By Clarence Fernandez
SINGAPORE (Reuters) - From Korean housewives unable to order nappies online to government departments forced to shut down computers, Asia is grappling to contain spreading varieties of a computer "worm" that threatens to explode over the weekend.
Authorities in Hong Kong, South Korea and Australia fear new strains of the malicious Blaster program are working their way through cyberspace, and could be more harmful than the original.
The worm causes a computer to crash and infects other computers on the Web. Experts say other forms may lie dormant inside some computers, programmed to burst into life on Saturday.
The worm, also called MSBlaster or LoveSan, infected office and home computers in the United States on Monday and quickly spread around the world, taking advantage of a security hole discovered last month in Microsoft Corp’s Windows 2000, Windows XP, Windows NT and Windows Server 2003 operating systems.
Advertisement starts
Advertisement ends
Patches for the hole, except for Windows NT 4.0, which the company no longer supports, were put online by Microsoft at its Web site (http://www.microsoft.com).
At least 230,000 computers were infected by Blaster, according to a sample by anti-virus vendor Symantec Corp, while Moscow-based anti-virus provider Kaspersky Labs put the number closer to 300,000.
In Seoul, where officials said two variants of the worm had been reported, a mother complained of being unable to buy diapers for her toddler online.
"It’s very annoying because I have to reset everything," she said. "The problem is not that easy because I’m having difficulty downloading the patch because of a disrupted connection."
South Korea, which reported about 8,000 infections, has the world’s highest number of rapid broadband Internet connections per person. It also has 15 million PCs that run Windows operating systems.
SATURDAY TIMEBOMB
The rate of reported cases dropped as of Wednesday afternoon, said Han Myoung-gok, marketing director at Web security firm Hauri, but there would be no let-up in vigilance.
"Yet another variation was released today and so things remain tense. We’re not relaxing yet," he said.
Besides spreading and crashing machines, the MSBlaster worm leaves instructions for the infected computer to launch a so-called denial of service attack this Saturday against Microsoft’s Web site, from where people can download patches.
Saturday will mark one month since Microsoft issued the patch for the security hole the worm uses to wiggle onto computers.
In Hong Kong, 200 cases were reported, mostly by home users, though the worm hit three government departments and some firms.
"We are concerned that newer variants will be written by other virus writers that will be harder to detect and thus cause more damage," said Addie Luk, general manager at computer security expert Trend Micro in the Chinese territory.
"We could experience a second wave of infection in the coming weeks that may be even more damaging than the first, if companies do not patch their systems."
Officials in China were scrambling to assess the damage.
"It’s difficult to add up how many computers were attacked or the damage it caused," an engineer surnamed Wang at the National Computer Virus Emergency Response Centre in the northern city of Tianjin told Reuters.
Japan has found 421 corporate cases of MSBlaster so far, some with several hundred infected computers, said spokeswoman Miyuki Akiyama of Tokyo-based Trend Micro.
"This is the fastest spreading virus since ’Nimda’," said Akiyama, referring to a devastating virus attack in 2001 that shut down corporate systems and gobbled up bandwidth.
But many companies shut for the summer "Obon" holidays may only discover infected computers when work resumes on Monday.
Japan’s National Police Agency vowed to monitor its Internet connections closely after the virus tried to access its system 10,000 times in a 24-hour period between Tuesday and Wednesday.
In Singapore, Internet service provider StarHub Online reported a drop-off in calls from customers seeking help.
Security experts in Australia said the emergency seemed to have peaked, but the danger was not yet past.
The worm slowed some firms’ networks but no overall impact on Internet traffic was detected.
"Corporate America is safe from this one," said David Perry of Trend Micro. "This is spreading now among end-users."
Even though the worm continued spreading on Wednesday, new infections appeared to have fallen by half from the previous day, said Alfred Huger, a senior director of engineering at Symantec.
However, the worm was listed by Trend Micro as the second most common virus on computers in Asia, No.5 in North America and No.8 in Europe.
