Fresh warning over cyber attack

BBC News ^ | January 26, 2003 | BBC News

[MadIvan]

The attack targeted Microsoft database software

Experts are warning that a malicious computer code which disrupted the internet may resume its attacks on Monday.

In South Korea, which was badly affected by the attack, systems engineers are racing to repair internet networks amid fears Monday would bring new outbreaks as businesses switch on their computers for the new working week.

"The problem is not completely resolved and we will have to have more of a sense of the importance of security"

Lee Sang-Chul
S Korea's Information Minister

The South Korean Information Minister, Lee Sang-Chul, said he believed the problem was hiding, rather than fully resolved.

Computer experts said the code, known as a worm, had affected nearly a quarter of a million computers worldwide on Saturday.

The attack, which targets internet servers and does not infect home computers, slowed systems for several hours, affecting web browsing and e-mail delivery.

The attack was detected by the FBI shortly after it was launched on Saturday, limiting the damage.

Asian slowdown

Computer experts said the effect was similar to that of the "Code Red" virus, which brought internet traffic to a halt in the summer of 2001.

At least five of the internet's 13 major hubs were targeted in Saturday's attack.

Internet surfing in Asia was particularly slow.

In South Korea, the world's most wired country where almost three-quarters of the population have internet access, services shut down nationwide for hours on Saturday.

Users and news media also reported outages or slowdowns in Thailand, Japan, Malaysia, the Philippines and India.

In the US, Bank of America customers were unable to withdraw money from the company's 13,000 ATM machines, while the attack also disabled some trans-Atlantic internet and phone service.

Not a virus

The worm known as SQL ("sequel") Slammer targeted a known weakness in Microsoft's software to shut down powerful server computers around the world and can knock websites off-line.

Unlike viruses, the worm exists only in memory, so it cannot be detected by traditional anti-virus scanners.

The Microsoft website has a fix for the vulnerability, which companies can download.

"Companies need to take applying patches against new security threats seriously," said Graham Cluley, senior technology consultant at the anti-virus company Sophos.

"If you don't, then stopping new worms and viruses is as easy as catching smoke in a butterfly net."

[MadIvan]

Be careful out there.

Regards, Ivan

[MadIvan]

Bump!

[Cicero]

Why would they still not be ready, after several days respite? As I understand it, the worm doesn't do any damage to the computer, but just overloads the network. All they would need to do is clean up and install the security updates they neglected to install earlier. And the more servers install the updates, the less trouble the others should have.

[MadIvan]

I have had times when putting in a patch has solved some problems but created others. I believe Service Pack 4 did this on Windows NT 4.0.

Installing any sort of patch on Microsoft systems requires careful planning, and ensuring that its impact on functionality is not going to be negative. We are talking about mission-critical systems here.

Regards, Ivan

[Happygal]

Do computer viruses take the weekend off?

[razorback-bert]

They are well known for their weekend benders.

[MadIvan]

Do computer viruses take the weekend off?

That's what they seem to be suggesting, darling. ;)

Though it's definitely true databases in companies are used less over weekends for obvious reasons.

Love, Ivan

[EVO X]

Installing any sort of patch on Microsoft systems requires careful planning, and ensuring that its impact on functionality is not going to be negative. We are talking about mission-critical systems here.

There is nothing to plan. You make sure you have the system backed up several different ways, cross you fingers and hit the install button. In the case of the SQL hot fixes, most in recent memory had to be manually installed.

[Karsus]

I hope and pray that I never have the 'pleasure' of using a system you 'manage' and/or working with you.

You see, there is this little, minor thing called testing that you left out.

[Pyrion]

Sequel?

I pronounce it "Squirrel". Anyone care to guess why? ;)

[EVO X]

hope and pray that I never have the 'pleasure' of using a system you 'manage' and/or working with you.

You see, there is this little, minor thing called testing that you left out.

Of course you test if you can. If you don't have a test bed machine laying around, then you have to take that leap of faith and have a backup or broken mirror. The critical patches have to be installed.

BTW. The feeling is mutual....

[timesarechangin]

In following the articles on the latest virus attack I checked the site that displays internet traffic flow graphically.....

See: http://www.internettrafficreport.com/asia.htm

I've noted that clicking on Asia which has the lowest performance at this point, lumps Israel into this grouping.... When I scroll down, I am noting the packet loss on all 3 of Israel's servers with a 100 rating........

I wonder why this was not mentioned in the recent announcements?

Too....keep your fingers crossed this doesn't play havoc with the world markets tonight/tomorrow.

[prognostigaator]

^

[altair]

It's late Monday morning as I write this. Terms like weekend and late at night, etc. have no meaning on the Internet.

[Lael]

It's late Monday morning as I write this. Terms like weekend and late at night, etc. have no meaning on the Internet.

That would put you in, say Guam or Kwajelein (sp?) Atoll??

[altair]

Kobe Japan.

[JudyB1938]

I've been wondering if any of those people got fired for not making sure they had all patches in place?