Out-Law News 1 min. read
07 Feb 2003, 12:00 am
The People's Solidarity for Participatory Democracy (PSPD) is reported to be considering a class-action lawsuit against Microsoft, claiming that the software giant "did not perform its duty to the fullest" to prevent the spreading of the attack.
The group reportedly plans to rely on a South Korean law on product liability, under which a manufacturer is responsible for physical and property damage caused by defective products.
Unlike typical viruses which spread via e-mail, the worm, known as 'Sapphire' or 'SQL Slammer', spread via network connections. The worm attached to servers through a bug in Microsoft's SQL Server.
Once a server was infected, multiple data requests were randomly transmitted to other internet addresses, effectively performing a denial of service attack.
The worm apparently infected hundreds of thousands of computers and caused a sharp slowdown in internet traffic for almost two days in January 2003.
The impact of this was greatest in South Korea, where more than 70% of households are connected to the internet and broadband services are widely used. ISPs were forced to suspend their services and saw their share prices decline sharply as a result.
Following the discovery of the SQL Server bug last July, Microsoft issued a warning to network administrators about the potential security risks and released a patch to fix the problem. It appears, however, that many businesses did not install the patch promptly, thus facilitating the attack.