- The Washington Times - Monday, January 27, 2003

Managers of computer networks worked feverishly yesterday to repair damage done by the fast-spreading "Slammer" worm that some experts warned could resume its attacks today.
The worm slowed the Internet to a crawl overseas and disrupted some technology systems in the United States.
Security experts said the worm, which spread quickly Saturday through vulnerabilities in a popular Microsoft database program, was no longer a severe threat to the integrity of the Internet, after affecting about 250,000 computers.
"We've certainly seen it die down," said Oliver Friedrichs, a senior manager at Symantec System Response. "It's dropped pretty drastically in terms of effect on the Internet at large."
In South Korea, the world's most wired country per capita, network managers worked to restore normal Internet service in time for a new work week. South Koreans were bracing for new outbreaks as government officials there said that they believed that the problem was hiding and not fully resolved, according to the British Broadcasting Corp.
Users of broadband and wireless services experienced delays and outages for much of Saturday. The South Korean government vowed to do more to protect technology systems in the future.
"The problem is not completely resolved and we will have to have more of a sense of the importance of security," Information and Communication Minister Lee Sang-chul told Reuters news agency.
Some corporate systems in the United States were also hit. Verizon and Worldcom Inc. said internal systems for its high-speed Internet services were slowed. Bank of America said that many of its customers could not withdraw money from company ATMs because of problems related to the attack. All the companies said systems were restored to normal.
The FBI is looking into the origin of the worm and treating it as a malicious and illegal attack. Some security researchers said the worm's coding is similar to computer code published on a Chinese Web site focused on hacking, the Associated Press reported.
Atlanta-based Internet Security Systems, one of the first groups to identify the worm early Saturday morning, downgraded the worm's threat level yesterday and said it is now a danger only to systems that have not taken proper security precautions. Most network managers deflected the worm by downloading security patches and building protective firewalls.
The activity of the worm "is ongoing, though the effect…appears to have subsided," said Matrix NetSystems, an Austin, Texas firm that tracks Web activity.
The worm is similar to previous attacks because of the rapid way it reproduces across the Internet. Code Red and Nimda, two worms that emerged in 2001, each penetrated several hundred thousand computers worldwide.
"Slammer" does not attack vulnerable systems like a computer virus, but enters computers and spreads quickly to similar ones, flooding the Internet with information and causing it to perform sluggishly. Security experts equate its activity to hundreds of millions of people trying to sign on to the Internet at precisely the same time.
This particular worm, which also goes by the name Sapphire and W32.exp, exploits a vulnerability in Microsoft's SLQ Server 2000 and Microsoft Desktop Engine 2000. Code Red and Nimda were more disruptive than the Slammer worm, Mr. Friedrichs said, because they exploited vulnerabilities in Microsoft Server software, which is distributed more widely.
Home computer users are not vulnerable to the worm but may have experienced a slow Internet over the weekend, and may have had difficulty using certain technologies, such as Web-based phones. Web users in South Korea, Hong Kong and Northern Europe saw some of the biggest Internet delays.
The vulnerability in Microsoft's database software was first uncovered six months ago, security analysts said, and most computer users downloaded the necessary patch. The most updated version of the patch was released by Microsoft on Jan. 17.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide