Virus-like attack cripples Internet in Asia

Virus-like attack cripples Internet in Asia



BANGKOK: A virus-like computer infection quickly spreading through the world's digital networks interrupted Internet service in parts of Asia on Saturday, slowing Web browsing and e-mail services in several countries, including India.

Internet service providers and local media in Thailand and Japan reported a sudden surge in traffic that jammed their networks Saturday afternoon.

"We're trying to find out exactly what's happening," said a technical support representative for Internet Thailand. "Although we're not yet sure, it's likely to be a virus attack. "

While traffic among domestic Thai servers was at normal levels, exchanges with international servers ground to a halt around 12:30 pm (0530 GMT), the representative said.

However, other Thai Internet service providers appeared to be unaffected, according to local subscribers.

In Japan, NHK television reported that heavy traffic had swamped some of the country's Internet connections. A public university computer had been hit by over 200,000 transmissions in one hour and security firms were looking into the incident, it said.

Service interruptions were also reported in, Cambodia and South Korea.

 

Vicious virus unleashed on Internet

Vicious virus unleashed on Internet


Traffic on the many parts of the Internet slowed dramatically early Saturday, the apparent effects of a fast-spreading, virus-like infection in the world's digital pipelines and interfering with Web browsing and delivery of e-mail.

Sites monitoring the health of the Internet reported significant slowdowns globally.

Experts said the latest electronic attack bore remarkable similarities to "Code Red" virus during the summer of 2001 which also ground traffic to a halt on much of the Internet.

"It's not debilitating," said Howard Schmidt, one of President George W. Bush's top cyber-security advisers. "Everybody seems to be getting it under control." Schmidt said the FBI's National Infrastructure Protection Center and private experts at the CERT Coordination Center were monitoring the attacks.

The virus-like attack sought out vulnerable computers to infect on the Internet using a known flaw in popular database software from Microsoft Corp., called "SQL Server." But the attacking software code was scanning for victim computers so randomly and so aggressively, sending out thousands of probes each second, that it overwhelmed many Internet data pipelines.

"This is like Code Red all over again," said Marc Maiffret, an executive with eEye Digital Security, whose engineers were among the earliest to study samples of the attack software. "The sheer number of attacks is eating up so much bandwidth that normal operations can't take place."

The attack sought to take advantage of a software flaw discovered in July 2002 that permits hackers to infect corporate database servers. Microsoft deemed the problem "critical" and offered a free repairing patch, but it was impossible to know how many computer administrators applied the fix.

"People need to do a better job about fixing vulnerabilities," Schmidt said.

 

Yeah, and it doesn't seem to be getting any better from what I'm experienceing on some parts of the web.

 

S.Korea Races to Erase Web Worm Ahead of Work Week

S.Korea Races to Erase Web Worm Ahead of Work Week

SEOUL (Reuters) - South Korean systems engineers raced on Sunday to repair Internet networks ahead of the start of the working week, after the country was hit hard during a global attack by a fast-spreading computer worm.

In what experts called the most damaging attack on the Internet in 18 months, the worm known as "SQL" ( "sequel ") Slammer targeted a known weakness in Microsoft Corp's software to shut down powerful server computers -- clogging the pipelines of the worldwide network.

South Korea, the world's most wired country, said its Internet companies would boost security spending to try to prevent a repeat of the outage that paralyzed broadband and mobile services on Saturday afternoon.

"It's not clear why Korea was targeted but the damage was huge -- partly because Korea has a huge Internet population and this helped the rapid spread of the worm," said an official at KT Corp, Korea's largest Internet service provider.

Almost all KT customers lost their connections during the attack, which also hit some U.S. bank teller machines and affected online surfing and email access for many worldwide.

Chinese computer users saw sites freeze and a dramatic slowdown in download speeds during the attack by the worm -- a small program that quickly copies itself and sends rapid data requests that flood a computer network.

By Sunday, most problems had passed but there were fears Monday would bring new outbreaks as businesses boot up their computers for the new working week.

And U.S. experts said variants created by copycat hackers could appear in a few days and cause more damage.

Microsoft called on computer firms to download security patches that would update software to protect it from the worm.

"The unfortunate thing about this is when you know that this was a problem and they (customers) hadn't updated," Microsoft Chief Security Strategist Scott Charney told Reuters.

