Steve Quayle News Alerts

January 25, 2003

Traffic has slowed dramatically on many parts of the internet - apparently the result of a fast-spreading, virus-like infection, computer experts say.

The electronic attack is reported to have interfered with web browsing and e-mail delivery.

It is highly likely hackers have launched an all-out attack on the country's internet system - South Korean Information Ministry official

Experts said the attack on Saturday was similar to the impact of the "Code Red" virus, which brought internet traffic to a standstill in the summer of 2001.

The malicious code targets servers that direct traffic on the internet and does not infect home computers.

In South Korea internet services were shut down nationwide for hours on Saturday, the country's Yonhap news agency reported.

Users and news media also reported outages or slowdowns in Thailand, Japan, Malaysia, the Philippines and India.

The malicious code exploits a vulnerability in database software from Microsoft, called the SQL Server, which was first identified in July 2002.

The code instructs the server to go into an endless loop, tricking it into thinking it is getting traffic all the time when in fact it is not, BBC News Online technology reporter Alfred Hermida says.

"It's not debilitating," said Howard Schmidt, one of President George W Bush's top cyber-security advisers, quoted by the Associated Press news agency.

"Everybody seems to be getting it under control."

South Korea hit

He said the FBI's National Infrastructure Protection Center and private experts at the CERT Co-ordination Center were monitoring the attacks.

The South Korean news agency said the nationwide internet shutdown was triggered by "apparent cyber terror committed by hackers".

It was not immediately clear if the South Korean attack was the same as that reported in the United States.

It is the first time South Korea's wired and mobile internet services have been hit collectively in such a way, according to Yonhap.

But the impact on most financial institutions, corporations and government offices was minimal as they were closed for the weekend, it said.

Endless instructions

The attacking software code overwhelmed many internet data pipelines as it searched for victim computers randomly and aggressively.

The code has spread very quickly because it uses a protocol - called UDP - different from the one computers use for accessing web pages.

In effect, the code overwhelms servers by broadcasting instructions endlessly, our reporter says.

At least five of the internet's 13 major hubs were targeted in Saturday's attack.

The Microsoft website has a fix for the vulnerability, which companies can download.

http://news.bbc.co.uk/2/hi/technology/2693925.stm