Saturday, 25 January, 2003 Virus-like attack hits web traffic The attack targeted Mircrosoft database software An attack by fast-spreading malicious code targeting computer servers has dramatically slowed internet traffic. The attack - by what is known as a computer "worm" - has interfered with web browsing and e-mail delivery. Computer experts said the slowdown on Saturday was similar to the impact of the "Code Red" virus, which brought internet traffic to a halt in the summer of 2001. It is highly likely hackers have launched an all-out attack on the country's internet system The malicious code targets servers that direct traffic on the internet and does not infect home computers. In South Korea internet services were shut down nationwide for hours on Saturday, the country's Yonhap news agency reported. Users and news media also reported outages or slowdowns in Thailand, Japan, Malaysia, the Philippines and India. The malicious code exploits a vulnerability in internet software from Microsoft, called the SQL Server, which was first identified in July 2002. Companies need to take applying patches against new security threats seriously The code instructs the server to go into an endless loop, continually sending out data to other computers, in effect performing a denial of service attack, BBC News Online technology reporter Alfred Hermida says. Unlike viruses, the worm exists only in memory, so it cannot be detected by traditional anti-virus scanners. The malicious code - which is only 376 bytes in size - started to significantly attack the web at about 0530 GMT on Saturday. South Korea hit Howard Schmidt, one of President George W Bush's top cyber-security advisers, said the FBI's National Infrastructure Protection Center and private experts at the CERT Co-ordination Center were monitoring the attacks. The South Korean news agency said the nationwide internet shutdown was triggered by "apparent cyber terror committed by hackers". It was not immediately clear if the South Korean attack was the same as that reported in the United States. It is the first time South Korea's wired and mobile internet services have been hit collectively in such a way, according to Yonhap. But the impact on most financial institutions, corporations and government offices was minimal as they were closed for the weekend, it said. Endless instructions The attacking software code overwhelmed many internet data pipelines as it searched for victim computers randomly and aggressively. The code has spread very quickly because it uses a protocol - called UDP - different from the one computers use for accessing web pages. In effect, the code overwhelms servers by broadcasting instructions endlessly, our reporter says. At least five of the internet's 13 major hubs were targeted in Saturday's attack. The Microsoft website has a fix for the vulnerability, which companies can download. "Companies need to take applying patches against new security threats seriously," said Graham Cluley, senior technology consultant at the anti-virus company Sophos. "If you don't then stopping new worms and viruses is as easy as catching smoke in a butterfly net."
"In the past almost 12 hours, the Internet has experienced a massive attack by a worm hitting hundreds of data centers and trying to exploit a Microsoft SQL Server 2000 vulnerability. Even though none of our servers is exploitable, the traffic and packets caused by this worm has still caused long downtimes to all of the networks on which our servers are connected to. Some servers have been back up within 2-4 hours, others are still slowly coming back to normal.None of our servers have been compromised or have experienced any data loss at all, as we are running RedHat Linux as the operating system, not Windows.This was not a hit onto MCHost servers only, however against the entire Internet and its backbones. Several major websites, including Yahoo, EBay and CNN have experienced serious outages this past night and early morning"
