Related topics

Computer Infection Spreads in Asia, Euro

August 12, 2003

STOCKHOLM, Sweden (AP) _ Computers mysteriously restarted and tens of thousands of people lost Internet access as a virus-like network infection spread Tuesday in Europe and Asia.

Security officials said the Internet worm, dubbed ``LovSan,″ was part of a coordinated electronic attack that exploited a serious flaw in Microsoft Corp.’s Windows operating systems.

The worm was first reported in the United States on Monday and, while appearing not to delete files or otherwise do permanent damage, knocked many computers offline.

Across Asia and Europe, it struck many businesses as they opened and workers logged on, spreading without the need for user intervention.

Graham Cluley, a senior technology consultant with Sophos PLC in Britain, said his company started getting reports about the infection from Australia and then in Europe.

In Sweden, Internet provider TeliaSonera said about 20,000 of its customers were affected after the infection clogged 40 servers that handled Internet traffic. Spokeswoman Lena Rosell said customers had their service restored by late morning.

In Germany, a server at the offices of automaker BMW was downed by the virus, spokesman Eckhard Vannieck said. The problems did not affect production and the company expected it to be fixed by day’s end.

Internet security company F-secure said about 900 computers in Sweden were infected by LovSan.

Computers infected by LovSan were programmed to automatically launch an attack Saturday on windowsupdate.com, a Web site Microsoft uses to avail customers of software patches that can prevent such infections.

Microsoft had posted a free patch on the Web site to protect Windows users after it warned on July 16 about one of the most serious flaws ever discovered in its flagship Windows operating system.

Nearly all versions of Windows are affected.

The high-profile alerts issued by Microsoft notwithstanding, many businesses did not initially install the patches and scrambled Tuesday to shore up their computers.

``People are too laid back. Microsoft doesn’t do these warnings for fun,″ said Cluley. ``I think a lot of people have gotten into the habit of thinking viruses only come in via e-mails.″

S.C. Leung, spokesman for the Hong Kong Computer Emergency Response Team Coordination Center, said some home computers crashed, possibly a side effect of the infection, also dubbed ``blaster.″

Individual users and small businesses appeared to be at greater risk than bigger companies, which typically have thorough firewalls that can stem such attacks. But once such a worm gets inside a firewall, unprotected computers are vulnerable.

South Korea’s Information and Communication Ministry said that about 1,900 cases of the infection were reported there.

``The situation is slowly calming down, but we are still getting fresh reports of infections,″ said Cho Kyu-il, a ministry official.

Denmark initially reported limited problems, but ``the tendency is rising and we’re getting more reports of attacks,″ said Preben Andersen, head of Denmark’s official virus watchdog agency, DK CERT. ``There must be at least a couple of thousand PCs infected with this worm.″


On the Net:

Network Associates: http://vil.nai.com/vil/content/v_100547.htm

Symantec: www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

Microsoft warning: www.microsoft.com/security/security_bulletins/ms03-026.asp

Government warning: www.nipc.gov/warnings/advisories/2003/Potential7302003.htm

Update hourly