The Slammer worm -- also known as Sapphire and SQLExp -- exploits vulnerabilities in Microsoft SQL 2000 Web servers and causes increased traffic between servers. The worm started spreading at about 9:30 pm PST on Friday.
"The worm could have originated from Asia," Roy Ko, centre manager for the Hong Kong Computer Emergency Response Team, said in a email interview.
Slammer's spread over the weekend was the largest such incident since the Code Red and Nimda worms swamped servers in 2001. The attack served as a wake-up call for anyone who thought the Internet had become a safer place following increased attention by corporate and government leaders.
"We started to notice heavy Internet traffic in Asia on Saturday afternoon before other parts of the world reported it," said Ko.
A company is claiming that the worm first appeared in Hong Kong, Ko said, but that is still under investigation.
Security software makers such as Trend Micro and Network Associates have not ascertained Slammer's origins but media reports do lend some weight to Ko's deduction.
According to The Washington Post , security experts who studied the worm have found references in its code to the Chinese hacking group, the Honkers Union of China.
In April 2001, the faction defaced more than 80 US Web sites including those belonging to the Navy, Labor Department and the California Department of Energy.
While the culprits behind this online assault remain unclear, the damage in Asia is far more concrete.
South Korea appears to have taken the brunt of the damage as the region's most wired nation. Almost all of Korea Telecom's--the nation's largest Internet service provider (ISP) -- customerslost their connections during the attack.
In China, the Web sites of China Telecom, the China Science and Technology Network and the Education and Research Network came to a halt, and Japanese Internet firms reported a network slowdown, said Viren Mantri, regional engineering manager of Network Associates.
Chunghwa Telecom, Taiwan's largest ISP, said millions of Net users were unable to access its portal during the virus onslaught.
