The Telegraph
Since 1st March, 1999
Email This Page
Worm infects Net traffic
- S. Korea online services crippled, global systems slow down

Seoul/London, Jan. 25 (Reuters): A rapidly spreading computer worm infested networks and bogged down Internet traffic across the globe today, crippling online services in one of the world’s most wired countries, South Korea.

Called “Sapphire” or “SQL Slammer,” the worm carries a self-regenerating mechanism that enables it to multiply quickly across the web, said Mikko Hypponen, manager of anti-virus research at F-Secure, a Helsinki-based computer security firm.

“It is so good at replicating that it generates massive amounts of traffic that will slow down networks,” Hypponen said. “The end user never sees it. They only experience the slowdown on the Net.”

Security experts blamed the worm for crashing almost all Internet services in South Korea.

It was the first time South Korea’s broadband and mobile Internet services have been shut down on such a scale, although hackers are fairly active in the country where 70 per cent of households have Internet access.

“It is highly likely hackers have launched an all-out attack on the country’s Internet system,” Yonhap news agency quoted an official of the ministry of information and communication as saying.

The problem was not limited to South Korea, with systems slowing from Japan to Europe to the US, officials said.

In Washington, the FBI said it was aware of the situation. “I know there is a worm out there. I don’t know the name of it. It’s something we are monitoring,” spokesman Ed Cogswell said.

He said he did not know when the problem had started or who was responsible for it.

The worm has been likened to the “Code Red” bug of July 2001, which slowed traffic dramatically on the Internet. The authors of that malicious code remain a mystery.

“Sapphire” or “SQL Slammer” infects computer servers that run on Microsoft Windows 2000 SQL software. Once it attaches to a server, it transmits multiple data requests in a random manner to other IP addresses seeking more vulnerable servers to infect.

The effect is a flood of traffic that bogs down ISP networks and can even knock websites off-line, Hypponen said. He added the worm was probably installed on a faulty server by a virus writer or hacker within the past few days. A patch is available on Microsoft Corp’s website,, he added.

Left unchecked, the worm could continue to create large network disruptions for ISP customers, plus knock out some web sites over the coming days, he warned.

Hypponen said it had disabled the email server of a corporate client in Slovenia. Meanwhile, ISP customers in the US and Britain lodged distress notes on Internet message boards Saturday complaining about slowdowns in Internet traffic.

The biggest impact appeared to be in South Korea, however, where police were called in to investigate. The infestation brought down the entire Internet service of the country’s largest ISP, KT Corp, a company spokesman said.

He said services were down for several hours in the afternoon but were recovering. However, the networks of number two operator Hanaro Telecom Inc and number three Thrunet Co were still experiencing trouble. The crash was triggered by a huge volume of transmissions flowing into KT’s Hyehwa service in Seoul, officials said.

Graham Cluley of Sophos Anti-Virus, a British virus detection firm, said its first reports came from companies in Asia. A number in Europe have also contacted Sophos reporting a degradation in Internet speed.

Email This Page