Virus Overwhelms Global Internet Systems
By Peter M. Abraham

There is headline news at CNN.com, Yahoo News, WorldTechNews.com, Slashdot.Org, Lycos News, IWon News, and more about a major attack on the Internet across the world.

Since about midnight EST almost every host on the internet has been receiving a 376 byte UDP payload on port ms-sql-m (1434) from a random infected server.

internetpulse.net is reporting UUNet and Internap are being hit very hard. This is the cause of major connectivity problems being experienced worldwide.

This has effectively disabled 5 of the 13 root nameservers.

The root name servers are the main infrastructure behind the Internet domain name service system.

WASHINGTON (AP) -- Traffic on the many parts of the Internet slowed dramatically for hours early Saturday, the apparent effects of a fast-spreading, virus-like infection that overwhelmed the world's digital pipelines and interfered with Web browsing and delivery of e-mail.

Experts said the electronic attack bore remarkable similarities to the "Code Red" virus during the summer of 2001 which also ground traffic to a halt on much of the Internet.

The virus-like attack, which began about 12:30 a.m. EST, sought out vulnerable computers on the Internet to infect using a known flaw in popular database software from Microsoft Corp., called "SQL Server 2000." But the attacking software code was scanning for victim computers so randomly and so aggressively -- sending out thousands of probes each second -- that it overwhelmed many Internet data pipelines.

Symantec Corp., an antivirus vendor, estimated that at least 22,000 systems were affected worldwide.

The FBI are involved in investigating the problem.

The FBI was searching for the possible origin of the latest attack, which experts variously dubbed "sapphire," "slammer" or "SQ ######." Some security researchers noted that the software unleashed in Saturday's attack bore striking resemblance to blueprints for computer code published weeks ago on a Chinese hacking Web site by a person who calls himself "Lion." An FBI spokesman said he couldn't confirm that.

One of the key comments from all articles was that everyone needs to make sure their computer systems are up to date.

The attack sought to take advantage of a software flaw discovered by researchers in July 2002 that permits hackers to seize control of corporate database servers. Microsoft deemed the problem "critical" and offered a free repairing patch, but it was impossible to know how many computer administrators applied the fix.

"People need to do a better job about fixing vulnerabilities," Schmidt said.

Dynamic Net, Inc., through its managed service and security division, does have an enterprise network monitoring product which can let consumers and providers know of problems within 60 seconds or less.

We also have a security patch service which takes the burden off of you to apply patches protectively.

While our hosting services were impacted by the resource denials of the attack, none of our own systems were vulnerable.

Please let us know if you have any questions

Source:

http://www.dynamicnet.net/news/articles/vi..._overwhelms.htm

More info:

http://securityresponse.symantec.com/avcen...qlexp.worm.html

http://www.cnn.com/2003/TECH/internet/01/2...k.ap/index.html

Almost all the major DNS servers in Korea, Japan were down, due to overwhelming traffic access.. Those servers handle about 2000 requests per second average.. but thanks to the virus, they had to handle 10 thousand requests per second.. I'm surprised the server didn't burn out

I think we have felt a little of the affects here. Seems like alot of sites are down and the web is extremely sluggish. I wonder how long it will last.