回复:……
Electronic attack slows Internet
Experts: 'SQL Slammer' worm doesn't cause serious damage
Saturday, January 25, 2003 Posted: 4:54 PM EST (2154 GMT)
****************************************************************************
WHAT IS A WORM?
A program that makes copies of itself -- for example, from one disk drive to another, or by copying itself using e-mail or another transport mechanism.
****************************************************************************
WASHINGTON (CNN) -- A fast-moving computer worm snarled business and government computers Saturday, slowing some corporate systems to the point of inaccessibility, but Internet security experts said it does not appear to have done any serious damage.
The worm, dubbed "SQL Slammer," attacked via a vulnerability discovered six months ago in SQL
Server 2000 software from Microsoft Corp., according to Oliver Friedrichs, a senior manager with Internet security firm Symantec Corp. Microsoft has offered a free patch to fix the trouble spot, but not all users of the server software installed the patch.
Friedrichs said the SQL worm "breaks into the server and tries to spread."
"It really generates a lot of network traffic," Friedrichs said. "It's really just going to slow down Internet performance."
The White House was notified about the attack after it was discovered early Saturday, said Tiffany Olson, a spokeswoman for the President's Critical Infrastructure Protection Board.
The FBI's National Infrastructure Protection Center is investigating, she said.
Alan Paller of the SANS Institute, a training organization for technologists who try to protect computer systems and networks, said the SQL worm did not appear to be affecting files stored on computers. Instead, he said, it was causing trouble by replicating quickly and sending queries across computer lines for more vulnerable computers.
"It's not a major risk. It's not [doing] either of the two things that are terribly damaging," Paller said. "One is hurting people's machines, and one is knocking things [off-line]."
Several companies -- including Bank of America and Continental Airlines -- reported widespread computer problems Saturday.
Bank of America spokeswoman Lisa Gignon said the bank's problems appeared to be worm-related, but she could not verify it.
Continental said the worm attack caused its difficulties. Spokesman Jeff Walt said agents reverted to "the old fashioned way" -- phones, and pen and paper -- to record reservations and electronic tickets.
"[That is] more time consuming, so we had some scattered delays around the system and some cancellations of regional flights," said Walt, adding that the airline experienced few problems on its national flights. "It looks like we're getting close to [having] everything resolved."
Walt said Continental's hub at Newark, New Jersey, was the most affected by the problems, but problems were also reported in Houston, Texas, and Cleveland, Ohio. No delays lasted more than 30 minutes, he said.
The "Slammer" did not appear to affect files stored on computers.
Worms of this nature are often precursors to a different type of attack called "distributed denial of service." In that case, computers infected with a worm or other program are directed to send a flood of information to a specific Internet location and force it off-line.
"[Saturday's worm] is the recruitment of soldiers, not telling the soldiers where to aim their guns," Paller said.
He described Saturday's activity as a "worm with collateral damage."
If the vulnerability in the SQL software is not patched, Paller said, it is possible that a future denial of service attack could harness the "zombie" machines created Saturday.
Friedrichs said Saturday's worm was similar to the "Code Red" worm, which attacked unpatched Microsoft IIS servers in 2001 and defaced Web pages with the message "Welcome to http://www.worm.com! Hacked By Chinese!"
"Code Red" eventually hit more than 700,000 computers and spread too quickly for investigators to trace its origin.
So far, "SQL Slammer" has not disturbed any Web pages or other files.
As far as the origin of Saturday's worm, Paller said it will be difficult to trace it via technological means. In many cases, a worm's creator brags about his or her activities online and is caught that way.
Paller and Olson said Internet service providers and other security organizations had helped slow the worm's spread.
"It could have been horrendous," Olson said.
-- CNN technology correspondent Daniel Sieberg and White House correspondent Dana Bash contributed to this report.
[img]http://www.sakurasky.net/keyclub/bbs/uploadImages/20031234567890123.jpg[/img]
