Latest Worm Disrupts Asia, Europe

Security officials said the virus-like worm, dubbed "LovSan," was part of a coordinated electronic attack that exploited one of the most serious flaws yet discovered in Microsoft Corp.'s Windows operating systems.

The worm was first reported in the United States on Monday and, while appearing not to delete files or otherwise incur permanent damage, knocked many computers offline. Non-Microsoft systems were not vulnerable.

Across Asia and Europe, it struck many businesses as they opened and workers logged on, spreading without the need for user intervention.

Graham Cluley, a senior technology consultant with Sophos PLC in Britain, said his company started getting reports about the infection from Australia and then in Europe.

id
unit-1659132512259
type
Sponsored post

In Sweden, Internet provider TeliaSonera said about 20,000 of its customers were affected after the infection clogged 40 servers that handled Internet traffic. Spokeswoman Lena Rosell said customers had their service restored by late morning.

Denmark initially reported limited problems, but "the tendency is rising and we're getting more reports of attacks," said Preben Andersen, head of Denmark's official virus watchdog agency, DK CERT. "There must be at least a couple of thousand PCs infected with this worm."

Among companies affected in Germany was automaker BMW, said spokesman Eckhard Vannieck. The problems did not affect production and the company expected it fixed by day's end.

Computers infected by LovSan were programmed to automatically launch an attack Saturday on windowsupdate.com, a Web site Microsoft uses to avail customers of software patches that can prevent such infections.

The infection was dubbed "LovSan" because of a love note left behind on vulnerable computers: "I just want to say LOVE YOU SAN!" Researchers also discovered another message hidden inside the infection that appeared to taunt Microsoft Chairman Bill Gates: "billy gates why do you make this possible? Stop making money and fix your software!"

Microsoft had posted a free patch on the Web site to protect Windows users after it warned on July 16 about the flaw. Nearly all versions of Windows are affected.

The high-profile alerts issued by Microsoft notwithstanding, many businesses did not initially install the patches and scrambled Tuesday to shore up their computers.

"People are too laid back. Microsoft doesn't do these warnings for fun," said Cluley. "I think a lot of people have gotten into the habit of thinking viruses only come in via e-mails."

S.C. Leung, spokesman for the Hong Kong Computer Emergency Response Team Coordination Center, said some home computers crashed, possibly a side effect of the infection, also dubbed "blaster."

Individual users and small businesses appeared to be at greater risk than bigger companies, which typically have firewalls that can stem such attacks. But once such a worm gets inside a firewall, unprotected computers are vulnerable.

South Korea's Information and Communication Ministry said that about 1,900 cases of the infection were reported there.

Copyright 2003 Associated Press. All rights reserved.

This material may not be published, broadcast, rewritten or redistributed.