0
airtwardo

Sat. morning computer virus

By airtwardo, in The Bonfire

Recommended Posts

airtwardo    6

airtwardo
WASHINGTON (Jan. 25) - Traffic on the Internet slowed dramatically for hours early Saturday, the effects of a fast-spreading, virus-like infection that overwhelmed the world's digital pipelines and broadly interfered with Web browsing and delivery of e-mail.

Sites monitoring the health of the Internet reported significant slowdowns globally. Experts said the electronic attack bore remarkable similarities to the ''Code Red'' virus during the summer of 2001 which also ground online traffic to a halt.

''It's not debilitating,'' said Howard Schmidt, President Bush's No. 2 cyber-security adviser. ''Everybody seems to be getting it under control.'' Schmidt said the FBI's National Infrastructure Protection Center and private experts at the CERT Coordination Center were monitoring the attack and offering technical advice to computer administrators on how to protect against it.

Most home users did not need to take any protective measures.

The virus-like attack, which began about 12:30 a.m. EST, sought out vulnerable computers on the Internet to infect using a known flaw in popular database software from Microsoft Corp., called ''SQL Server 2000.'' But the attacking software code was scanning for victim computers so randomly and so aggressively - sending out thousands of probes each second - that it saturated many Internet data pipelines.

Schmidt said disruption within the U.S. government was minimal, partly because the attack occurred early on a Saturday morning.

''This is like Code Red all over again,'' said Marc Maiffret, an executive with eEye Digital Security, whose engineers were among the earliest to study samples of the attack software. ''The sheer number of attacks is eating up so much bandwidth that normal operations can't take place.''

''The impact of this worm was huge,'' agreed Ben Koshy of W3 International Media Ltd., which operates thousands of Web sites from its computers in Vancouver. ''It's a very significant attack.''

Koshy added that, about six hours after the attack started, commercial Web sites that had been overwhelmed were starting to come back online as engineers began effectively blocking the malicious data traffic. At the height of the attack, another company reported that computers were flooded with more than 125 megabytes of data every second.

''People are recovering from it,'' Koshy said.

Symantec Corp., an antivirus vendor, estimated that at least 22,000 systems were affected worldwide.

''Traffic itself seems to have leveled off a little bit, so likely only so many systems are exposed out there,'' said Oliver Friedrichs, senior manager with Symantec Security Response. The attacking software, technically known as a worm, was overwhelming Internet traffic-directing devices known as routers.

''The Internet is still usable, but we're definitely receiving reports from some of our customers who have had it affect their routers specifically,'' Friedrichs said.

The attack sought to exploit a software flaw discovered by researchers in July 2002 that permits hackers to seize control of corporate database servers. Microsoft deemed the problem ''critical'' and offered a free repairing patch, but it was impossible to know how many computer administrators applied the fix.

''People need to do a better job about fixing vulnerabilities,'' Schmidt said.

The latest attack was likely to revive debate within the technology industry about the need for an Internet-wide monitoring center, which the Bush administration has proposed. Some Internet industry executives and lawyers said they would raise serious civil liberties concerns if the U.S. government, not an industry consortium, operated such a powerful monitoring center.

''No where do you see everything that has happened in cyber-space, no one has that synoptic view,'' said Dick Clarke, Bush's top cyber-security adviser, during a speech earlier this month to U.S. intelligence officials. ''What we're talking about is seeing something in time to stop it, a major cyber attack.''

During the ''Code Red'' attack in July 2001, about 300,000 mostly corporate server computers were infected and programmed to launch a simultaneous attack against the Web site for the White House, which U.S. officials were able to defend successfully.

Unlike that episode, the malicious software used in this latest attack did not appear to do anything other than try to spread its own infection, experts said.

On the Net:

Technical details:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/s ecurity/ http://www.eeye.com/html/Research/Flash/AL20030125.html

Microsoft fix: bulletin/MS02-039.asp










~ If you choke a Smurf, what color does it turn? ~

Share this post

Link to post
Share on other sites

Gawain    0

Gawain
Quote

thank god i live in Europe :P



And how do you connect to the internet? Osmosis? :S:P
So I try and I scream and I beg and I sigh
Just to prove I'm alive, and it's alright
'Cause tonight there's a way I'll make light of my treacherous life
Make light!

Share this post

Link to post
Share on other sites

Gawain    0

Gawain
Quote

Quote

thank god i live in Europe :P



My condolences.


Damn skippy! B|
So I try and I scream and I beg and I sigh
Just to prove I'm alive, and it's alright
'Cause tonight there's a way I'll make light of my treacherous life
Make light!

Share this post

Link to post
Share on other sites

AndyMan    7

AndyMan
Quote

thank god i live in Europe



Well, not really.

This worm (not a virus, a worm. they're different) targets copies of Microsoft SQL Server. SQL Server is a database system, comparable to Oracle. It is frequently used to manage business back office systems, and also plays a critical roles in complex business websites.

It is both popular in both Europe and the US. While the attack last night tended to be centered in the US, it's only a matter of time before it spreads to Europe.

It doesn't target home users, it doesn't 'infect' home users. This is one of the rare cases where home users don't need to worry about it - except that some of their favorite websites might be innaccesible.

Interestingly, one of the largest installs of SQL Server is... Microsoft! The first casualty of the attack was the XP registration system, people (yeah, even in europe) trying to install new versions of XP found that they couldn't register it. XP will not work without registration.

_Am
__

You put the fun in "funnel" - craichead.

Share this post

Link to post
Share on other sites

PhreeZone    15

PhreeZone
Continential and Delta were reporting issues too arourding to the people I've talked to. Luckly we at work installed the patches about 2 months back and all the main SQL servers got the SP Friday night when the out break was only an hour or two old. Boss still ran around like a chicken with his head cut off mid afternoon when he first heard about it... but the techs fixed it before it was an issue.

God I hate stupid management...
Yesterday is history
And tomorrow is a mystery

Parachutemanuals.com

Share this post

Link to post
Share on other sites

AndyMan    7

AndyMan
Quote

Continential and Delta were reporting issues too arourding to the people I've talked to. Luckly we at work installed the patches about 2 months back and all the main SQL servers got the SP Friday night when the out break was only an hour or two old.



Fortunately, I finished replacing all our SQL Servers with Oracle just a few monthes ago, and am now looking at going Postgres. I've had a workless weekend.

_Am
__

You put the fun in "funnel" - craichead.

Share this post

Link to post
Share on other sites

Michele    1

Michele
Smiles - is this what you're talking about?

http://www.panasonic.ca/

And is that the correct addy for Panasonic?

It does announce it's been defaced...also, when i move my arrow thingy over the words, it disappears, but the arrow doesn't disappear when over the pix...

Ciels-
Michele


~Do Angels keep the dreams we seek
While our hearts lie bleeding?~

Share this post

Link to post
Share on other sites

Unutsch    0

Unutsch
Quote

Quote

thank god i live in Europe :P



And how do you connect to the internet? Osmosis? :S:P


no, i sit my grandmother on a bike that runs a generator which gives electricity to my brand new 386DX, with 33 mHz, 4MB RAM, and a 80Mb HDD, and a dial-up modem: US ROBOTICS 2880 bps.
but i find it extremely dificult to actually connect to the internet via the only server my developing country has :P


Check out the site of the Fallen Angels FreeflY Organisation:
http://www.padliangeli.org

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
0
Go To Topic Listing