^macro[html_start;More Net Attacks Loom;More Net Attacks Loom;More, Net, Attacks, Loom, crimes, information, technologies] ^macro[pagehead;img/library.gif] ^macro[leftcol] ^macro[centercol;


More Net Attacks Loom

(By Dennis Fisher)

The recent rash of Internet worms has produced an army of hundreds of thousands of compromised machines that could ultimately be used to launch a massive distributed-denial-of-service attack at any time, according to security officials.

Officials at the CERT Coordination Center said the organization is monitoring at least five large networks of compromised machines installed with so-called bots. The bots connect compromised PCs or servers to Internet Relay Chat servers, which attackers commonly use to execute commands on the remote systems. At least one of these networks has more than 140,000 machines, officials said.

"We have seen indications that these networks are being used [for attacks]," said Marty Lindner, team leader for incident handling at the CERT center at Carnegie Mellon University, in Pittsburgh. "The potential is there for them to cause serious long-term damage."

The recent rash of Internet worms has produced an army of hundreds of thousands of compromised machines that could ultimately be used to launch a massive distributed-denial-of-service attack at any time, according to security officials.

Officials at the CERT Coordination Center said the organization is monitoring at least five large networks of compromised machines installed with so-called bots. The bots connect compromised PCs or servers to Internet Relay Chat servers, which attackers commonly use to execute commands on the remote systems. At least one of these networks has more than 140,000 machines, officials said.

"We have seen indications that these networks are being used [for attacks]," said Marty Lindner, team leader for incident handling at the CERT center at Carnegie Mellon University, in Pittsburgh. "The potential is there for them to cause serious long-term damage."

"All of these worms have done a nice job of populating the world with PCs that are easily accessible for hackers to bounce things off of," said George Bakos, senior security expert at the Institute for Security Technology Studies at Dartmouth College, in Hanover, N.H. "In the past, you needed some skill to do this."

In addition to making it easier for attackers to plan and execute their attacks, these worms have made it much more difficult for investigators and administrators to trace attacks to their sources, experts say.

Contributing to the problem is the poor overall security posture of many corporations. Lovgate, which appeared several weeks ago, and Deloder both try to spread by exploiting weak or null passwords used to protect shared network drives and folders. Networks exhibiting this lack of security are just ripe for the taking, security experts say.

"Traditionally, we've been looking at viruses and worms exploiting the application layer. But the biggest crevice you can crack is a weak user," said Mark Boroditsky, president and CEO of Passlogix Inc., a security software maker based in New York. "Behavior is a lot harder to patch than software."

Also problematic are the many affected machines belonging to home users, few of whom do any logging of the activity on their PCs. As a result, attackers can easily hide their tracks by using these anonymous computers, according to the experts.

Source: www.eweek.com



Cybercrime News Archive



] ^macro[html_end]