The current version of the worm targets Internet servers rather than desktop computers and does not erase or steal data.

The FBI said it was looking into the incident but said it had no indication who created the program.

WIRED KOREA

Seventy percent of South Korea's 48 million people have Internet access and half of these subscribe to KT.

KT said it had completed repairs but smaller Korean Internet service providers were still experiencing problems. The Seoul Stock Exchange said the country's high number of online stock traders might have to switch to telephone trading on Monday.

"We are repairing affected networks but regardless of the status of the completion of the job, stock markets will open Monday and all systems will operate as usual for stock transactions," the Korea Stock Exchange said in a statement.

The South Korea government said it would seek to prevent future such attacks.

"The government will...introduce programs to protect Internet users," the Information Ministry said in a statement, adding that service providers would boost security spending.

In China, the Web sites of China Telecom, the China Science and Technology Network and the Education and Research Network were particularly affected.

"Servers of quite a large number of domestic firms were attacked by the worm. We are still searching for the origin," said an official at China Computer Emergency Response Team Coordination Center.

Japan Internet firms also reported a slowdown as the worm caused a sudden surge in traffic levels that clogged the system.

"Major carriers said they detected a sudden increase in Internet traffic, but they said there weren't any major problems," said Eisaku Yamaji, from the Ministry of Post and Telecommunications.

The Web's largest retailer, Amazon.com, and Internet auctioneer eBay Inc. said there was no disruption to their sites during the attack.

Samsung Securities tech analyst Choi Young-suk said he did not expect the problems in Korea to have much effect on Internet shares.

"The problem is more likely to have an impact on companies that generate revenue from online businesses such as online shopping and travel agencies," Choi said.

"SQL Slammer" infects computer servers that run on Microsoft Windows 2000 SQL software. Once it attaches to a server, it transmits multiple data requests in a random manner to other IP addresses seeking more servers to infect.

The effect is a flood of traffic that bogs down ISP networks and can knock Web sites off-line. The worm was probably installed on a server within the past few days.

 

Asian Countries Fear 'Net Problems May Resume Monday

SEOUL, South Korea "” Officials in several Asian countries said they feared a virus-like computer infection that disrupted Internet services worldwide over the weekend may cause more problems Monday.





"We believe the problem is hiding, not fully resolved," South Korean Information and Communication Minister Lee Sang-chul said Sunday.

"We cannot rule out the possibility of another attack when all businesses open tomorrow [Monday] morning," he said after an emergency meeting with computer experts.

Leung Siu-cheung, a senior consultant at the government-funded Hong Kong Computer Emergency Response Team Coordination




Center, said the center had received at least five reports on Sunday about the virus attack, and expected more to come on Monday.

"Many people are not working on the weekend and they may not know that their computers at work have been infected," Leung said. "We expect more people will report on Monday. "

Bharti Broadband Ltd., the Internet provider in India's capital, New Delhi, said Sunday that numerous customers had complained they were unable to log on to the Internet over the past 24 hours.

"We've received many complaints, but we've explained to our customers that it's a global problem with a virus affecting servers and choking the global bandwidth," said Priyanka Mathur, a spokeswoman for the company.

On Saturday, millions of South Korean Internet users were inconvenienced when some computers at Internet service providers Korea Telecom Freetel and SK Telecom failed to function, halting or slowing Web browsing and e-mail services.

Similar outages or slowdowns were reported in Thailand and Japan. The attack appeared to strike first in the United States and spread quickly, hitting Asia especially hard.

Lee said the disruption was caused by a so-called computer worm that created excessive Internet traffic, forcing domain servers to shut down in a chain reaction. He said most of the systems had been restored by noon Sunday.

The disruption affected busy weekend Internet banking and shopping traffic ahead of the Lunar New Year holiday on Feb. 1.

South Korea is one of the world's most computer-wired nations, with nearly two-thirds of its 46 million people having access to the Internet "” many via high-speed broadband connections.

Officials in the United States said the attack sought out vulnerable computers on the Internet using a known flaw in popular software from Microsoft Corp. called "SQL Server." But the attacking software code was scanning for victim computers so randomly and so aggressively "” sending out thousands of probes each second "” that it overwhelmed many Internet data pipelines.


link: http://www.foxnews.com/story/0,2933,76610,00.html