The FBI was searching for the possible origin of the
latest attack, which experts variously dubbed ``sapphire,'' ``slammer'' or ``SQ
hell.'' Some security researchers noted that the software unleashed in
Saturday's attack bore striking resemblance to blueprints for computer code
published weeks ago on a Chinese hacking Web site by a person who calls himself
``Lion.'' An FBI spokesman said he couldn't confirm that.
Most home users did not need to take any protective
measures. Experts said the attack bore remarkable similarities to the ``Code
Red'' virus that struck the Internet during the summer of 2001.
The virus-like attack, which began about 12:30 a.m.
EST, sought out vulnerable computers on the Internet to infect using a known
flaw in popular database software from Microsoft Corp., called ``SQL Server
2000.'' But the attacking software was scanning for victim computers so randomly
and so aggressively _ sending out thousands of probes a second _ that it
saturated many Internet data pipelines.
Schmidt said disruption within the U.S. government
was minimal, partly because the attack occurred early on a weekend. The
departments of State, Agriculture, Commerce and some units within the Defense
Department appeared hardest hit within the government, according to Matrix
NetSystems Inc., a monitoring firm in Austin, Texas.
``This is like Code Red all over again,'' said Marc
Maiffret, an executive with eEye Digital Security, whose engineers were among
the earliest to study samples of the attack software. ``The sheer number of
attacks is eating up so much bandwidth that normal operations can't take
place.''
``The impact of this worm was huge,'' agreed Ben
Koshy of W3 International Media Ltd., which operates thousands of Web sites from
its computers in Vancouver. ``It's a very significant attack.''
Koshy added that, about six hours after the attack
started, commercial Web sites that had been overwhelmed were starting to come
back online as engineers began effectively blocking the malicious data traffic.
At the height of the attack, another company reported that computers were
flooded with more than 125 megabytes of data every second.
``People are recovering from it,'' Koshy said.
Symantec Corp., an antivirus vendor, estimated that
at least 22,000 systems were affected worldwide.
``Traffic itself seems to have leveled off a little
bit, so likely only so many systems are exposed out there,'' said Oliver
Friedrichs, senior manager with Symantec Security Response. The attacking
software, technically known as a worm, was overwhelming Internet
traffic-directing devices known as routers.
``The Internet is still usable, but we're definitely
receiving reports from some of our customers who have had it affect their
routers specifically,'' Friedrichs said.
The attack sought to exploit a software flaw
discovered by researchers in July 2002 that permits hackers to seize control of
corporate database servers. Microsoft deemed the flaw to be ``critical'' and
offered a free repairing patch, but it was impossible to know how many computer
administrators applied the fix.
The latest attack could revive debate within the
technology industry about the need for an Internet-wide monitoring center, which
the Bush administration has proposed.
During the Code Red attack in July 2001, about
300,000 mostly corporate server computers were infected and programmed to launch
a simultaneous attack against the Web site for the White House, which U.S.
officials were able to defend successfully.
Unlike that episode, the malicious software used in
this latest attack did not appear to do anything other than try to spread its
own infection, experts said.
AP technology writers Anick Jesdanun and Frank
Bajak contributed to this story from New York.
advertisement
