Language Selection

English French German Italian Portuguese Spanish

Computer viruses become hacker informants

Filed under
Security

An emerging breed of computer virus that keeps hackers informed about the latest weaknesses in computer networks has been discovered by security experts.

The viruses infect a computer network, scan for security vulnerabilities and then report back to hackers through an internet chatroom.

Armies of computers infected with "bot" viruses are routinely controlled via a chatroom connection. Typically these machines are used to knock a website offline with a "denial of service attack" or as a conduit for sending out spam email.

However, the ability of some bots to scan their hosts for unpatched security holes and report their findings back to hackers has gone largely unnoticed until now.

The emerging class of malware or malicious software - known as vulnerability assessment worms - "phone home" to allow hackers to fine-tune further attacks or perhaps even target an individual PC within a network.

This pernicious form of program is just one of a growing number of new viruses identified each month, says computer security expert Bruce Schneier.

"The virus trend doesn't look good," Schneier writes in the June 2005 edition of the Association for Computing Machinery journal, Queue. "More than a thousand new worms and viruses were discovered in the last six months alone."

Schneier cites the worm SpyBot.KEG, discovered in February 2005, as one of those in the vanguard of the vulnerability assessment worms. It reports the nature of vulnerabilities back to its author via an Internet Relay Chat (IRC) channel - a type of online chatroom.

Schneier expects newer IRC worms to emerge with even more complex vulnerability-exploiting behaviours. And he expects to see peer-to-peer file-trading networks becoming a major launch pad for new viruses.

Schneier's firm, California-based Counterpane Internet Security, monitors more than 400 corporate networks around the world and defends these against attack.

Kevin Hogan, senior manager at Symantec's Security Response division in Dublin, Ireland, says that the volume of new viruses is so vast because the source code for many programs is posted online, allowing anyone to make their own variant.

"As soon as a new vulnerability is apparent in a server, someone can modify a bot to exploit it," Hogan says. "So the bot tells the hacker which machines on a network are vulnerable and it can be ordered to attack a host PC or a whole set of hosts, turning them into spam relays perhaps, or harvesting credit card numbers from their hard drives."

Hogan says that good firewall defences will prevent hackers from communicating with bots. And he says IRC has proved the downfall of many a botnet operator. Once the genuine IP address of the IRC channel host is known, tracking the hacker is not too difficult. "IRC is how they work, but it's also the Achilles heel of the botnet," he says.

Source.

More in Tux Machines

Red Hat and Fedora Leftovers

Devices: Beelink S1 Mini PC, Aaeon’s SBC, Kobo and LEDE

  • Beelink S1 Mini PC and Linux – Comedy Gold
    The Beelink S1 is a small, silent mini PC released in August 2017 retailing for around 300 dollars (250 euros). It’s produced by Shenzhen AZW Technology Co Ltd, a Chinese company that focuses on Android smart TV boxes, Intel mini PCs, and home cloud TV boxes. The S1 ships with an activated copy of Windows 10. But what makes this mini PC interesting? For starters, it purports to run Ubuntu. Combined with a quad core Celeron CPU, dual monitor support (HDMI and VGA), 4K video, expansion options, together with a raft of other features, the machine looks a mouthwatering prospect compared to many other mini PCs.
  • Kaby Lake Pico-ITX SBC features dual M.2 slots
    Aaeon’s “PICO-KBU1” SBC is built on Intel 7th Gen U-series CPUs with up to 16GB DDR4, dual GbE ports, and M.2 B-key and E-Key expansion. The PICO-KBU1 SBC is equipped with Intel’s dual-core, 15W TDP 7th Gen U-series CPUs from the latest Kaby Lake generation. Other 100 x 72mm Pico-ITX boards that run Kaby Lake U-Series processors include Axiomtek’s PICO512. As usual with Aaeon, no OS support is listed.
  • Kobo firmware 4.6.9995 mega update (KSM, nickel patch, ssh, fonts)
    It has been ages that I haven’t updated the MegaUpdate package for Kobo. Now that a new and seemingly rather bug-free and quick firmware release (4.6.9995) has been released, I finally took the time to update the whole package to the latest releases of all the included items. The update includes all my favorite patches and features: Kobo Start Menu, koreader, coolreader, pbchess, ssh access, custom dictionaries, and some side-loaded fonts.
  • LEDE v17.01.4 service release
    Version 17.01.4 of the LEDE router distribution is available with a number of important fixes. "While this release includes fixes for the bugs in the WPA Protocol disclosed earlier this week, these fixes do not fix the problem on the client-side. You still need to update all your client devices. As some client devices might never receive an update, an optional AP-side workaround was introduced in hostapd to complicate these attacks, slowing them down."

Samsung Leftovers

OSS Leftovers

  • FOSDEM 2018 Real-Time Communications Call for Participation
  • Top Bank, Legal and Software Industry Executives to Keynote at the Open Source Strategy Forum
  • Copyleft is Dead. Long live Copyleft!
    As you may have noticed, we recently re-licensed mgmt from the AGPL (Affero General Public License) to the regular GPL. This is a post explaining the decision and which hopefully includes some insights at the intersection of technology and legal issues.
  • Crowdsourcing the way to a more flexible strategic plan
    Trust the community. Opening a feedback platform to anyone on campus seems risky, but in hindsight I'd do it again in a heartbeat. The responses we received were very constructive; in fact, I rarely received negative and unproductive remarks. When people learned about our honest efforts at improving the community, they responded with kindness and support. By giving the community a voice—by really democratizing the effort—we achieved a surprising amount of campus-wide buy-in in a short period of time. Transparency is best. By keeping as many of our efforts as public as possible, we demonstrated that we were truly listening to our customers and understanding the effects of the outdated technology policies and decisions that were keeping them from doing their best work. I've always been a proponent of the idea that everyone is an agent of innovation; we just needed a tool that allowed everyone to make suggestions. Iterate, iterate, iterate. Crowdsourcing our first-year IT initiatives helped us create the most flexible and customer-centric plan we possibly could. The pressure to move quickly and lay down a comprehensive strategic plan is very real; however, by delaying that work and focusing on the evolving set of data flowing from our community, we were actually able to better demonstrate our commitment to our customers. That helped us build critical reputational capital, which paid off when we did eventually present a long-term strategic plan—because people already knew we could achieve results. It also helped us recruit strong allies and learn who we could trust to advance more complicated initiatives.
  • Reform is a DIY, modular, portable computer (work in progress)
    Want a fully functional laptop that works out of the box? There are plenty to choose from. Want a model that you can upgrade? That’s a bit tougher to find: some modern laptops don’t even let you replace the RAM. Then there’s the Reform. It’s a new DIY, modular laptop that’s designed to be easy to upgrade and modify. The CAD designs will even be available if you want to 3D print your own parts rather than buying a kit. You can’t buy a Reform computer yet. But developer Lukas Hartmann and designer Ana Dantes have developed a prototype and are soliciting feedback on the concept.
  • New neural network teaches itself Go, spanks the pros
    While artificial intelligence software has made huge strides recently, in many cases, it has only been automating things that humans already do well. If you want an AI to identify the Higgs boson in a spray of particles, for example, you have to train it on collisions that humans have already identified as containing a Higgs. If you want it to identify pictures of cats, you have to train it on a database of photos in which the cats have already been identified.