Posted on 08/22/2005 10:47:38 AM PDT by ShadowAce
In the early days of computer attacks, when bright teens could bring down corporate systems, the point was often to trumpet a hacker's success. No longer.
In today's murky world of digital viruses, worms, and Trojan horses, the idea is to stay quiet and use hijacked computers to flood the Internet with spam, spread destructive viruses, or disgorge e-mail to choke corporate systems. Not only can networks of these compromised computers be leased or sold, experts say, they are becoming more valuable as the number of vulnerable computers slowly shrinks.
That's a major reason that turf wars are emerging among hackers. Besides infiltrating computer systems, the viruses are now also designed to kill any other competing viruses in those systems. These skirmishes have gone on - quietly - for several years. Last week, for the second time in a little over a year, they exploded into public view. A worm dubbed Zotob infected computers at major media outlets, industrial companies, and San Francisco International Airport.
Three days after a Finnish computer-security firm discovered Zotob on Aug. 14, seven variations were on the loose. Five of them were designed to delete the initial worms that may have burrowed through the vulnerable spot in Windows 2000 first.
"We've been seeing an increase in these kinds of battles, especially in the last three years," says Tom Liston, an Internet security consultant with Intelguardians Network Intelligence, in Washington. "We're likely to see more."
Often the battles involve "proof of concept" hacker software, says Curtis Franklin Jr., a senior technical editor with Secure Enterprise Magazine. The programs' writers use it to test new techniques, so the viruses carry no "payloads" that can harm a computer system.
But they can backfire. Indeed, last week's outbreak may be a case where the hackers "didn't expect this to be quite as virulent as it was," says Mr. Liston. "You had this thing taking off inside a network, and all these machines were pounding on each other trying to compromise each other."
It's not the first time. In the spring of 2004, it was dueling viruses Bagel, Netsky, and Mydoom, notes Mikko Hyppönen, director of antivirus research for F-Secure Corporation in Helsinki.
The trio went through several variations. Later versions included taunts to writers of the other viruses, adds Peter Reiher, a computer science professor at the University of Southern California at Los Angeles.
"Years ago, people just wanted access to a machine or to do something they could brag about," says Dr. Reiher. This led to one-upmanship among hackers. Indeed, he says, even last year's virus wars may have been more about bragging rights than control over infected machines. "But it's clear now that there is some of the more serious activity going on as well."
One of the noteworthy aspects of this latest outbreak was the speed with which Zotob appeared after Microsoft announced it had developed a fix for the vulnerability Zotob was written to exploit. While not the fastest piece of hacker software - or "malware" - to hit the streets, its six-day gestation period beat the current average. "In the last 24 months, the average has gone from 21 days to eight days, and it's continuing to trend downward," Mr. Franklin says.
One reason behind the increased speed: Malware writers appear to be using prewritten program "shells" into which they can stuff code tailored to the newest vulnerability, experts say. Meanwhile, corporate network managers sometimes have to negotiate with other parts of the corporation before they can speed up the process of plugging software gaps.
The biggest concern is over what security specialists call "zero-day exploits," when malware hits the Internet the same day that the fix for the vulnerability is announced.
Zotob's rise and fall highlights what many see as an increasing ethical dimension to keep a clean machine, Franklin adds. The viruses of yesteryear, "where something would get on your system and blow away your boot sector just doesn't happen that much anymore." Today, the various forms of malware "are all converging in what they do. It's either looking to use your system without your knowledge to do something against other systems, or it's trying to collect information on you and combine it with information from other people" for use in fraud or identify theft schemes.
An unprotected computer running Windows XP experiences an average "survival" time of 26 minutes on the Internet before hackers identify it as vulnerable, according to the SANS Institute, a cooperative Internet security organization.
A customer once asked me how best to protect their computer system from hackers. I recommended that they don't connect the machine to the internet, unplug it when they weren't using it, and never accept floppies or CD's from friends.
Then I offered to sell them a Mac. :-) They could keep their internet access, leave it on 24/7, and insert any floppies or CD's they wanted. (Except for those mini-cd's and credit card cd's... Those were never intended to work with slot loading drive mechanisms.)
That's quite a sales pitch. :)
Your first suggestion was right the second is false hope. Every system can be hacked..
Because, with a market share measured (when measured by online activity) that has even fallen behind Linux, hackers don't have time to crack on Macs, they're after biger game.
According to the new Security Now podcast, the networks were infected by laptops connected to the network after they had been online at home or on the road. Once zotob got inside the corporate firewall, it was open season.
Shows how one poor security policy can wreck a network.
Every computer system can be hacked, but the Mac OS doesn't lend itself to unskilled, remote hacking.
Every computer system can be hacked, but the Mac OS doesn't lend itself to unskilled, remote hacking.
Hacking through a power cord????
Boy will be boys. Security is slowly getting better, but as long as we have MS Windows platform as our OS there will be attacks. If you want "almost" attack free computer, switch to Linux/Unix/Mac.
Hardly, no. But unplugged it was unlikely that someone could sit down and access their machine in person, without first knowing that the machine was unplugged.
In my experience, when people don't expect a computer to be unplugged, they don't normally check the power cord.
I'll take your word on that one, but i would think password protecting your computer would be much better alternative, even if that could be bypassed, than simply unplugging it.
When properly configured..
We had ztob get inside our trusted zone by latching itself to a laptop being used by some part-time oldtimer who never heard of a firewall. I could kill the person who gave him the IP address but that's neither here nor there. When I checked the 2000 servers, they were asking permssion for mousebm to access the internet. Mousebm appeared in regedit as a legacy mouse app. Why would a legacy mouse app want to access the internet? I refused permission, deleted the file, rebooted and it came right back. That spells worm in my dictionary. I deleted it and replaced it with a text file with the same name which I made read-only and hidden. That kept it at bay until the virus detectors could catch it.
Frankly, I don't care why Macs aren't attacked because they aren't. I'd rather be part of the 3% that uses Macs than the 95% or so that uses Windows and has to run a collection of extra software to keep their machine from being taken over every time it's plugged into the Internet.
Whatever floats your boat ..
Exactly. What I really want is choice. If, out of the available choices, you choose Windows, Linux, Mac OSX, Free BSD, or whatever, that's fine. That we have a choice is important.
Mr. Gates might not agree but, given that his corporation introduces more bugs than Fear Factor, he keeps the competition in business.
I hope I live long enough to see the competition do to Microsoft what Microsoft did to the IBM mainframe business. Being in BIG corporate IT I don't have a choice of OS's right now.
ping
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.