Asia fingered as Sapphire source

Chinese hacker group suspected...

Security experts are pointing to the Far East as the birthplace of the worm that wreaked havoc over the weekend on internet servers worldwide. The Sapphire worm - also known as Slammer and SQLExp - exploits vulnerabilities in Microsoft SQL 2000 web servers and causes increased traffic between servers. Sapphire's spread over the weekend was the largest such incident since the Code Red and Nimda worms swamped servers in 2001. Roy Ko, centre manager for the Hong Kong Computer Emergency Response Team, said: "The worm could have originated from Asia. We started to notice heavy internet traffic in Asia on Saturday afternoon before other parts of the world reported it." One company is claiming that the worm first appeared in Hong Kong, according to Ko, but that is still under investigation. Security software makers such as Trend Micro and Network Associates have not ascertained Sapphire's origins but media reports do lend some weight to Ko's deduction. According to The Washington Post, security experts who studied the worm have found references in its code to the Chinese hacking group, the Honkers Union of China. In April 2001, the faction defaced more than 80 US websites including those belonging to the Navy, Labor Department and the California Department of Energy. Winston Chai writes for CNET Asia.