New Hacking Tool Hijacks File-Sharing Networks

New Scientist ^ | March 19, 2004 | Mikko Hypponen

[LaserLock]

Computer hackers have started using peer-to-peer networks to remotely take over hoards of "zombie" computers, adding yet more malicious capability to the hackers' tool-kit.

Network administrators at universities from Europe to the US recently detected the tool, a worm called Phatbot, on their machines. Phatbot is currently under analysis by the US Department of Homeland Security, in conjunction with a group of security analysts.

They say that Phatbot represents a new way for hackers to send spam and launch denial of service attacks that bring down websites by flooding them with traffic.

However, although the worm has infected millions of computers, it is not clear whether it has yet been used for these malicious purposes.

"We know that the functionality is out there - but we have no idea of knowing if it is already being used to launch attacks or send spam," says Joe Stewart of computer security services provider LURHQ in Chicago.

Virtual assembly point

LURHQ has posted an analysis of Phatbot's capabilities online. Like most stealthy computer worms, it is a piece of malicious, executable computer code posing as an innocuous program, called a Trojan Horse. It invades a computer through a security flaw in Microsoft Windows.

Once it has successfully infected a computer, it disables security programs such as firewalls and anti-virus software, scours the hard drive for email addresses that it can use for spamming and attempts to spread itself to new computers.

It also opens "backdoors" in the operating system that turn the computer into a zombie controlled remotely by the virus writer. For virus writers to issue orders to these infected computers, they need a virtual assembly point where they can talk to all the computers at once. So far the most common assembly point has been an internet chat room. "It's the logical extension of where these people already hang out," says Stewart.

Harder to shutdown

But Phatbot's victims are instead remotely controlled via a peer-to-peer (P2P) network - the same technology used by controversial file-sharing websites like Kazaa. "The only thing that attracted my attention to Phatbot is that the author is using peer-to-peer rather than Internet Relay Chat programs," explains Stewart.

This new mode of command is not necessarily more dangerous, but it could make these zombie networks more resilient. "It's not really that much more insidious but it is harder to have it shutdown, as on a peer-to-peer network there is no central point of control," says Stewart.

Mikko Hypponen, director of F-Secure, an antivirus software company based in Finland agrees. He told The Washington Post newspaper: "With these P2P Trojan networks, even if you take down half of the affected machines, the rest of the network continues to work just fine."

[steplock]

You know? I am getting SICK & TIRED of hearing the same stupid ignorant canned phrases from the "news media".

This article contains one of the favorites for the "hate-capitalist-freedoms" leftists radicals of the press:

"It invades a computer through a security flaw in Microsoft Windows"

People ... there is NO program made by any human that is 100% uncrackable!

Apple, if it were worth the trouble and expense, would have been #1 and it would have been replete with "security flaws".

I used to love breaking into UNIX machines with simple ascii commands in my "heydays"

LINUX is not much different! Many banking institutions run on Linux servers - do you REALLY want to know how many "cracks" there are for Linux? And to think, your bank is probably running on it.

I am NOT faulting any system - just those who mindlessly parrot the blabberings of even more ignorant leftist propagandists.

[steplock]

You know? I am getting SICK & TIRED of hearing the same stupid ignorant canned phrases from the "news media".

This article contains one of the favorites for the "hate-capitalist-freedoms" leftists radicals of the press:

"It invades a computer through a security flaw in Microsoft Windows"

People ... there is NO program made by any human that is 100% uncrackable!

Apple, if it were worth the trouble and expense, would have been #1 and it would have been replete with "security flaws".

I used to love breaking into UNIX machines with simple ascii commands in my "heydays"

LINUX is not much different! Many banking institutions run on Linux servers - do you REALLY want to know how many "cracks" there are for Linux? And to think, your bank is probably running on it.

I am NOT faulting any system - just those who mindlessly parrot the blabberings of even more ignorant leftist propagandists.

[steplock]

AARRGH!!! Sorry about the double post. Like I said above, there is NO human capable of being perfect!

[snooker]

"LINUX is not much different!"

Not true. You set up Linux correctly and nothing you download can execute without you allowing it to. You need to specifcally change the priveledges to execute a downloaded program or anyything. So viruses just sit, do no harm.

Linux has even more security levels if you want to apply them.

No software is flaw free. But viruses and flaws are not the same.

[decimon]

So, what do you look for to know if you're infected?

[NY.SS-Bar9]

Oozing, pus filles sores, a burning sensation.....






nevermind.

