By Kim Deok-hyun
Staff Reporter

After four days of the most serious worm attack on the Internet, almost all Internet operations have returned to normal, the Ministry of Information and Communication said yesterday.

``As of 3 p.m. Tuesday, the volume of Internet traffic was decreasing significantly,’’ head of the ministry’s information planning department Kim Chang-gon said.

``So far today, most Internet operations have returned to normal,’’ Kim said in a press briefing.

He said the scope of the January 25 Internet attack was limited because it took place over the weekend, when most businesses were closed.

Kim added more than 200 of the country’s 50,000 registered SQL servers were infected by the highly-contagious worm, which paralyzed nearly all Internet connections from Saturday afternoon.

He said KT’s Internet network showed abnormal traffic until Tuesday morning because it controls more than half of the country’s Internet data transmissions.

Contrary to the government’s announcement, computer security companies are continuing to warn against the possibility of a further Internet attack. Local anti-virus company Ahnlab.com said that desktop computers may be affected by the ``Slammer’’ worm.

Its rival Hauri also claimed that personal computer users are likely to be harmed by the worm, triggering a huge volume of transmissions flowing into systems via local area networks.

Experts said tens of thousands of unregistered SQL server users are expected to cause added trouble if a similar attack occurs.

Some professionals said ``Slammer’’ could be a test worm, preparing for a bigger cyber-assault in the future.

Dubbed ``Sapphire’’ or ``Slammer,’’ which is similar to ``Code Red,’’ the most infamous computer worm to have bogged down the Internet, the new Internet worm damages computer servers that run on Microsoft’s SQL software, a Web server application.

The Internet attack appeared to strike first in the U.S. and spread quickly, hitting South Korea especially hard over the weekend.

Almost all Internet users were unable to gain access to the Internet from around 2 p.m. Saturday for eight hours, but most systems were restored by Sunday morning.

The ``Slammer’’ worm targeted a widely known flaw in Microsoft’s SQL server software, sending a huge volume of data randomly. The traffic caused information networking disruptions at Internet service providers, paralyzing online shopping malls and Internet banking services.

Kim said the government is investigating whether Microsoft’s other applications may be exposed to infection by the ``Slammer’’ worm.


kdh@koreatimes.co.kr