New hacker program targets cable modems, DSL

[William Knowles <wk () C4I ORG>]

http://news.cnet.com/news/0-1003-200-2042695.html?tag=st.ne.1430735..ni

By The Associated Press
Special to CNET News.com
June 8, 2000, 4:10 p.m. PT

WASHINGTON--Hackers have embedded a malicious program disguised as a
movie clip on 2,000 commercial and home computers, positioning
themselves to launch an attack designed to shut down Web sites,
security experts told the government in an alert today.

The problem, detected by a security firm that does work for the
Justice Department, demonstrates the growing vulnerability that home
computer users face as they begin to purchase permanent, high-speed
connections to the Internet.

Without special software to protect them, Internet surfers using cable
modem and digital subscriber lines (DSL) are easy prey.

Even computers at some large computer companies were penetrated by the
hackers, according to Network Security Technologies, which alerted the
government to the problem.

"Anybody who is directly connected to the Internet through cable
modems or DSL is extremely susceptible to these back-door programs. We
have seen many, many attacks coming onto those people's machines,"
said Vincent Weafer, director of Symantec's Anti-Virus Research Center
in Cupertino, Calif.

The hackers, who used the nicknames "Serbian" and "Badman," tested
their network of infected computers last night and could launch an
attack at any time, Network Security said.

The firm said it alerted the Justice Department today about its
discovery and provided the government a list of 2,000 computers
worldwide that have been infected with the malicious program.

The security firm suspects the hackers are adding to their numbers
daily and could soon launch a major attack.

"They're gathering up their armies, and as that number increases, so
will their testosterone level," said Todd Waskelis, a vice president
at Network Security.

The Herndon, Va.-based company first learned of the hackers' plans
when the vandals tried to penetrate one of Network Security's
computers, and protective software detected it.

Network Security employees have since monitored an Internet chat room
set up by the hackers as the vandals identified victimized computers,
discussed strategies, and boasted of their work.

"When he thinks all of those clients are sleeping, one of them is
really active and watching them," Waskelis explained.

The hackers planted a file that looks like a movie clip on home and
commercial computers across the world. The file essentially turns the
infected computer into a "zombie" machine that the hackers can
control, Network Security said.

When the fake movie clip is activated, the malicious program, called
"Serbian Badman Trojan," runs without any visible clues to the user.
The program sends passwords, network details and other information to
the hackers.

Armed with that information, the hackers can then use the infected
computer as a permanent gateway to access personal and corporate files
or to launch massive denial-of-service attacks on Web sites.

In such an attack, the zombie computers can be used to send thousands
of repetitive requests, clogging a Web site's computers until they
seize up.

Hackers used a similar strategy during widespread attacks in February
that included assaults on CNN's news Web site, Yahoo and Amazon.com.

Network Security executives said they uncovered computers across the
world that were penetrated by the hackers, including in Austria,
Greece, Canada, Russia, France and the United States.

A handful of machines belonged to computer companies, such as New
Media Systems in Aurora, Colo. "It was surprising that someone called
us externally. We can't be sure how it even got here," said Grant
Stanion, a network developer at New Media, who tracked down the
malicious program on one of the company's computers after getting a
call from Network Security.

Most of the infected computers belonged to home users connected to
high-speed Internet providers, Network Security said.

Home users are especially susceptible because they do not have
up-to-date antivirus software or firewall programs that block hacker
attacks. Also, most home users have fixed Internet addresses that are
easily identified.

Network Security, founded by two alumni of the National Security
Agency and Department of Defense, provides computer emergency services
to the Justice Department.

Their office suite, located in suburban Washington, resembles an
electronic fortress. Cameras line the hallways, and most of the
company's employees aren't authorized to access secured rooms.

One room, called the "Attack Lab," resembles an abandoned office in a
university computer science department. Amid a musty smell and a few
scattered computers, firm engineers track computer vandals worldwide.

"We're all hackers, in the traditional sense of the word," Waskelis
said. "If we find something like this, we want to pick it apart and
see what it's doing."


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".