By Ted Bridis
The Associated Press

WASHINGTON - A fast-spreading, virus-like infection dramatically slowed Internet traffic Saturday, overwhelming the world's digital pipelines and interfering with Web browsing and e-mail delivery.

Sites monitoring the health of the Internet reported detecting at least 39,000 infected computers, which transmitted floods of spurious signals disrupting hundreds of thousands of other systems worldwide. Monitors reported significant slowdowns, although recovery efforts appeared to be succeeding.

"Everything is starting to come back online," said Bill Murray, a spokesman for the FBI's National Infrastructure Protection Center.

The virus affected Indiana's internal state government computer network, a state official said.

MORE INFORMATION

• Technical details: http://www.eeye.com/html/Research/Flash/AL20030125.html • More details: http://www.iss.net/security_center/static/10031.php • Microsoft fix: http://www.microsoft.com/technet/security/bulletin/MS02-039.asp

The virus flooded the network with spurious electronic signals, "kind of like virtual graffiti," said Laura Larimer, chief information officer for the state.

No state records appeared to have been damaged or lost, with no indications of any breaches of private information, Larimer said.

Bank of America Corp., one of the nation's largest banks, said many customers could not withdraw money from its 13,000 ATM machines because of problems caused by the attack.

Millions of Internet users in South Korea were stranded when computers at Korea Telecom Freetel and SK Telecom failed. Service was restored but remained slow, officials said. In Japan, NHK television reported heavy data traffic swamped some of the country's Internet connections, and Finnish phone company TeliaSonera reported some problems.

"It's not debilitating," said Howard Schmidt, President Bush's No. 2 cybersecurity adviser. "Everybody seems to be getting it under control." Mr. Schmidt said the FBI's cybersecurity unit and experts at the federally funded CERT Coordination Center were monitoring the attack and offering technical advice to computer administrators on how to protect against it.

Rick Miller, a spokesman for Microsoft Corp., however, confirmed that Internet congestion was interfering with administrators trying to download the crucial software patch Microsoft had earlier made available to protect vulnerable computers.

The same congestion also completely prevented consumers from contacting Microsoft over the Internet to unlock the anti-piracy features of its latest products, including the Windows XP and Office XP software packages.

Tiffany Olson, spokeswoman for the President's Critical Infrastructure Protection Board, said the White House may not determine the scope of damage "for at least a couple of days, and we may not know the full impact of this attack at all."

The attacking software was scanning for victim computers so randomly and so aggressively, sending out thousands of probes a second, that it saturated many Internet data pipelines.

Most home users did not need to take any protective measures.

The FBI was searching for the origin of the attack, which experts variously dubbed "sapphire," "slammer" or "SQ hell."

The attack resembled the "Code Red" virus that struck the Internet during the summer of 2001.

"This is like Code Red all over again," said Marc Maiffret, an executive with eEye Digital Security, whose engineers were among the earliest to study samples of the attack software. "The sheer number of attacks is eating up so much bandwidth that normal operations can't take place."

Mr. Schmidt said disruption within the U.S. government was minimal, partly because the attack occurred early on a weekend. The departments of State, Agriculture, Commerce and some units of the Defense Department appeared hardest hit among federal agencies, according to Matrix NetSystems Inc., a monitoring firm in Austin, Texas.

The Philadelphia Inquirer and Atlanta Journal-Constitution also reported problems.

The attack sought to exploit a software flaw discovered by researchers in July 2002 that permits hackers to seize control of corporate database servers. Microsoft deemed the flaw to be critical and offered a free repairing patch which many system administrators ignored.

• Technical details:
http://www.eeye.com/html/Research/Flash/AL20030125.html
• More details:
http://www.iss.net/security_center/static/10031.php
• Microsoft fix:
http://www.microsoft.com/technet/security/bulletin/MS02-039.asp