- The Washington Times - Sunday, January 26, 2003

A fast-spreading, viruslike infection dramatically slowed Internet traffic yesterday, overwhelming the world's digital pipelines and interfering with Web browsing and e-mail delivery.
Monitors reported detecting at least 39,000 infected computers, which transmitted floods of spurious signals disrupting hundreds of thousands of other systems worldwide. Sites monitoring the health of the Internet reported significant slowdowns, although recovery efforts appeared to be succeeding.
"Everything is starting to come back online," said Bill Murray, a spokesman for the FBI's National Infrastructure Protection Center. "We know what the issue was and how to mitigate it, and we're just imploring systems administrators to apply the patches that will prevent this from propagating again."
Bank of America Corp., one of the nation's largest banks, said many customers could not withdraw money from its 13,000 ATM machines because of technical problems caused by the attack. A spokeswoman, Lisa Gagnon, said the bank restored service to nearly all ATMs by late yesterday afternoon, and that customers' money and personal information had not been at risk.
Millions of Internet users in South Korea were stranded when computers at Korea Telecom Freetel and SK Telecom failed. Service was restored but remained slow, officials said. In Japan, NHK television reported that heavy data traffic swamped some of the country's Internet connections, and the Finnish phone company TeliaSonera reported some problems.
"It's not debilitating," said Howard Schmidt, President Bush's No. 2 cybersecurity adviser. "Everybody seems to be getting it under control." Mr. Schmidt said the FBI's cybersecurity unit and experts at the federally funded CERT Coordination Center were monitoring the attack and offering technical advice to computer administrators on how to protect against it.
"We as a technical group are getting better at identifying these things and putting filters in place in a timely manner," said Marty Lindner of the CERT Coordination Center.
Tiffany Olson, spokeswoman for the President's Critical Infrastructure Protection Board, said the White House might not determine the scope of damage "for at least a couple of days, and we may not know the full impact of this attack at all." She said companies often don't report such damage to the government.
The viruslike attack, which began about 12:30 a.m., sought out vulnerable computers on the Internet to infect using a known flaw in popular database software from Microsoft Corp. called "SQL Server 2000." The attacking software was scanning for victim computers so randomly and so aggressively, sending out thousands of probes a second, that it saturated many Internet data pipelines.
Most home users did not need to take any protective measures.
The FBI was searching for the origin of the attack, which experts variously dubbed "sapphire," "slammer" or "SQ hell." Some security researchers noted that software unleashed in yesterday's attack bore striking resemblance to blueprints for a computer code published weeks ago on a Chinese hacking Web site by a virus author known as "Lion." An FBI spokesman said he couldn't confirm that.
Tracing the attack, which appeared to strike first in the United States, might be impossible because it used a transmission method that made it unusually easy to falsify its digital trail, experts said. Mysterious scans that could have been a precursor to yesterday's attack have been detected by Internet sensors since last year, searching out vulnerable computers.
"Scanning has been going on for months and months," said Chris Wysopal of AtStake Inc., a security firm in Cambridge, Mass. "This person probably launched this attack at hundreds of machines all at once."

Sign up for Daily Newsletters

Manage Newsletters

Copyright © 2019 The Washington Times, LLC. Click here for reprint permission.

Please read our comment policy before commenting.


Click to Read More and View Comments

Click to Hide