Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

more on Net Attack

From: Dave Farber <dave () farber net>
Date: Sat, 25 Jan 2003 09:29:54 -0500

------ Forwarded Message
From: "Kevin G. Barkes" <kgb () kgb com>
Date: Sat, 25 Jan 2003 08:12:21 -0800
To: dave () farber net
Subject: Net Attack

Virus Overwhelms Global Internet Systems

Jan 25, 8:20 AM (ET)

By TED BRIDIS

WASHINGTON (AP) - Traffic on the Internet slowed dramatically for hours
early Saturday, the effects of a fast-spreading, virus-like infection that
overwhelmed the world's digital pipelines and broadly interfered with Web
browsing and delivery of e-mail.

Sites monitoring the health of the Internet reported significant slowdowns
globally. Experts said the electronic attack bore remarkable similarities to
the "Code Red" virus during the summer of 2001 which also ground online
traffic to a halt.

"It's not debilitating," said Howard Schmidt, President Bush's No. 2
cyber-security adviser. "Everybody seems to be getting it under control."
Schmidt said the FBI's National Infrastructure Protection Center and private
experts at the CERT Coordination Center were monitoring the attack and
offering technical advice to computer administrators on how to protect
against it.

Most home users did not need to take any protective measures.

The virus-like attack, which began about 12:30 a.m. EST, sought out
vulnerable computers on the Internet to infect using a known flaw in popular
database software from Microsoft Corp. (MSFT), called "SQL Server 2000." But
the attacking software code was scanning for victim computers so randomly
and so aggressively - sending out thousands of probes each second - that it
saturated many Internet data pipelines.

Schmidt said disruption within the U.S. government was minimal, partly
because the attack occurred early on a Saturday morning.

"This is like Code Red all over again," said Marc Maiffret, an executive
with eEye Digital Security, whose engineers were among the earliest to study
samples of the attack software. "The sheer number of attacks is eating up so
much bandwidth that normal operations can't take place."

"The impact of this worm was huge," agreed Ben Koshy of W3 International
Media Ltd., which operates thousands of Web sites from its computers in
Vancouver. "It's a very significant attack."

Koshy added that, about six hours after the attack started, commercial Web
sites that had been overwhelmed were starting to come back online as
engineers began effectively blocking the malicious data traffic. At the
height of the attack, another company reported that computers were flooded
with more than 125 megabytes of data every second.

"People are recovering from it," Koshy said.

Symantec Corp. (SYMC), an antivirus vendor, estimated that at least 22,000
systems were affected worldwide.

"Traffic itself seems to have leveled off a little bit, so likely only so
many systems are exposed out there," said Oliver Friedrichs, senior manager
with Symantec Security Response. The attacking software, technically known
as a worm, was overwhelming Internet traffic-directing devices known as
routers.

"The Internet is still usable, but we're definitely receiving reports from
some of our customers who have had it affect their routers specifically,"
Friedrichs said.

The attack sought to exploit a software flaw discovered by researchers in
July 2002 that permits hackers to seize control of corporate database
servers. Microsoft deemed the problem "critical" and offered a free
repairing patch, but it was impossible to know how many computer
administrators applied the fix.

"People need to do a better job about fixing vulnerabilities," Schmidt said.

The latest attack was likely to revive debate within the technology industry
about the need for an Internet-wide monitoring center, which the Bush
administration has proposed. Some Internet industry executives and lawyers
said they would raise serious civil liberties concerns if the U.S.
government, not an industry consortium, operated such a powerful monitoring
center.

"No where do you see everything that has happened in cyber-space, no one has
that synoptic view," said Dick Clarke, Bush's top cyber-security adviser,
during a speech earlier this month to U.S. intelligence officials. "What
we're talking about is seeing something in time to stop it, a major cyber
attack."

During the "Code Red" attack in July 2001, about 300,000 mostly corporate
server computers were infected and programmed to launch a simultaneous
attack against the Web site for the White House, which U.S. officials were
able to defend successfully.

Unlike that episode, the malicious software used in this latest attack did
not appear to do anything other than try to spread its own infection,
experts said.

---

AP technology writers Anick Jesdanun and Frank Bajak contributed to this
story from New York.

---

On the Net:

Technical details:
http://www.microsoft.com/technet/treeview/default.asp?url/technet/security/
http://www.eeye.com/html/Research/Flash/AL20030125.html

Microsoft fix: bulletin/MS02-039.asp


Regards,

KGB

-----
Kevin G. Barkes
Email: kgb () kgb com | Web: www.kgb.com
KGB Report:
http://www.kgb.com
National Temperature Index:
http://nationaltemperatureindex.com
DCL Dialogue on line:
http://www.kgb.com/dcl.html
Random Quotations Generator:
http://www.goodquotations.com
Over 9,000 searchable quotations.


------ End of Forwarded Message

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To unsubscribe or update your address, click
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: