Virus attacks holes in Windows, affects 10,000 computers

An Internet virus that exploits security holes in the Windows operating system entered Korea yesterday, affecting an estimated 10,000 computers. As of 5 p.m. yesterday, about 2,000 infections were reported to the government authorities and anti-virus firms. But the real afflictions usually amount to five to 10 times what is reported; thus at least 10,000 computers seemed to have been affected by the worm, said an official from Ahnlab, Inc., an anti-virus company. Named Blaster.worm. 6176, the virus spreads by taking advantage of vulnerability in the Remote Procedure Call feature in Windows XP, Windows 2000 and Windows NT operating systems. Remote Procedure Call allows a computer to remotely access other computers. Ahnlab and government information security agencies warned in late July that an attack code that exploits the recently discovered hole in the Windows operating system was released in China on July 25, and an upgraded version the next day, presumably from the United States. An attacker can get control of other systems and cause damage, such as deleting data, according to Ahnlab. While the Slammer worm virus that caused mayhem in Korea on Jan. 25, nearly shutting down nationwide Internet access, has only a limited effect on SQL servers, the Blaster has a wider field of potential victims, since it attacks computers that operate on the three Windows programs, Ahnlab said. Most of the Korean victims were small to medium-sized computers that are relatively less prepared for such virus attacks. But some large corporations reported infections on computers of some of their workers as well. Infected computers also will launch “denial of service” attacks on Microsoft’s windowsupdate. com site every day from Aug. 16 to Dec. 31, the ministry warned. To prevent damage, users must download patch files from www.microsoft.com, or anti-virus firms, such as www.ahnlab.com. by Kim Hyo-jin