[steplock]

Right - LINUX IS SAFE --- Think again!

News Security


Report: Linux hack attacks on the rise

Mi2g has evidence of 7,630 successful attacks on Linux systems in the first six months of this year, sharply up from last year's 5,736 attacks. In the meantime, successful attacks on Windows systems running Microsoft's Internet Information Server have fallen by 20 percent from 11,828 in the first half of 2001 to 9,404 in the first half of this year.

THis particular report is not new, but I do not wish to post the specific data on the linux bank (as in money!) hacks

[tjblair]

you show your complete ignorance of computers, linux is many times more secure than windows

[Caipirabob]

AARRGH!!! Sorry about the double post. Like I said above, there is NO human capable of being perfect!

It must have happened because of a security/Posting flaw in Microsoft Windows.

<); )~

[Quix]

Agreed.

But is it

REALLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLY

SOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO

NECESSSSSSSSSSSSSARYYYYYYYYYYYYYYYYYY

FOR MICROSOFT

to TRY SOOOOOOOOOOOOOOOOOOOOOOOOOOOO
HARD

AND SOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO

PERSISTENTLY

to be about as insecure as possible

AT OUR EXPENSE?????????????????????

WITH FARRRRRRRRRRRRRRRRRRRRRRRRRRRR

TOOOOOOOO LITTLE HELP FROM THEM TO
COMBAT SUCH IDIOCY?

[TechJunkYard]

"mi2g noted that the numbers exclude attacks caused by viruses, worms and Trojan Horses."

No wonder Windows looks sooooooo much safer!

[boris]

"You need to specifcally change the priveledges to execute a downloaded program or anyything."

Duz linux have a gud spel cheker?

[decimon]

Think my stash of "Potassium Penicillin" from 1967 would still work?

[TechJunkYard]

This article contains one of the favorites for the "hate-capitalist-freedoms" leftists radicals of the press:
"It invades a computer through a security flaw in Microsoft Windows"
People ... there is NO program made by any human that is 100% uncrackable!

Phatbot scans for systems that have unpatched Windows vulnerabilities, including DCOM, DCOM2, locator service, network shares using weak passwords, WebDav, and the Windows Workstation Service. It will also attack systems already infected with the MyDoom worm.

Looks like the statement is correct, regardless of how you feel about it.

[MarkL]

Which is why it's so important to have a properly configured hardware firewall in place.

A properly configured firewall doesn't just limit incoming datagrams. It also limits what goes out. So if you do have an "infected" system, it's reported to the network administrator.

Mark

[TechJunkYard]

Which is why it's so important to have a properly configured hardware firewall in place.

But only as long as you can trust the firewall software/firmware.

Guess how many hardware firewalls use Microsoft software. Guess how many use Linux.

[steplock]

So you think that all these viruses (virii?) are all the fault of Microsoft?

You must be a lawyer then, or just another "victim" according the the leftist nanny-staters that demands ZERO defects in anything and everything so no one has to take responsibility for themselves.

Are you one of those "Hey My brakes went bad at ONLY 100,000 miles of mountain driving! SUE the bastards!" ?? Are you one of those who are demanding an auto recall costing 100's of millions of $$$ to replace a windshield wiper motor that has connection failures after ONLY 100,000 miles? Ever hear of vibration failure? I'm sure you would be the first in line with your 10 year old car demanding satisfaction because it had the audacity to wear out!

The American Capitalist Free-Enterpise system gives YOU the power and the responsibility. If you don't like a product, don't buy it. If there are no buyers, then the seller has to change or go broke.

Who forced you to buy Microsoft?


My entire point is - there IS NO 100% ZERO-TOLERANCE DEFECT FREE PRODUCT ANYWHERE created by man.

[Nick Danger]

My entire point is - there IS NO 100% ZERO-TOLERANCE DEFECT FREE PRODUCT ANYWHERE created by man.

I have done you the favor of posting your key sentence a fourth time. Can we assume that everyone has seen it now, so you don't have to post it again?

[MarkL]

Guess how many hardware firewalls use Microsoft software. Guess how many use Linux.

Read what I wrote... I specifically wrote hardware firewall.

Sure, there are a lot of firewalls that use versions of linux or bsd... Personally, I prefer IOS based firewalls, like PIX, or in a Novell environment, BorderManager. Although there have been a few security issues in PIX over the years, it's pretty solid, and when ever a vulnerability has been found, Cisco fixes it very quickly. Same with Novell. Very responsive to security flaws and exploits.

Mark