts called it the most damaging attack on the Internet
in 18 months as networks across Asia, Europe and America were effectively
shut down.
-
- Even though the worst of the disruptions appeared to
have passed by Saturday afternoon, some network disruption was likely to
continue until Monday when businesses return to work, experts said.
-
- The explosive spread of the malicious program nearly
cut off Internet providers in South Korea, disrupted automated bank teller
machines in the United States and made online surfing, shopping and e-mail
access difficult.
-
- The exact origin of the attack remained a mystery, and
some experts warned that more destructive variants of the worm could appear
soon.
-
- Known as "SQL Slammer," the malicious program
targets a previously identified weakness in Microsoft Corp.'s MSFT.O software
to shut down powerful server computers.
-
- "It's very fast and very effective," said Alfred
Huger, Senior Director of Engineering at Web security company Symantec
Corp. SYMC.O in Cupertino, California.
-
- The worm is a small program that quickly copies itself
and sends rapid data requests in search of other server computers that
manage computer networks.
-
- Unlike an e-mail virus, the worm did not infect individual
desktop computers, experts said. Instead, the brunt of the attack was felt
in exceptionally slow download speeds and severe access to Web-based services
such as online banking and shopping, they said.
-
- The damage caused by the worm came from the way it overwhelmed
networks by quickly cloning itself and spreading to other computer servers,
experts said.
-
- "Basically what it does is flood the pipeline, and
that's what we're seeing," said Bill Murray a spokesman for the U.S.-government
run National Infrastructure Protection Center.
-
- The current version of the worm does not erase or steal
data but more malign variants created by copycat hackers could appear in
a few days and cause even more damage, said Joe Hartmann, Director of North
American anti-virus research for Trend Micro Inc. 4704.T TMIC.O
-
- "Someone could add a destructive payload to this
one," Hartmann said.
-
- Because the attack started at around midnight Eastern
Time (0500 GMT) on Saturday, Russ Cooper, a computer security expert at
TruSecure Corp. said that the worm might have been "seeded" in
a number of machines by someone in the United States, while other experts
said they suspected that it originated in Asia.
-
- The Federal Bureau of Investigation said it was looking
into the incident but had no indication who had created the malicious program.
-
- The worm quickly hit servers on the East Coast of the
United States and Northern Europe, said Tom Ohlsson, vice-president of
marketing with Matrix NetSystems Inc., a network monitoring firm.
-
- At the height of the attack Saturday morning in the United
States, about 20 percent of the data traffic being sent across the Internet
was being lost in transit, a rate at least 10 times higher than normal,
he said.
-
- As one result, voice traffic over the Internet, often
used by financial institutions to connect far-flung trading floors, was
effectively shut down.
-
- The SQL (pronounced "sequel") Slammer attack
drew comparison to the Code Red worm, one of the most costly security threats
to the Internet that struck in the summer of 2001. The authors of that
malicious code remain a mystery.
-
- 'ALL-OUT ATTACK'
-
- The worm crashed almost all Internet services in South
Korea, where 7 out of every 10 people are online. South Korea's largest
Web access provider KT Corp. 30200.KS was brought down and other Web sites
were taken offline. Government officials called it an "all-out attack
on the country's Internet system."
-
- In the United States, Bank of America Corp. BAC.N said
that customers at a majority of its 13,000 automated teller machines were
unable to process transactions as a result of the worm.
-
- It was not immediately clear if other banks in the United
States or elsewhere experienced similar disruptions, although American
Express customer service representatives said they were unable to access
customer and credit card information.
-
- At the U.S. National Infrastructure Protection Center
at FBI headquarters in Washington, investigators had captured the malicious
virus and were looking into its make-up.
-
- The worm targets servers that run Microsoft's SQL Server
2000 database software.
-
- SQL Slammer exploits a security hole that was apparently
known since last July, although a recently released critical security update,
or patch, provides a fix for the problem.
-
- The latest patch, called Service Pack 3, can be downloaded
at Microsoft's Web site (http://www.microsoft.com/technet).
-
- Officials from Microsoft in Redmond, Washington, were
not immediately available, but Microsoft said on its Web site that it was
testing its latest patch, released on Jan. 17.
-
- About 150,000 to 200,000 servers have been compromised
so far, said Vincent Gullotto, Vice President of the Anti-virus Emergency
Response Team at Network Associates Inc. NET.N in Beaverton, Oregon.
-
- As of Saturday afternoon, data loss on the Internet globally
was running at about double the normal rate, with the slowest connections
in Asia and Australia, experts said.
|