A computer virus attacked and shut down the nation's broadband and mobile Internet services on Saturday from 2 p.m. until an hour before midnight.
The virus is called SQL Slammer, because it attacks the Microsoft SQL Server 2000 software used on Korean systems.
The attack was the most disastrous since Code Red Worm, which attacked unpatched Microsoft servers in 2001 and hit more than 700,000 computers before investigators could trace its origin, an expert at Ahnlab Inc., a local software security company, said.
The SQL Slammer does not appear to affect files stored on computers. Instead, it causes trouble by replicating quickly and sending queries across computer lines for more vulnerable computers, experts said.
The computer shutdown started from a telephone station in Hyehwa, northern Seoul, operated by the largest Internet service provider, KT Corp. The Hyehwa station is an international port, by which domain name servers connect local Internet service users to foreign Web sites.
Saturday afternoon, a huge amount of data flowed into servers in the Hyehwa station, an official at KT Corp. said. The company immediately opened domain name servers in another station, which was also attacked by the virus with the overloaded data in a chain reaction.
The worm quickly spread across other Internet service providers, such as Hanaro Telecom Inc. and Korea Thrunet Co. Mobile Internet service carriers including SK Telecom Co., KT Freetel and LG Telecom Ltd. were paralyzed by the increased traffic.
Internet shopping malls, most of which are operated by the MS SQL server, were attacked severely, and many online shoppers had a hard time dealing with the system failure because of the heavy shopping demand with the Lunar New Year holiday a week away, an official at CJ Home Shopping Co. said.
"Sales have dropped by 30 percent and a lot of customers called the company, complaining of bad access and said they would cancel purchases," an official at another online shopping company, Interpark Corp., said. "The company is considering filing a lawsuit against the Internet service provider, as we had tremendous losses from this worm virus."
Travel agencies and ticket reservation companies said that many customers were inconvenienced because they could not track or cancel tickets they had reserved online.
A lot of people trying to access online services found that they were unable to surf Web sites. Many students said it was practically impossible to study online, search for information or send and receive e-mail. Also, instant messengers, which this month boasted that their membership passed 5 million were inaccessible.
The Korea Information Society Development Institute, an agency of the Ministry of Information and Communication, said that Koreans spend more than 20 percent of their daily lives using Internet services.
"I was isolated from the entire world and the computer shutdown was more annoying than power failure or suspension of water supply," a local computer user said.
The computer shutdown did not affect financial institutions, however, because online securities transactions are not operated on weekends.
Services returned late Saturday evening, but many online users are still complaining of slow speed.
Experts asserted that the service could have been restored sooner if Internet service providers had figured out the cause of the attack more quickly. They said that computer system operators did nothing but wait for domain servers to recover. Later, computer security companies announced that the shutdown had been caused by a virus, but the worm by then had infected all the computers in the country for seven hours.
The Ministry of Information and Communication issued urgent public guidelines, advising all Internet users and service firms using Windows NT, Windows 2000 and Windows XP programs to download a free-patch available on Microsoft Corp.'s Web Site.
It is possible that the worm could make a second strike this week, Lee Sang-chul, the minister of information and communication, said during an emergency meeting with the press and computer experts yesterday. Both online users and companies are required to follow the ministry's guidelines, Mr. Lee said.
The attack was reportedly more damaging in Korea than elsewhere, because Korea is one of the most highly wired countries, Mr. Lee pointed out. Also, only three stations are operated by domain name servers; in other countries, including the United States, large numbers of stations prevent an overload of traffic. The number of companies and people with Windows 2000 or Windows XP operating systems is higher in Korea than in other countries, Mr. Lee said.
"The worm could have come from hackers in the United States, but the ministry is still investigating the origin without ruling out the possibility that a local hacker might have spread the virus," a ministry official said. "The Korean police will launch a joint investigation with international police."
"Other countries were attacked by the same virus," a local online user said. "How come Korea, the world's most developed information technology country, had the most serious damage, which could be prevented by installing and updating a patch program?"
by Kim Jong-yoon