washingtonpost.com  > Technology > Tech Policy > Security

Page 2 of 2  < Back  

Internet Worm Hits Airline, Banks

The attack also interfered with computer networks at the Atlanta Journal-Constitution, which had to delay the publication of its Sunday first edition, the newspaper said. News updates to the paper's Web site also were delayed by the worm. The Associated Press and the Philadelphia Inquirer also experienced publishing problems as a result of the worm.

E-mail and Web traffic move around the Internet using a standard that breaks the data up into tiny packets of information before sending them on to their destinations. The data flood produced by a worm or virus often crowds out some of these packets, resulting in returned -- or "bounced" -- e-mails, and slowed Internet traffic.

_____Related Articles_____
Internet Worm Slows Servers (The Washington Post, Jan 26, 2003)
_____On The Web_____
National Infrastructure Protection Center Advisory
CERT Advisory CA-2003-04 MS-SQL Server Worm
Internet Storm Center: Port 1434 MS-SQL Worm
Symantec Security Response: W32.SQLExp.Worm
Microsoft Security Bulletin MS02-039

George Mason Officials Investigate Hacking Incident (The Washington Post, Jan 13, 2005)
Microsoft Releases 3 New Windows Security Patches (The Washington Post, Jan 12, 2005)
Another Computer Security Official Quits (The Washington Post, Jan 12, 2005)
More Security News
Today's Political News
Daily E-mail Updates
Sign up for the weekly tech policy e-letter (Delivered every Monday).

The average packet loss at the height of Saturday's attack was a debilitating 20 percent, according to a senior executive at Matrix NetSystems, a Web monitoring firm based in Austin, Texas.

"When routers are dropping one-fifth of their packets, you're going to see mail servers hammered, and in many cases (e-mail) attachments will be lost in the sending," said Tom Ohlsson, vice president of marketing and business development.

Major Web site delays occurred at more than 45 times the normal level at numerous government sites Saturday, including the Departments of Agriculture and Commerce, the firm reported. Several Defense Department sites were particularly hard hit, including the Defense Logistics Agency, the DoD Teleprocessing Center and the Defense Information Systems Agency, which acts as the computer network operations center for military Web sites.

A spokeswoman for the Defense Department's Strategic Command in Omaha declined to discuss the affected Web sites, or provide details on what action the department is taking against the worm, but said there was "minimal impact on the DoD domain."

The worm, in its structure and method, resembled Code Red, a worm released on the Internet in the summer of 2001 that attacked the White House Web site.

The worm unleashed Saturday did not delete files or harm computers, but overwhelmed systems with huge numbers of requests for information.

The speed and efficiency with which the worm randomly scanned Internet addresses for other vulnerable systems caused network degradation over much of the Internet, said Alfred Huger, senior director of engineering at Symantec Security Response.

Many businesses that blocked access to Microsoft SQL servers likely will experience a few problems adjusting their firewalls to allow legitimate traffic from affiliates and off-site offices that need to draw information from their parent company's database servers, Allor said.

"It's probably not going to be business as usual, as companies work through patching their systems and figuring out exactly which parts of their business needs to have access to these servers," he said.

South Korea sustained the most damage from the worm, losing almost all of its Internet service. With 70 percent of its households connected to the Internet, South Korea is one of the world's most wired nations.

Businesses in South Korea are among the first to open for business in the new work week, and could face complications caused by lingering infections, experts said. Overall, however, network traffic associated with the worm has dropped off nearly 90 percent, according to Symantec.

< Back  1 2

© 2003 TechNews.com