MSN Home   |   My MSN   |   Hotmail   |   Search   |   Shopping   |   Money   |   People & Chat 
MSN.comTechNet Click Here
Subscribe to Microsoft TechNet
Home page

Click Here
Virus-like attack slows Web traffic
Infection interferes with Web browsing, e-mail even ATMs
Computer experts around the world are trying to figure out who is responsible for an Internet 'worm' that slowed down Web and e-mail traffic early Saturday morning. NBC's Pete Williams reports.
By Bob Sullivan
Jan. 25 —  Many Internet users experienced a sharp slowdown in traffic during Saturday’s early morning hours, as a fast-spreading Internet worm overwhelmed the world’s digital pipelines. The worm, which is being called both “Slammer” and “Sapphire” doesn’t attack typical home computers — instead it attacks machines running database software from Microsoft called SQL Server. At one point, the worm attack was so bad it caused most of Bank of America’s ATM machines to go offline, the company said.

Advertising on MSNBC

Click Here!
Click Here!
TD Waterhouse
Click Here!


       THE OUTBREAK WAS so severe that while it infected only back-end Internet computers, general e-mail use and Web browsing were slowed by its effects. The worst of the attack seems over, experts said, but groggy-eyed Internet workers were spending the day Saturday cleaning up from the effects of the outbreak.
       Many compared the outbreak to Code Red, another network-based worm which infected thousands of computers worldwide. Code Red also temporarily stumped Internet traffic.
       But even Code Red wasn’t blamed for ATM outages.
       Bank of America Corp. said Saturday that customers at a majority of its 13,000 automatic teller machines were unable to process customer transactions after a malicious computer worm nearly froze Internet traffic worldwide.
       Bank of America spokeswoman Lisa Gagnon said that many, if not a majority of the No. 3 U.S. bank’s ATMs were back online and that their automated banking network would recover by late Saturday.
       “We have been impacted, and for a while customers could not use ATMs and customer services could not access customer information,” Gagnon said.
       Gagnon said that the worm, which slows down computer networks by replicating rapidly and spreading to other servers, did not cause any damage to customer information, but slowed down or blocked access to that sensitive information, making transactions difficult.
       The attack began shortly after midnight ET on Saturday. Within a few hours, 25,000 back-end database servers had been infected, said Oliver Friedrichs, senior manager with Symantec Corp.’s security response team. At the height of the outbreak, between 3 and 5 a.m. ET, all those computers were flooding the Internet with traffic, looking for other computers to infect. It was enough traffic to slow down the entire Internet, he said, and certainly enough to completely clog up entire companies.
The virus-like attack sought out vulnerable computers on the Internet to infect using a known flaw in popular database software from Microsoft Corp., called ‘SQL Server 2000.

