Language Selection

English French German Italian Portuguese Spanish

Computer viruses become hacker informants

Filed under

An emerging breed of computer virus that keeps hackers informed about the latest weaknesses in computer networks has been discovered by security experts.

The viruses infect a computer network, scan for security vulnerabilities and then report back to hackers through an internet chatroom.

Armies of computers infected with "bot" viruses are routinely controlled via a chatroom connection. Typically these machines are used to knock a website offline with a "denial of service attack" or as a conduit for sending out spam email.

However, the ability of some bots to scan their hosts for unpatched security holes and report their findings back to hackers has gone largely unnoticed until now.

The emerging class of malware or malicious software - known as vulnerability assessment worms - "phone home" to allow hackers to fine-tune further attacks or perhaps even target an individual PC within a network.

This pernicious form of program is just one of a growing number of new viruses identified each month, says computer security expert Bruce Schneier.

"The virus trend doesn't look good," Schneier writes in the June 2005 edition of the Association for Computing Machinery journal, Queue. "More than a thousand new worms and viruses were discovered in the last six months alone."

Schneier cites the worm SpyBot.KEG, discovered in February 2005, as one of those in the vanguard of the vulnerability assessment worms. It reports the nature of vulnerabilities back to its author via an Internet Relay Chat (IRC) channel - a type of online chatroom.

Schneier expects newer IRC worms to emerge with even more complex vulnerability-exploiting behaviours. And he expects to see peer-to-peer file-trading networks becoming a major launch pad for new viruses.

Schneier's firm, California-based Counterpane Internet Security, monitors more than 400 corporate networks around the world and defends these against attack.

Kevin Hogan, senior manager at Symantec's Security Response division in Dublin, Ireland, says that the volume of new viruses is so vast because the source code for many programs is posted online, allowing anyone to make their own variant.

"As soon as a new vulnerability is apparent in a server, someone can modify a bot to exploit it," Hogan says. "So the bot tells the hacker which machines on a network are vulnerable and it can be ordered to attack a host PC or a whole set of hosts, turning them into spam relays perhaps, or harvesting credit card numbers from their hard drives."

Hogan says that good firewall defences will prevent hackers from communicating with bots. And he says IRC has proved the downfall of many a botnet operator. Once the genuine IP address of the IRC channel host is known, tracking the hacker is not too difficult. "IRC is how they work, but it's also the Achilles heel of the botnet," he says.


More in Tux Machines

today's howtos

Leftovers: Software

  • MPlayer 1.2 released
    Mplayer 1.2 is compatible with the recent FFmpeg 2.8 release. The tarball already includes a copy of FFmpeg, so you don't need to fetch it separately.
  • MPlayer 1.2 Released
    It's been three years since the release of MPlayer 1.1 while surprisingly this weekend MPlayer 1.2 was released.
  • Lightworks: A Professional Video Editor Available for Ubuntu/Linux Mint/Fedora
    Lightworks is a professional video editor which is the fastest, most accessible and focused on Non-Linear Editing (NLE) software, the initial release of Lightworks was in 1989; 26 years ago. It support all resolutions available to public up to 4K as well as video in SD and HD formats. Lightworks has the widest support available for formats currently available in a professional NLE. MXF, Quicktime and AVI containers, with every professional format you can think of: ProRes, Avid DNxHD, AVC-Intra, DVCPRO HD, RED R3D, DPX, H.264, XDCAM EX / HD 422.
  • Using G’MIC to Work Magic on Your Graphics
    If you’re a Gimp power user, G’MIC is, without a doubt, one of the single most important add-ons available for the flagship open source image editing tool. With G’MIC you can bring some real magic to your digital images… and do so with ease. Give it a go and see if it doesn’t take your Gimp work to the next level.
  • VirtualBox 5.0.6 Brings Fixes For Linux 4.3 & More
  • Kodi 16: Alpha 3
  • Kodi 16 Alpha 3 Released
    The third alpha release of the Kodi 16 HTPC open-source software is now available for testing with long-press support. Given the number of devices these days with limited remote control buttons but relying upon a long-press of the OK/Enter button to pull up a context menu, Kodi has now implemented similar long-press support for remotes. That's the main new feature of Kodi 16 Alpha 3.
  • Third Alpha Build of Kodi 16 Media Center Adds Long-Press Support for Remotes

Leftovers: Gaming

Red Hat and Fedora