Information Security News mailing list archives
New hacker program targets cable modems, DSL
From: William Knowles <wk () C4I ORG>
Date: Thu, 8 Jun 2000 16:44:16 -0500
http://news.cnet.com/news/0-1003-200-2042695.html?tag=st.ne.1430735..ni By The Associated Press Special to CNET News.com June 8, 2000, 4:10 p.m. PT WASHINGTON--Hackers have embedded a malicious program disguised as a movie clip on 2,000 commercial and home computers, positioning themselves to launch an attack designed to shut down Web sites, security experts told the government in an alert today. The problem, detected by a security firm that does work for the Justice Department, demonstrates the growing vulnerability that home computer users face as they begin to purchase permanent, high-speed connections to the Internet. Without special software to protect them, Internet surfers using cable modem and digital subscriber lines (DSL) are easy prey. Even computers at some large computer companies were penetrated by the hackers, according to Network Security Technologies, which alerted the government to the problem. "Anybody who is directly connected to the Internet through cable modems or DSL is extremely susceptible to these back-door programs. We have seen many, many attacks coming onto those people's machines," said Vincent Weafer, director of Symantec's Anti-Virus Research Center in Cupertino, Calif. The hackers, who used the nicknames "Serbian" and "Badman," tested their network of infected computers last night and could launch an attack at any time, Network Security said. The firm said it alerted the Justice Department today about its discovery and provided the government a list of 2,000 computers worldwide that have been infected with the malicious program. The security firm suspects the hackers are adding to their numbers daily and could soon launch a major attack. "They're gathering up their armies, and as that number increases, so will their testosterone level," said Todd Waskelis, a vice president at Network Security. The Herndon, Va.-based company first learned of the hackers' plans when the vandals tried to penetrate one of Network Security's computers, and protective software detected it. Network Security employees have since monitored an Internet chat room set up by the hackers as the vandals identified victimized computers, discussed strategies, and boasted of their work. "When he thinks all of those clients are sleeping, one of them is really active and watching them," Waskelis explained. The hackers planted a file that looks like a movie clip on home and commercial computers across the world. The file essentially turns the infected computer into a "zombie" machine that the hackers can control, Network Security said. When the fake movie clip is activated, the malicious program, called "Serbian Badman Trojan," runs without any visible clues to the user. The program sends passwords, network details and other information to the hackers. Armed with that information, the hackers can then use the infected computer as a permanent gateway to access personal and corporate files or to launch massive denial-of-service attacks on Web sites. In such an attack, the zombie computers can be used to send thousands of repetitive requests, clogging a Web site's computers until they seize up. Hackers used a similar strategy during widespread attacks in February that included assaults on CNN's news Web site, Yahoo and Amazon.com. Network Security executives said they uncovered computers across the world that were penetrated by the hackers, including in Austria, Greece, Canada, Russia, France and the United States. A handful of machines belonged to computer companies, such as New Media Systems in Aurora, Colo. "It was surprising that someone called us externally. We can't be sure how it even got here," said Grant Stanion, a network developer at New Media, who tracked down the malicious program on one of the company's computers after getting a call from Network Security. Most of the infected computers belonged to home users connected to high-speed Internet providers, Network Security said. Home users are especially susceptible because they do not have up-to-date antivirus software or firewall programs that block hacker attacks. Also, most home users have fixed Internet addresses that are easily identified. Network Security, founded by two alumni of the National Security Agency and Department of Defense, provides computer emergency services to the Justice Department. Their office suite, located in suburban Washington, resembles an electronic fortress. Cameras line the hallways, and most of the company's employees aren't authorized to access secured rooms. One room, called the "Attack Lab," resembles an abandoned office in a university computer science department. Amid a musty smell and a few scattered computers, firm engineers track computer vandals worldwide. "We're all hackers, in the traditional sense of the word," Waskelis said. "If we find something like this, we want to pick it apart and see what it's doing." *-------------------------------------------------* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen. Alfred. M. Gray, USMC --------------------------------------------------- C4I Secure Solutions http://www.c4i.org *-------------------------------------------------* ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- New hacker program targets cable modems, DSL William Knowles (Jun 08)