LOS ANGELES: Companies cleaned up their
computer systems after a fast-spreading worm shut
down web servers in an attack that slowed the Internet for
users around the world.
South Korea, the world's most wired country, was believed
to be hit the hardest in the attack, which began early
Saturday, spreading through network connections rather than
e-mail as many viruses do.
The worm, dubbed "SQL Slammer" ("sequel") because it
exploits a weakness in Windows 2000 SQL server database software, did not delete or otherwise touch
data.
However, it crashed servers and congested traffic on the
global network for a few hours, slowing downloads by as much as
50 percent, according to Internet performance monitoring firm
Keynote Systems.But the most damaging attack on the Internet in 18 months
was curbed faster than the Code Reds and Nimda worms of
September 2001, as Internet service providers moved quickly to
block traffic from infected machines to others, experts said.
Microsoft re-released a patch for the vulnerability, which
was first issued about six months ago, with software to make it
easier to install than the original patch was, said Scott Charney, Microsoft's chief security strategist.
Concern also shifted to desktop computers that may have
some of the SQL code on them, such as Microsoft Desktop Engine
2000, according to Russ Cooper, a research expert at TruSecure
Corp. He said Compaq Insight Manager, Dell Open Manager and HP
OpenView also contain "mini SQL servers."
During the attack, there was a one in 5 chance that e-mail would not get through or downloading information from a
website
would take one to two minutes instead of 10 seconds, according
to Ohlsson.
"In the final analysis, what we had was a major nuisance
that was short-lived," he added. Amazon.com and eBay remained unaffected.
© Reuters