* subscribe at http://techPolice.com 'Zombies' are latest hacker-snatched PCs Kathryn Balint Do you know who's been using your computer? Copyright 2001 Copley News Service Copley News Service Unbeknownst to their owners, as many as 100,000 computers are ''zombies,'' secretly implanted with programs that put them under the control of hackers. When commanded, these zombie computers launch the kind of attacks that took out Microsoft's Web site this year and crippled eBay, Yahoo! and Amazon.com last year. Until recently, mostly only university administrators had to worry their computers would be hacked and turned into zombies. But now it's happening with alarming frequency to even the average Web surfer's computer. ''Home computers are kind of ripe for the picking,'' said Internet security analyst Ian Finlay of Carnegie Mellon University's computer emergency response team. That's because an increasing number of home computers access the Internet through always-on, high-speed connections such as cable modems or digital subscriber lines, known as DSL. At the same time, home users tend to have little in the way of security. The combination makes them easy targets. ''Home computer users get their DSL or cable connection, and they don't realize what they've done is just put themselves on Main Street, Planet Earth, where people are constantly walking around knocking on doors, looking for an opening,'' said Dave Dittrich, senior security engineer for the University of Washington. Half the zombies Dittrich encounters these days are home and small-business computers with high-speed Internet connections. Until the last six months or so, hackers commandeered primarily university computers. They plant their zombie programs on machines by exploiting computers' open ports or software bugs. Like the zombies of voodoo superstition that are under the spell of a master, computer zombies are under the control of hackers. They're used to launch what are known as ''distributed denial-of-service attacks'' against government and business Web sites. On command, the computer zombies send millions of packets of useless data to a targeted Web site. The data bombards the site with so much information that it shuts out everyone else, much like a radio station contest when callers get a constant busy signal because the telephone lines are jammed. Compared to computer break-ins, in which trespassers steal bank account information or destroy hard drives, the planting of a zombie program is relatively benign. Data is uncompromised. But such intrusions are no less disturbing because they demonstrate how vulnerable the Internet is. All it takes is a few hundred desktop machines-turned-zombies to bring down the powerful computers of e-commerce and government. Imagine the chaos that 10,000 to 100,000 zombies could cause. That's how many the System Administration, Networking and Security Institute estimates are lurking out there on the Net at any given time. Carnegie Mellon's Finlay thinks there may be even more. In one case last year, he said, investigators found an army of 8,000 zombies waiting to be called into action. Their owners are usually unaware. ''Most people don't have a clue,'' said Jim Stickley, a computer security expert at Garrison Technologies' San Diego office. Unless, of course, the FBI shows up at the door. That's what happened to the owner of a home-business computer in Portland, Ore. The unsuspecting owner's computer was seized by FBI agents who said the machine had been used as a zombie in last year's high-profile siege against eBay, Yahoo! and several other online giants. But even with a zombie computer as evidence, tracking down the culprits in such denial-of-service attacks can be difficult. Most paths lead to zombie machines, not the master's. The main reason law enforcement caught up with a 16-year-old Canadian known as ''Mafiaboy'' in some of last year's e-commerce assaults was because he bragged about his shenanigans. He pleaded guilty to 56 counts in January. The FBI estimates his antics alone caused $1.7 billion in losses. That compares to $166,000 in estimated losses from denial-of-service attacks for the entire year in 1999, and $77,000 in 1998. For the past year, the Net has been battered by daily denial-of-service attacks, though most assaults aren't big enough to make headlines. If such attacks are on the rise, so are the number of zombies. At the end of last year, computer security professionals reported an ominous increase in the number of zombies. At the same time, the FBI's National Infrastructure Protection Center warned of the potential for widespread distributed denial-of-service attacks over the New Year's holiday. What they were expecting didn't happen. Still, FBI spokeswoman Debbie Weierman said, ''The climate hasn't really changed.'' The threat is exacerbated by the fact that rogue programs with names like Trin00, Tribal Flood Network and Stacheldraht (German for ''barbed wire''), are created specifically to launch denial-of-service attacks. They can be downloaded from the Net, and every couple months or so, new and improved versions come out. In March, the FBI's protection center reported the sighting of a new denial-of-service tool, a ''worm'' named Lion. As if it isn't already easy enough to become a cybervandal, other programs automate the task of ferreting out computers that can be exploited as zombies. As many as 65,000 machines can be scanned at a time in search of open ports, software that hasn't been patched and other ways in. With such tools, even the most mindless of ''script kiddies'' hackers without any knowledge of computer programming can manage to mobilize a force of zombies and wage war on the Web. ''The problem right now is it doesn't take anybody too bright to be using these programs,'' said Tracy Hulver, a manager for security software maker Network Associates. There's evidence that lots of strangers most likely people with malicious intentions are out there on the Net ''rattling doorknobs,'' looking for weaknesses: the typical home computer with high-speed Internet access is scanned between five and 25 times a day, the Security Institute says. Even if a distributed denial-of-service attack is imminent, there isn't much the victim can do to stop it. That's because the barrage of bogus data sent by the zombie computers looks like legitimate Internet traffic to the victim computer. ''It's a pretty big problem, and it's really hard to solve,'' Finlay said. A few start-up companies are scrambling to bring to market technology that can defend against a distributed denial-of-service attack. Until then, it's up to computer users to fend off an invasion of the zombies by securing their machines with firewalls, which keep out intruders; anti-virus software and patches that plug vulnerabilities in programs. Dittrich, the University of Washington security engineer, said many zombies could have been prevented if computer owners had kept their software up-to-date. But many don't bother. ''A lot of home users look at their home computers the same way they do a toaster or an oven,'' Dittrich said. ''They just think you buy it, plug it in and use it. They don't look at it like a car, where you have to do maintenance.'' ÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÐhy should you get a NextCard? It's simple. NextCard Visa will tailor an offer specifically for you in only 30 seconds! Rates as low as 2.99% Intro or 9.99% Ongoing APR. Apply Now! http://click.topica.com/caaabQEb1dhr0b1uN1If/NextCard ÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝ== --via http://techPolice.com archive: http://theMezz.com/cybercrime/archive subscribe: [EMAIL PROTECTED] --via http://theMezz.com ==^================================================================ EASY UNSUBSCRIBE click here: http://topica.com/u/?b1dhr0.b1uN1I Or send an email To: [EMAIL PROTECTED] This email was sent to: archive@jab.org T O P I C A -- Learn More. Surf Less. Newsletters, Tips and Discussions on Topics You Choose. http://www.topica.com/partner/tag01 ==^================================================================
