Internet traffic broadly affected by electronic attack

[jeffooi]

Yesterday's Internet was slow like crazy. Even an ICQ sentence
took over 20 seconds to deliver.
Thought Streamyx acts up again... not really


THE STAR
Sunday, January 26, 2003

Internet traffic broadly affected by electronic attack

WASHINGTON (AP) - A fast-spreading, virus-like infection dramatically slowed Internet traffic Saturday, overwhelming the world's digital pipelines and interfering with Web browsing and e-mail delivery.

Millions of Internet users in South Korea were stranded when computers at Korea Telecom Freetel and SK Telecom failed. Service was restored but remained slow, officials said.

In Japan, NHK television reported heavy data traffic swamped some of the country's Internet connections, and Finnish phone company TeliaSonera reported some problems.

Monitors reported detecting at least 39,000 infected computers, which transmitted floods of spurious signals disrupting hundreds of thousands of other systems worldwide.

Sites monitoring the health of the Internet reported significant slowdowns, although recovery efforts appeared to be succeeding.

"Everything is starting to come back online,'' said Bill Murray, a spokesman for the FBI's National Infrastructure Protection Center.

"We know what the issue was and how to mitigate it, and we're just imploring systems administrators to apply the patches that will prevent this from propagating again.''

Bank of America Corp., one of America's largest banks, said many customers could not withdraw money from its 13,000 ATM machines because of technical problems caused by the attack.

A spokeswoman, Lisa Gagnon, said the bank restored service to nearly all ATMs by late Saturday afternoon and that customers' money and personal information had not been at risk.

"It's not debilitating,'' said Howard Schmidt, President George W. Bush's No. 2 cybersecurity adviser.

"Everybody seems to be getting it under control.''

Schmidt said the FBI's cybersecurity unit and experts at the federally funded CERT Coordination Center were monitoring the attack and offering technical advice to computer administrators on how to protect against it.

"We as a technical group are getting better at identifying these things and putting filters in place in a timely manner,'' said Marty Lindner of the CERT Coordination Center.

The virus-like attack, which began about 0530 GMT, sought out vulnerable computers on the Internet to infect using a known flaw in popular database software from Microsoft Corp. called "SQL Server 2000.''

The attacking software was scanning for victim computers so randomly and so aggressively, sending out thousands of probes a second, that it saturated many Internet data pipelines.


...The attack sought to exploit a software flaw discovered by researchers in July 2002 that permits hackers to seize control of corporate database servers.

Microsoft deemed the flaw to be critical and offered a free repairing patch, but it was impossible to know how many computer administrators applied the fix. - AP


FULL STORY:
http://www.thestar.com.my/news/story...ett&sec=latest

[jeffooi]

Trend Micro High Risk Virus Alert
- WORM_SQLP1434.A
Date: Sat, 25 Jan 2003 11:41:48 -0800


Dear Trend Micro Customer:

WORM_SQLP1434.A attacks targets systems using Microsoft SQL Server 2000, allowing affected SQL Servers to send the malicious packet to other SQL Servers and thereby causing a slowdown, or even failure, in the affected network.

The code that executes the denial-of-service attack resides only in memory of affected Microsoft SQL servers, and there are no file counterparts. Because of this, antivirus scanners that do not support memory scanning will not be able to detect the code.

There is no pattern file required.

Trend Micro strongly advises customers to download the latest fix patch supplied by Microsoft, updated on January 17, 2003.

The patch is found on this site, http://www.microsoft.com/sql/downloads/2000/sp3.asp


For more information on WORM_SQLP1434.A please visit our Web site, CLICK HERE.