Internet traffic suffers attack
2003-01-25 16:10
Washington - Traffic on the Internet slowed dramatically for hours early on Saturday, the effects of a fast-spreading, virus-like infection that overwhelmed the world's digital pipelines and broadly interfered with Web browsing and delivery of e-mail.
Sites monitoring the health of the Internet reported significant slowdowns globally. Experts said the electronic attack bore remarkable similarities to the "Code Red" virus during the summer of 2001 which also ground online traffic to a halt.
"It's not debilitating," said Howard Schmidt, President George Bush's number two cyber-security adviser. "Everybody seems to be getting it under control."
Schmidt said FBI and private cyber-security experts were monitoring the attack and offering technical advice to computer administrators on how to protect against it.
Most home users did not need to take any protective measures.
Worm slows traffic routers
The virus-like attack, which began about 07:30, sought out vulnerable computers on the Internet to infect using a known flaw in popular database software from Microsoft Corporation, called "SQL Server 2000." But the attacking software code was scanning for victim computers so randomly and so aggressively - sending out thousands of probes each second - that it saturated many Internet data pipelines.
The attacking software, technically known as a worm, was overwhelming Internet traffic-directing devices known as routers.
Symantec Corp., an antivirus vendor, estimated that at least 22 000 systems were affected worldwide.
Schmidt said disruption within the US government was minimal, partly because the attack occurred early on a Saturday morning.
Effects worst in Asia
Outside the United States, the problems were most severe in technology-dependent areas of Asia, initial reports suggested. Users and news media reported outages or slowdowns in Thailand, Japan, South Korea and Cambodia.
Like Code Red
"This is like Code Red all over again," said Marc Maiffret, an executive with eEye Digital Security, whose engineers were among the earliest to study samples of the attack software. "The sheer number of attacks is eating up so much bandwidth that normal operations can't take place."
During the "Code Red" attack in July 2001, about 300 000 mostly corporate server computers were infected and programmed to launch a simultaneous attack against the Web site for the White House, which US officials were able to defend successfully.
Unlike that episode, the malicious software used in this latest attack did not appear to do anything other than try to spread its own infection, experts said.
Ben Koshy of W3 International Media Ltd., which operates thousands of Web sites from its computers in Vancouver, said about six hours after the attack started, commercial Web sites that had been overwhelmed were starting to come back online as engineers began effectively blocking the malicious data traffic.
At the height of the attack, another company reported that computers were flooded with more than 125 megabytes of data every second.
"It's a very significant attack," Koshy said. "The impact of this worm was huge."
The attack sought to exploit a software flaw discovered by researchers in July 2002 that permits hackers to seize control of corporate database servers. Microsoft deemed the problem "critical" and offered a free repairing patch, but it was impossible to know how many computer administrators applied the fix.
"People need to do a better job about fixing vulnerabilities," Schmidt said. - Sapa-AP
- SAPA