Washington ? The weekend attack on the Internet crippled some sensitive corporate and government systems, including banking operations and 911 centers, far more seriously than many experts believed possible.

The nation’s largest residential mortgage firm, Countrywide Financial Corp., told customers who called Monday it was still suffering from the attack. Its Web site, where customers usually can make payments and check their loans, was closed most of Monday with a note about “emergency maintenance.” Countrywide predicted it would be early today before all its computers were fully repaired and its systems validated for security, spokesman Rick Simon said.

American Express Co. confirmed that customers couldn’t reach its Web site to check credit statements and account balances during parts of the weekend. Perhaps most surprising, the attack prevented many customers of Bank of America Corp., one of the largest U.S. banks, and some large Canadian banks from withdrawing money from automatic teller machines Saturday. Bank of America has one branch in Lawrence.

The surprising disruptions shook popular perceptions that vital services were largely immune to such attacks.

President Bush’s No. 2 cyber-security adviser, Howard Schmidt, acknowledged Monday that what he called “collateral damage” stunned even experts who have warned about uncertain effects on the nation’s most important electronic systems from mass-scale Internet disruptions.

“One would not have expected a request for bandwidth would have affected the ATM network,” Schmidt said. “This is one of the things we’ve been talking about for a long time, getting a handle on interdependencies and cascading effects.”

The White House and Canadian defense officials confirmed they were investigating how the attack, which started about 11:30 p.m. CST Friday, could have affected ATM banking and other important networks that should remain immune from traditional Internet outages.

Schmidt said early reports suggested private ATM networks overlapped with parts of the public Internet. Such design decisions were criticized as “totally brain-dead” by Alex Yuriev of AOY LLC, a Philadelphia-based consulting firm for banks and telecommunications companies.

The virus-like attack, alternately dubbed “Slammer” or “Sapphire,” sought vulnerable computers to infect using a known flaw in popular database software from Microsoft Corp. called “SQL Server 2000.” Microsoft said it has sold 1 million copies of the software.

The attacking software scanned for victim computers so randomly and so aggressively that it saturated many of the Internet’s largest data pipelines, slowing e-mail and Web surfing globally.

Congestion from the Internet attack eased over the weekend and was almost completely cleared Monday. That left investigators poring over the blueprints for the Internet worm for clues about its origin and the identity of its author.

Complicating the investigation was how quickly the attack spread across the globe, making it nearly impossible for researchers to find the electronic equivalent of “patient zero,” the earliest-infected computers.