-Caveat Lector- washingtonpost.com http://www.washingtonpost.com/wp-dyn/articles/A42975-2003Jan25.html Virus Overwhelms Global Internet Systems
By Ted Bridis AP Technology Writer Saturday, January 25, 2003; 3:33 PM WASHINGTON –– A fast-spreading, virus-like infection dramatically slowed Internet traffic Saturday, overwhelming the world's digital pipelines and interfering with Web browsing and e- mail delivery. Monitors reported detecting at least 39,000 infected computers, which transmitted floods of spurious signals that disrupted the operations of hundreds of thousands of other systems worldwide. Sites monitoring the health of the Internet reported significant slowdowns, although recovery efforts appeared to be succeeding. "Everything is starting to come back online," said Bill Murray, a spokesman for the FBI's National Infrastructure Protection Center. "We know what the issue was and how to mitigate it, and we're just imploring systems administrators to apply the patches that will prevent this from propagating again." Bank of America Corp., one of the nation's largest banks, acknowledged that many customers could not withdraw money from its 13,000 ATM machines because of technical problems caused by the attack. A spokeswoman, Lisa Gagnon, said that the bank expected to have restored service by late Saturday afternoon and that customers' money and personal information were not at risk. Millions of Internet users in South Korea were stranded when computers at Korea Telecom Freetel and SK Telecom failed. Service was restored but remained slow, officials said. In Japan, NHK television reported heavy data traffic swamped some of the country's Internet connections, and Finnish phone company TeliaSonera reported some problems. "It's not debilitating," said Howard Schmidt, President Bush's No. 2 cybersecurity adviser. "Everybody seems to be getting it under control." Schmidt said the FBI's cybersecurity unit and experts at the federally funded CERT Coordination Center were monitoring the attack and offering technical advice to computer administrators on how to protect against it. "We as a technical group are getting better at identifying these things and putting filters in place in a timely manner," said Marty Lindner of the CERT Coordination Center. Tiffany Olson, spokeswoman for the President's Critical Infrastructure Protection Board, said the White House may not determine the scope of damage "for at least a couple of days, and we may not know the full impact of this attack at all." She said companies often don't report such damage to the government. The virus-like attack, which began about 12:30 a.m. EST, sought out vulnerable computers on the Internet to infect using a known flaw in popular database software from Microsoft Corp. called "SQL Server 2000." The attacking software was scanning for victim computers so randomly and so aggressively, sending out thousands of probes a second, that it saturated many Internet data pipelines. Most home users did not need to take any protective measures. The FBI was searching for the origin of the attack, which experts variously dubbed "sapphire," "slammer" or "SQ hell." Some security researchers noted that software unleashed in Saturday's attack bore striking resemblance to blueprints for computer code published weeks ago on a Chinese hacking Web site by a person who calls himself "Lion." An FBI spokesman said he couldn't confirm that. The attack also resembled the "Code Red" virus that struck the Internet during the summer of 2001. "This is like Code Red all over again," said Marc Maiffret, an executive with eEye Digital Security, whose engineers were among the earliest to study samples of the attack software. "The sheer number of attacks is eating up so much bandwidth that normal operations can't take place." Schmidt said disruption within the U.S. government was minimal, partly because the attack occurred early on a weekend. The departments of State, Agriculture, Commerce and some units of the Defense Department appeared hardest hit among federal agencies, according to Matrix NetSystems Inc., a monitoring firm in Austin, Texas. Some Associated Press news services were affected but were restored by morning. The attack temporarily interfered with the computer network at The Atlanta Journal- Constitution, delaying publication of Sunday's first edition, normally delivered to newsstands Saturday afternoon, and delaying updates on the newspaper's Web site, http://www.ajc.com. The world's largest Internet provider, America Online, reported no problems. "We remain on alert and continue to closely monitor this situation," spokesman Nicholas Graham said. The attack sought to exploit a software flaw discovered by researchers in July 2002 that permits hackers to seize control of corporate database servers. Microsoft deemed the flaw to be critical and offered a free repairing patch, but it was impossible to know how many computer administrators applied the fix. The latest attack could revive debate within the technology industry about the need for an Internet-wide monitoring center, which the Bush administration has proposed. During the Code Red attack in July 2001, about 300,000 mostly corporate server computers were infected and programmed to launch a simultaneous attack against the Web site for the White House, which U.S. officials were able to defend successfully. Unlike that episode, the malicious software used in this latest attack did not appear to do anything other than try to spread its own infection, experts said. ––– AP technology writers Anick Jesdanun and Frank Bajak contributed to this story from New York. ––– On the Net: Technical details: http://www.eeye.com/html/Research/Flash/AL20030125.html More details: http://www.iss.net/security(underscore)center/static/10031.php Microsoft fix: http://www.microsoft.com/technet/security/bulletin/MS02-039.asp © 2003 The Associated Press Forwarded for your information. The text and intent of the article have to stand on their own merits. ~~~~~~~~~~~~~~~~~~~~ In accordance with Title 17 U.S.C. section 107, this material is distributed without charge or profit to those who have expressed a prior interest in receiving this type of information for non-profit research and educational purposes only. ~~~~~~~~~~~~~~~~~~~~ "Do not believe in anything simply because you have heard it. Do not believe simply because it has been handed down for many genera- tions. Do not believe in anything simply because it is spoken and rumoured by many. Do not believe in anything simply because it is written in Holy Scriptures. Do not believe in anything merely on the authority of teachers, elders or wise men. Believe only after careful observation and analysis, when you find that it agrees with reason and is conducive to the good and benefit of one and all. Then accept it and live up to it." The Buddha on Belief, from the Kalama Sut <A HREF="http://www.ctrl.org/";>www.ctrl.org</A> DECLARATION & DISCLAIMER ========== CTRL is a discussion & informational exchange list. Proselytizing propagandic screeds are unwelcomed. Substance—not soap-boxing—please! These are sordid matters and 'conspiracy theory'—with its many half-truths, mis- directions and outright frauds—is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRLgives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://peach.ease.lsoft.com/archives/ctrl.html <A HREF="http://peach.ease.lsoft.com/archives/ctrl.html";>Archives of [EMAIL PROTECTED]</A> http:[EMAIL PROTECTED]/ <A HREF="http:[EMAIL PROTECTED]/";>ctrl</A> ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om
