Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Hackers amass new zombie army

From: InfoSec News <isn () C4I ORG>
Date: Sun, 17 Sep 2000 01:58:50 -0500
http://www.msnbc.com/news/460824.asp?cp1=1

By Bob Sullivan
MSNBC
Sept. 15, 2000

The nations government-funded computer security watchdog issued a
warning Friday that computer intruders have taken control of hundreds
of computers connected to the Internet. The attackers are in a
position to launch a serious attack, according to the CERT
Coordination Center, which said that the situation poses a significant
threat to Internet sites and the Internet infrastructure.

COMPUTER VANDALS ARE exploiting two fairly common vulnerabilities in
Unix computer systems discovered since July. In about 100 cases since
then, intruders have used the vulnerabilities to install distributed
denial-of-service tools on machines, according to CERT Incident
Response Team Leader Kevin Houle. Those tools figured prominently in
Februarys well-publicized attacks on big-name Web sites like
Yahoo.com, Amazon.com, and CNN.com.

New reports are coming in at the rate of about two to five per day, he
said.

In one incident, we recorded over 560 hosts at 220 Internet sites
around the world as being a part of a Tribe Flood Network 2000 DDoS
network, Poule said.

Tribal Flood networks allow a single attacker to control an army of
zombie computers remotely; the bandwidth of all those computers can
then be brought to bear on a single target Web site, flooding it with
traffic and effectively shutting it down.

He added that the attackers are not merely installing the tool as a
prank, but appear ready to use it in fact, he said, in about
one-quarter of the 100 incidents, the denial-of-service tools have
already been used.

Thats the only way some of the sites know theyve been hit, he said.
They noticed it because of bandwidth suddenly being used by a machine.

Poule said he thinks there are several groups working separately to
amass a group of potential zombie computers.

Most of the compromised computers were Red Hat Linux machines running
the basic, default configuration, Poule said. Linux is one flavor of
Unix, and vulnerabilites often span the many flavors of Unix.

Detailed discussions of those flaws are available on CERTs Web site,
Vendors have patches for these vulnerabilities, and I encourage system
administrators to install them, Poule said.

CERT Advisory: http://www.cert.org/incident_notes/IN-2000-10.html

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: