Internet worm infects state's big businesses

The latest Internet worm struck Washington state's leading businesses, disrupting thousands of Washington Mutual Inc. automated teller machines, infecting The Boeing Co. and even invading Microsoft Corp.'s own operations.

Around Seattle, the worm created some of the greatest problems and consumer headaches yesterday at Washington Mutual, where customers were unable to pay certain bills online, transfer funds over the telephone or even withdraw cash from bank machines.

Even Microsoft, which created the infiltrated software and a subsequent patch to thwart the virus, found itself under attack, as the so-called Slammer worm burrowed into some of its servers.

Consumers likely felt the greatest pinch at financial institutions. Nationwide, up to 2,000 Washington Mutual ATMs were affected at any one time, bank spokeswoman Libby Hutchinson said yesterday.

On Queen Anne Hill, one ATM screen stated: "Sorry, I'm out of commission right now."

The savings and loan said it hoped to have its services fully operational this morning, adding that it concluded the worm didn't violate private customer data. Yesterday, customers were able to visit branches to get cash and perform other banking transactions, Hutchinson said.

"The worm virus was found, isolated and removed," the Seattle-based institution said in a statement yesterday evening, adding the company was "working to have the network to full capacity as quickly as possible."

Washington Mutual was far from alone, as the attack crippled some sensitive corporate and government systems far more seriously than many experts believed possible. Pillars of the financial community, such as American Express Co. and Bank of America Corp., also faced problems.

Not all banks suffered, however. KeyBank and Wells Fargo & Co. were among the financial institutions that reported no problems

In Bellevue, up-to-date computer software usually makes emergency dispatchers quick on response and on reporting incidents on the Eastside, but, as a result of infection by the virus, the communications center personnel had to log information by hand, according to Marcia Harnden, Bellevue police spokeswoman.

The virus attacked the emergency communications system in Bellevue Friday night and continued to slow computer operations until Saturday afternoon. Dispatchers who take emergency calls for Bellevue police and Eastside fire departments are trained to operate without computers in case of a major catastrophe or power outage.

A few miles away on the Microsoft campus in Redmond, some administrators had not applied the company's own security patch, while other servers designed to test security patches were exposed.

"If you have SQL servers that are non-essential, please shut down the MSSQLSERVER service as well as SQL Agent . . . so that we can eliminate nonessential noise/traffic on the network," an internal Microsoft e-mail said Saturday. "Your urgent assistance is required."

Despite the urgency of the message, most Microsoft employees didn't notice the disruption, according to Rick Miller, a Microsoft spokesman.

"We're pretty much up to full speed at this point," Miller said yesterday evening. Though the company had not finished installing the patches, "the effect is significantly minimized," he said.

Across the nation, consumers ran into more obvious problems Saturday and Sunday.

American Express Co. confirmed that customers couldn't reach its Web site to check credit statements and account balances during parts of the weekend.

The attack prevented many customers of Bank of America, one of the largest U.S. banks, and some large Canadian banks from withdrawing money from ATMs Saturday.

Bank of America was largely back to normal by Saturday evening, according to Rich Brown, a bank spokesman in Portland, Ore.

At Countrywide Financial Corp., customers struggled when they tried to use its online site and certain phone services. The mortgage bank expected to completely restore customer access by last night, according to Countrywide spokesman Rick Simon.

Countrywide Financial Corp., Washington Mutual and others were hit by a virus-like attack, alternately dubbed "Slammer" or "Sapphire," that sought vulnerable computers to infect by using a known flaw in popular database software from Microsoft called SQL Server 2000. Microsoft said it has sold 1 million copies of the software.

The global congestion from the Internet attack eased over the weekend and was largely cleared by Monday.

Before the attack passed, the state's largest private employer, Boeing, ran into problems. Saturday morning, Boeing scrambled its computing virus team after detecting the Slammer virus.

The company had major programs running by Saturday afternoon and "the virus didn't really affect much of the company," Boeing spokesman Bob Jorgensen said yesterday.

Critical airplane delivery schedules were not interrupted, Jorgensen added.

Boeing actually began testing a fix for an attack last fall, when Microsoft upgraded a bulletin on the problem from non-critical to critical, according to Jorgensen.

"We then go though a testing to make sure it is going to work effectively with our application," Jorgensen said.

P-I reporter Paul Nyhan can be reached at 206-448-8145 or paulnyhan@seattlepi.com This report includes information from P-I reporters Candace Heckman, Christine Frey and The Associated Press.

Add P-I Business headlines to