Experts fear more web attacks
2003-01-28 07:34
Reed Stevenson and Bernhard Warner
Seattle/London - The two-day-old computer worm that wreaked havoc on the internet over the weekend is finally losing steam as companies scramble to secure their networks, while computer security experts warn more dangerous spin-offs might emerge in the next few days.
Authorities were probing the "SQL Slammer" bug, the most damaging web attack in 18 months, which nearly shut down web access in South Korea, brought many US automatic teller machines to a standstill and paralysed corporate networks.
"Right now I would say the internet is looking about as normal and benign as you'd see on any given day. I would say (the worm) is behind us," said Tom Ohlsson, vice president of marketing for Matrix NetSystems, a US firm that monitors internet traffic flows.
There were internet slow-downs on Monday, but they were scattered and seemed to tail off entirely as the day wore on. Earlier in the day, some firms reported problems as they scrambled to install fortifications against future intrusions.
Yahoo, one of several major US internet businesses to downplay the impact of the attack, said on Monday that the fast-spreading worm had disrupted video and audio streaming services for a few hours on Saturday.
In Europe, security firms reported relatively fewer infected networks than in Asia and the United States. European markets were largely unaffected.
"You'll see variants out there," said Bruce Schneier, chief technology officer of networking monitoring company Counterpane Internet Security.
Schneier said that some of the steps taken to prevent SQL (pronounced "sequel") Slammer from spreading to other networks were stop-gap measures that could be easily overcome, raising the threat of more attacks on the flow of information and data across the web.
Microsoft urges fix
The worm spreads through network connections rather than via e-mail, the medium for previous high-profile virus attacks.
The malicious code exploits a weakness in Microsoft's Windows 2000 SQL server database software, although it does not delete or otherwise touch data. It caused servers to crash and congested traffic on the global network.
Security advisors warned that the worm was designed to rapidly infiltrate networks and that it would continue to do so until servers were sufficiently patched.
Microsoft has developed a patch that can be downloaded at: www.microsoft.com.
Microsoft's top security strategist Scott Charney said that the world's largest software maker was reaching out to its SQL customers to urge them to download the patch.
"The single largest message is: keep your system up to date with patches," Charney said.
Genes marvelled at the design of Slammer, noting that its tiny size of 376 bytes - about as dense as the subject line of an e-mail message - enabled it to spread quickly. As is often the case, the worm's author left no indication of his location or motive, Genes said.
Authorities in South Korea and the United States announced they would investigate.
"It is a serious problem that people's lives were disrupted," South Korean President Kim Dae-jung said in a statement, adding that he had instructed ministries to act to prevent further virus attacks.
S.Korea hit hard
The virus hit South Korea particularly hard because it has the world's highest penetration of broadband internet services, which are up to 100 times faster than dial-up modem services.
The government gave no estimates for losses, but the association representing Korean insurers said it would have to pay out some one billion won.
The Seoul stock market's benchmark KOSPI index finished down 2.7 percent to its lowest close in more than three months. Volumes hit a 13-month low.
Online stock trading accounts for more than two thirds of market turnover in South Korea, where people regularly click a mouse to pay taxes, order pizza and buy clothes.
The fallout was felt in some Asian stock markets, but because the virus struck on a weekend the impact was limited.
Financial markets in Korea saw steep falls in shares of internet service providers and gains for web security firms.
Asgent, an internet security firm, jumped 19.42 percent while Internet Security Systems KK soared 26 percent. There was no such effect on their European or American counterparts.
Other parts of Asia also suffered disruptions. In China, nationwide telecom operator China Telecom shut down connections to overseas Internet networks over the weekend, and some access remained limited on Monday.
India also struggled to get its network back up to speed after a massive slowdown.