Traffic on the many parts of the Internet slowed dramatically early today, the apparent effects of a fast-spreading virus-like infection interfering with Web browsing and delivery of e-mail.
Sites monitoring the health of the Internet reported significant slowdowns globally. Experts said the latest electronic attack bore remarkable similarities to the Code Red virus during the summer of 2001 which also ground traffic to a halt on much of the Internet.
“It’s not debilitating,” said Howard Schmidt, one of President George W Bush’s top cyber-security advisers. “Everybody seems to be getting it under control.” Schmidt said the FBI’s National Infrastructure Protection Centre and private experts at the CERT Co-ordination Centre were monitoring the attacks.
The virus-like attack sought out vulnerable computers to infect on the Internet using a known flaw in popular database software from Microsoft, called SQL Server. But the attacking software code was scanning for victim computers so randomly and so aggressively – sending out thousands of probes each second - that it overwhelmed many Internet data pipelines.
“This is like Code Red all over again,” said Marc Maiffret, an executive with eEye Digital Security, whose engineers were among the earliest to study samples of the attack software.
“The sheer number of attacks is eating up so much bandwidth that normal operations can’t take place.”
The attack sought to take advantage of a software flaw discovered in July 2002 that permits hackers to infect corporate database servers. Microsoft deemed the problem “critical” and offered a free repairing patch, but it was impossible to know how many computer administrators applied the fix.
“People need to do a better job about fixing vulnerabilities,” Schmidt said.
The infection quickly spread through digital networks in parts of Asia, with users and news media reporting outages or slowdowns in Thailand, Japan, South Korea and Cambodia.
Internet service providers said a sudden surge in traffic jammed their networks Saturday afternoon.
While traffic among domestic Thai servers was at normal levels, exchanges with international servers ground to a halt around 12.30pm (0530 GMT), the representative said.
However, other Thai Internet service providers appeared to be unaffected, according to local subscribers.
In Japan, NHK television reported that heavy traffic had swamped some of the country’s Internet connections. A public university computer had been hit by over 200,000 transmissions in one hour and security firms were looking into the incident, it said.