Electronic attack slows Internet (Saturday, January 25, 2003 Posted: 8:47 AM EST (1347 GMT))
WASHINGTON (AP) -- Traffic on the many parts of the Internet slowed dramatically for hours early Saturday, the apparent effects of a fast-spreading, virus-like infection that overwhelmed the world's digital pipelines and interfered with Web browsing and delivery of e-mail.
Sites monitoring the health of the Internet reported significant slowdowns globally. Experts said the electronic attack bore remarkable similarities to the "Code Red" virus during the summer of 2001 which also ground traffic to a halt on much of the Internet.
"It's not debilitating," said Howard Schmidt, President Bush's No. 2 cyber-security adviser. "Everybody seems to be getting it under control." Schmidt said the FBI's National Infrastructure Protection Center and private experts at the CERT Coordination Center were monitoring the attacks.
The virus-like attack, which began about 12:30 a.m. EST, sought out vulnerable computers on the Internet to infect using a known flaw in popular database software from Microsoft Corp., called "SQL Server 2000." But the attacking software code was scanning for victim computers so randomly and so aggressively -- sending out thousands of probes each second -- that it overwhelmed many Internet data pipelines.
"This is like Code Red all over again," said Marc Maiffret, an executive with eEye Digital Security, whose engineers were among the earliest to study samples of the attack software. "The sheer number of attacks is eating up so much bandwidth that normal operations can't take place."
"The impact of this worm was huge," agreed Ben Koshy of W3 International Media Ltd., which operates thousands of Web sites from its computers in Vancouver. "It's a very significant attack."
Koshy added that, about six hours after the attack, commercial Web sites that had been overwhelmed were starting to come back online as engineers began effectively blocking the malicious data traffic.
"People are recovering from it," Koshy said.
Symantec Corp., an antivirus vendor, estimated that at least 22,000 systems were affected worldwide.
"Traffic itself seems to have leveled off a little bit, so likely only so many systems are exposed out there," said Oliver Friedrichs, senior manager with Symantec Security Response. The attacking software, technically known as a worm, was overwhelming Internet traffic-directing devices known as routers.
"The Internet is still usable, but we're definitely receiving reports from some of our customers who have had it affect their routers specifically," Friedrichs said.
The attack sought to take advantage of a software flaw discovered by researchers in July 2002 that permits hackers to seize control of corporate database servers. Microsoft deemed the problem "critical" and offered a free repairing patch, but it was impossible to know how many computer administrators applied the fix.
"People need to do a better job about fixing vulnerabilities," Schmidt said.
The latest attack was likely to revive debate within the technology industry about the need for an Internet-wide monitoring center, which the Bush administration has proposed. Some Internet industry executives and lawyers said they would raise serious civil liberties concerns if the U.S. government, not an industry consortium, operated such a powerful monitoring center.