Webtrends Tracking Code
 
UK Home >  OUT-LAW News >  News Archive >  2003 >  January 2003 >  Worm attack slows global internet traffic

Worm attack slows global internet traffic

OUT-LAW News, 27/01/2003 

A computer worm that exploits a vulnerability in widely used Microsoft database software spread across the internet over the weekend, bringing internet access and e-mail services in some parts of the world to a virtual standstill, and closing thousands of banks' cash machines.

Although the worm does not affect end-user PCs, its impact was felt by internet users all over the world. The attack began in the early hours of Saturday.

The worm spread rapidly around the world, infecting hundreds of thousands of computers by Saturday evening, and caused a sharp slowdown in internet traffic.

The worst impact was felt in South Korea, the country with the widest use of broadband services and over 70% of households connected to the internet. ISPs had to suspend their services on Saturday, and also saw their share prices declining sharply. The country's police asked Interpol to help detect the worm's origin.

In the US, the attack reportedly impaired systems in both the government and private sectors. Many companies said their networks slowed almost to a standstill. Almost 13,000 automatic teller machines operated by the Bank of America could not process customer transactions for most of Saturday.

Also, Continental Airlines reported that the attack overwhelmed its on-line ticketing and electronic check-in systems, causing flight cancellations and delays, whilst major media organisations experienced publishing problems.

It has also been reported that five of the internet's 13 root servers were disabled for several hours.

Known as 'Sapphire' or 'SQL Slammer', the worm spreads via network connections and, unlike typical viruses, not via e-mail. It attaches to servers through a bug in Microsoft's SQL Server, identified in July 2003. Once it infects a server, it randomly transmits multiple data requests to other internet addresses, effectively performing a denial of service attack.

According to internet security company MessageLabs, the worm only exists in memory and never "writes" anything to the infected computer's hard disc. For this reason, it cannot be detected by traditional anti-virus scanners.

After the SQL Server bug was discovered last July, Microsoft warned network administrators of the potential security risks, and released a patch to fix the problem. The rapid spread of the worm over the weekend indicates that many businesses have not installed the patch.

Microsoft characterised the release of the worm as a "criminal act", and said it was working "around the clock" to protect its affected customers.

Although its effects have now largely diminished, the attack is believed to be the worst since July 2001, when the Code Red virus disabled approximately 300,000 internet servers in many countries.

Microsoft's fix patch for the SQL Server vulnerability can be downloaded here

 

 

OUT-LAW Recommends

Free OUT-LAW seminars
- Making your contract work
- Information security
Six cities, October & November

This week's podcast
Are ISPs about to betray our trust?

Winner at 2008 Webby Awards

OUT-LAW star: link to the home page
Disclaimer | Privacy | Site Map | Accessibility
Disclaimer: This was printed from OUT-LAW.COM, a service of international law firm Pinsent Masons. We hope you find this content useful. However, please note that nothing in this document constitutes specific legal advice. You should consult a suitably qualified lawyer on any specific legal problem or matter. Any questions, please email info@out-law.com.