Tuesday, Aug. 12, 2003 | 11:09 a.m.
STOCKHOLM, Sweden -- An Internet-borne infection incapacitated tens of thousands of computers today, snarling company networks and frustrating home users as it spread across the globe.
Security officials said the virus-like worm, dubbed "LovSan," was part of a coordinated electronic attack that exploited one of the most serious flaws yet discovered in Microsoft Corp.'s Windows operating systems.
The worm was first reported in the United States on Monday and, while appearing not to delete files or otherwise incur permanent damage, knocked many computers offline. Non-Microsoft systems were not vulnerable.
Across Asia and Europe, it struck many businesses as they opened and workers logged on, spreading without the need for user intervention.
Graham Cluley, a senior technology consultant with Sophos PLC in Britain, said his company started getting reports about the infection from Australia and then in Europe.
In Sweden, Internet provider TeliaSonera said about 20,000 of its customers were affected after the infection clogged 40 servers that handled Internet traffic. Spokeswoman Lena Rosell said customers had their service restored by late morning.
Denmark initially reported limited problems, but "the tendency is rising and we're getting more reports of attacks," said Preben Andersen, head of Denmark's official virus watchdog agency, DK CERT. "There must be at least a couple of thousand PCs infected with this worm."
Computers infected by LovSan were programmed to automatically launch an attack Saturday on windowsupdate.com, a website Microsoft uses to avail customers of software patches that can prevent such infections.
The infection was dubbed "LovSan" because of a love note left behind on vulnerable computers: "I just want to say LOVE YOU SAN!" Researchers also discovered another message hidden inside the infection that appeared to taunt Microsoft Chairman Bill Gates: "billy gates why do you make this possible? Stop making money and fix your software!"
Microsoft had posted a free patch on the website to protect Windows users after it warned on July 16 about the flaw. Nearly all versions of Windows are affected.
The high-profile alerts issued by Microsoft notwithstanding, many businesses did not initially install the patches.
"People are too laid back. Microsoft doesn't do these warnings for fun," Cluley said.
archive
