The Slammer worm--also known as Sapphire and SQLExp--vulnerabilities in Microsoft SQL 2000 Web servers and causes increased traffic between servers. The worm started spreading about 9:30 p.m. PST on Friday.
"The worm could have originated from Asia," Roy Ko, center manager for the Hong Kong Computer Emergency Response Team, said in a e-mail interview.
Slammer's spread over the weekend was the largest such incident since the Code Red and Nimda worms swamped servers in 2001. The attack served as afor anyone who thought the Internet had become a safer place following increased attention by corporate and government leaders.
"We started to notice heavy Internet traffic in Asia on Saturday afternoon before other parts of the world reported it," said Ko.
A company is claiming that the worm first appeared in Hong Kong, Ko said, but that's still under investigation.
Security software makers such as Trend Micro and Network Associates have not ascertained Sapphire's origins but media reports do lend some weight to Ko's deduction.
According to The Washington Post, security experts who studied the worm have found references in its code to the Chinese hacking group, the Honkers Union of China.
In April 2001, the faction defaced more than 80 U.S. Web sites including those belonging to the Navy, Labor Department and the California Department of Energy.
While the culprits behind this online assault remain unclear, the damage in Asia is far more concrete.
Help and How-to
How to recognize and
prevent the virus.
In China, the Web sites of China Telecom, the China Science and Technology Network and the Education and Research Network came to a halt, and Japanese Internet firms reported a network slowdown, said Viren Mantri, regional engineering manager of Network Associates.
Chunghwa Telecom, Taiwan's largest ISP, said millions of Net users were unable to access its portal during the virus onslaught.
CNETAsia's Winston Chai reported from Singapore.