       “It’s been an all night operation here,” said Matt Pilla, Microsoft Corp. spokesman. Slammer attacks a relatively old flaw in Microsoft’s SQL Server, one found by researchers in July. But many systems were still unpatched when the worm began spreading late Friday night. Adding to Microsoft’s headaches: the clogs in Internet traffic were still limiting access to Microsoft’s Web site on Saturday, preventing some engineers from patching infected systems.
       Microsoft on Saturday was still trying to determine the best advice for customers; the company could not confirm that the free patch issued in July was enough to protect systems against Slammer. Instead, the company was recommending a free service pack upgrade instead. Service Packs are far more time consuming to download and install.
        Source: Keynote Systems, Inc.
       Still, the worst of the attack was over before most U.S. users awoke Saturday morning, said Mike Bradshaw, spokesman for Symantec Corp. By 4 a.m. ET, traffic generated by the worm had dropped 60 percent, as Internet Service Providers began filtering out traffic generated by the worm.
       Also limiting the trouble caused by the worm: it infects only Microsoft SQL Servers, which number far fewer that Microsoft-powered Web servers, which were the target of 2001’s Code Red attacks, when some experts say hundreds of thousands of machines were infected.
       “Sometime this morning, it reached saturation point, and there really were no more computer to infect,” Friedrichs said.
       Still, Slammer slowed Net traffic even more than Code Red, according to Matrix Systems Inc., which measures Internet outages. The firm’s Web site indicates nearly 20 percent of Internet traffic was lost during the frantic morning attack, compared to about 10 percent during the height of the Code Red attack.
       Vincent Gullotto, spokesman for Networks Associates Inc., said impact from the outbreak could have been worse if the worm were released during a business day. And there might be additional problems from the worm on Monday morning, when office employees get back to work.
       “There will probably be many, many SQL servers that won’t be cleaned up,” he said.
       Problems caused by Slammer were global; the worm reportedly shut down most Internet services in South Korea. Millions of Internet users were disconnected when computers at Korea Telecom Freetel and SK Telecom failed. Service was restored but remained slow, officials said. In Japan, NHK television reported heavy data traffic swamped some of the country’s Internet connections, and Finnish phone operator TeliaSonera reported some problems.
       But Howard Schmidt, President Bush’s No. 2 cyber-security adviser, said impact on U.S. government computers was limited.
       “Everybody seems to be getting it under control,” Schmidt said. “They were fighting for bandwidth just like everybody else.
       The departments of State, Agriculture, Commerce and some units within the Defense Department appeared hardest hit within the government, according to Matrix NetSystems Inc., a monitoring firm in Austin, Texas.
       Schmidt said the FBI’s National Infrastructure Protection Center and private experts at the CERT Coordination Center were monitoring the attacks.
       “This reinforces the fact that we just have got to pay attention to these vulnerabilities,” Schmidt said. “Here’s a classic example where there’s a patch out there, but still we see something that causes degradation of the Internet.”
       While a patch which would have stopped the virus in its tracks has been freely available since July, Microsoft was criticized Saturday because that particular patch was more cumbersome to install than most, said Mikko Hypponen, spokesman for F-secure Corp. Most patches require a simple download and restart of the computer. But this patch required manual editing of critical system files, something many administrators just aren’t comfortable doing.
       “It isn’t that easy,” Hypponen said. So many likely waited for the next completely updated version of the software to arrive, what’s called a “service pack” in the industry. The full service pack which would have stopped Slammer just became available Jan. 17. That gave administrators who didn’t want to deal with the patch less than a week to install the full service pack before the Slammer worm hit. That bad timing likely contributed to the worm’s spread.
       And the service pack installation isn’t easy either, said Ruben Bybee, general manager of Blue Mountain Internet.
       “This process takes between 15 minutes and a couple of hours depending on the speed of your Internet connection and the size of the SQL database,” he said.
       Bybee also said there might be additional problem when the Monday workday begins, because some networks use the Microsoft database product to manage logins for all employees. Companies that haven’t addresed the problem by Monday — companies which haven’t managed to install the service pack — won’t be able to let their employees connect to their network.
AdvertisementClick Here!

Add local news and weather to the MSNBC home page.

       The latest attack was likely to revive debate within the technology industry about the need for an Internet-wide monitoring center, which the Bush administration has proposed. Some Internet industry executives and lawyers said they would raise serious civil liberties concerns if the U.S. government, not an industry consortium, operated such a powerful monitoring center.
       The Associated Press and Reuters contributed to this report.
MSNBC News Virus-like attack slows Web traffic
MSNBC News Kasparov takes on computer again
MSNBC News Museums go high-tech -- at high cost
MSNBC News Scientists show how to make a UFO
MSNBC News Senate limits Pentagon 'data-mining'
MSNBC News MSNBC Cover Page

Infocenter Write Us Newstools Help Search MSNBC News

Would you recommend this story to other readers?
not at all   1    -   2  -   3  -   4  -   5  -   6  -   7   highly

  Download MSN Explorer!
  MSNBC is optimized for
Microsoft Internet Explorer
Windows Media Player
MSNBC Terms,
  Conditions and Privacy 2003
Cover | News | Business | Sports | Local News | Health | Technology & Science | Living | Travel
TV News | Opinions | Weather | Comics
InfoCenter | Newsletters | Search | Help | News Tools | Jobs | Write Us | Terms & Conditions | Privacy
  MSN - More Useful Everyday
  MSN Home   |   My MSN   |   Hotmail   |   Search   |   Shopping   |   Money   |   People & Chat
  2002 Microsoft Corporation. All rights reserved. Terms of Use  Advertise  Truste Approved Privacy Statement  GetNetWise
Norton Internet Security 2002
Norton Internet Security 2002
$69.95 Sale $24.95
Super Price - Unbeatable Bargain


Hacks, Viruses & Scams
Technology & Science
MSNBC's Top News