The People's Solidarity for Participatory Democracy (PSPD) is
reported to be considering a class-action lawsuit against
Microsoft, claiming that the software giant "did not perform its
duty to the fullest" to prevent the spreading of the attack.
The group reportedly plans to rely on a South Korean law on
product liability, under which a manufacturer is responsible for
physical and property damage caused by defective products.
Unlike typical viruses which spread via e-mail, the worm, known
as 'Sapphire' or 'SQL Slammer', spread via network connections. The
worm attached to servers through a bug in Microsoft's SQL
Server.
Once a server was infected, multiple data requests were randomly
transmitted to other internet addresses, effectively performing a
denial of service attack.
The worm apparently infected hundreds of thousands of computers
and caused a sharp slowdown in internet traffic for almost two days
in January 2003.
The impact of this was greatest in South Korea, where more than
70% of households are connected to the internet and broadband
services are widely used. ISPs were forced to suspend their
services and saw their share prices decline sharply as a
result.
Following the discovery of the SQL Server bug last July,
Microsoft issued a warning to network administrators about the
potential security risks and released a patch to fix the problem.
It appears, however, that many businesses did not install the patch
promptly, thus facilitating the attack.
