Internet traffic broadly affected by electronic attack

AP | 1/25/03 | TED BRIDIS

[kattracks]

WASHINGTON (AP) -- Traffic on the many parts of the Internet slowed dramatically early Saturday, the apparent effects of a fast-spreading, virus-like infection overwhelming the world's digital pipelines and interfering with Web browsing and delivery of e-mail.

Sites monitoring the health of the Internet reported significant slowdowns globally. Experts said the latest electronic attack bore remarkable similarities to "Code Red" virus during the summer of 2001 which also ground traffic to a halt on much of the Internet.

"It's not debilitating," said Howard Schmidt, President Bush's No. 2 cyber-security adviser. "Everybody seems to be getting it under control." Schmidt said the FBI's National Infrastructure Protection Center and private experts at the CERT Coordination Center were monitoring the attacks.

The virus-like attack sought out vulnerable computers to infect on the Internet using a known flaw in popular database software from Microsoft Corp., called "SQL Server." But the attacking software code was scanning for victim computers so randomly and so aggressively -- sending out thousands of probes each second -- that it overwhelmed many Internet data pipelines.

"This is like Code Red all over again," said Marc Maiffret, an executive with eEye Digital Security, whose engineers were among the earliest to study samples of the attack software. "The sheer number of attacks is eating up so much bandwidth that normal operations can't take place."

The attack sought to take advantage of a software flaw discovered in July 2002 that permits hackers to infect corporate database servers. Microsoft deemed the problem "critical" and offered a free repairing patch, but it was impossible to know how many computer administrators applied the fix.

"People need to do a better job about fixing vulnerabilities," Schmidt said.

[Iowa Granny]

Well, this explains a few things. Thanks, kattracks for finding this, and posting.

[Petronski]

Ohhhhh. Microsoft.

[bota]

Microsofts own network got hit severely as well as several other major companies.

[Unknown Freeper]

Running thread on this topic: Sudden Widespread Internet Lag

This thread has been going since things started happening.

[ventana]

LOL! Your parenthetical statement is a riot! I keep telling my kids, since my generation is the one which wholeheartedly accepts pro-choice, we better not complain when our kids choose to turn out the lights a little sooner then we expected! V's wife.

[kattracks]

Welcome :o)

[leadpenny]

I was going to say, "She can't take the power, Captain!"

But this sounds series.

[Timesink]

Ohhhhh. Microsoft.

This surprises you?

[snopercod]

Earlier thread by William Creel

[HiTech RedNeck]

Applying these critical updates is tricky because it is sometimes an iterative process. One critical update ends up needing another critical update, or bunch of updates, and you can't just get them all at once. Big case in point is installation of IE6 which MS deems a "critical update" to IE5.5. It's easy to not install them all. And you obviously won't get an SQL server update if you haven't yet installed SQL server at the time you fetched your critical updates.

[Glenn]

I received a 4 AM wake-up call from our data center. They're ovewhelmed with the attack. Kiten, I think they called it. (I still need coffee so I am not sure if that is right.) Messy, apparently. VPN is down. Life sucks.

[Glenn]

Hmmm. Kevin Mitnick gets his Internet privileges back on Tuesday. Worm hits the web on Saturday. Hmmm.

[Rain-maker]

Hmmm. Kevin Mitnick gets his Internet privileges back on Tuesday. Worm hits the web on Saturday. Hmmm.

You suppose it was a hacker's welcome back party?...LOL

It's is rather coincidental.

[ex-Texan]

The attack was most likely just another -- 'Testing, testing, testing' event -- before the real attack which will come later and be coordinated with other aQ attacks. This activity was predicted in reports earlier this month. It may be linked to terrorist activty:

http://www.freerepublic.com/focus/news/817395/posts

[ALS]

I just relocated 3 websites to a new provider and BOOM! this happens.

It took me awhile to figure out I hadn't just gotten screwed.

To the yahoos that did this: OFF with their heads!

[Glenn]

It may be linked to terrorist activty:

I hope they tell us it is. It'd be a green light for the script kiddies to deface something other than RIAA for a change.

[don-o]

Link

Try this 'un

[cardinal4]

Ohhhhh. Microsoft.

You said it.