Virus Overwhelms Global Internet Systems
January 25, 2003
By Peter M. Abraham
There is headline news at CNN.com, Yahoo
News, WorldTechNews.com, Slashdot.Org, Lycos News, IWon News, and more about
a major attack on the Internet across the world.
Since about
midnight EST almost every host on the internet has been receiving a 376 byte
UDP payload on port ms-sql-m (1434) from a random infected server.
internetpulse.net is reporting UUNet and Internap are being hit very hard.
This is the cause of major connectivity problems being experienced
worldwide.
This has
effectively disabled 5 of the 13 root nameservers.
The root name servers are the main
infrastructure behind the Internet domain name service system.
WASHINGTON (AP) -- Traffic on the many parts of the Internet
slowed dramatically for hours early Saturday, the apparent effects of a
fast-spreading, virus-like infection that overwhelmed the world's digital
pipelines and interfered with Web browsing and delivery of e-mail.
Experts said the electronic attack bore remarkable
similarities to the "Code Red" virus during the summer of 2001 which also
ground traffic to a halt on much of the Internet.
The virus-like attack, which began about 12:30 a.m. EST,
sought out vulnerable computers on the Internet to infect using a known flaw
in popular database software from Microsoft Corp., called "SQL Server 2000."
But the attacking software code was scanning for victim computers so
randomly and so aggressively -- sending out thousands of probes each second
-- that it overwhelmed many Internet data pipelines.
Symantec Corp., an antivirus vendor, estimated that at least
22,000 systems were affected worldwide.
The FBI are
involved in investigating the problem.
The FBI was searching for the possible origin of the latest
attack, which experts variously dubbed "sapphire," "slammer" or "SQ hell."
Some security researchers noted that the software unleashed in Saturday's
attack bore striking resemblance to blueprints for computer code published
weeks ago on a Chinese hacking Web site by a person who calls himself
"Lion." An FBI spokesman said he couldn't confirm that.
The attack was global and caused chaos.
Bank of America said 13,000 of its ATMs
refused to dispense cash. In South Korea, the country's largest ISP, KT,
said all almost all its customers lost their connections during the attack.
Chinese computer users saw sites freeze and a dramatic slowdown in download
speeds, as the worm's effects hit the Internet's nameservers--the computers
that translate Web addresses into numerical Internet Protocol addresses. And
all this in just 376 bytes of code, meaning the entire SQL Slammer worm code
is about half the length of this paragraph.
One of the
key comments from all articles was that everyone needs to make sure their
computer systems are up to date.
The
attack sought to take advantage of a software flaw discovered by researchers
in July 2002 that permits hackers to seize control of corporate database
servers. Microsoft deemed the problem "critical" and offered a free
repairing patch, but it was impossible to know how many computer
administrators applied the fix.
"People need to do a better job about fixing vulnerabilities," Schmidt said.
Dynamic Net, Inc., through its managed
service and security division, does have an enterprise network monitoring
product which can let consumers and providers know of problems within 60
seconds or less.
We also have a security patch service
which takes the burden off of you to apply patches protectively.
While our hosting services were impacted
by the resource denials of the attack, none of our own systems were
vulnerable.
Please let us know if you have any
questions. |
