Language Selection

English French German Italian Portuguese Spanish

Computer viruses become hacker informants

Filed under
Security

An emerging breed of computer virus that keeps hackers informed about the latest weaknesses in computer networks has been discovered by security experts.

The viruses infect a computer network, scan for security vulnerabilities and then report back to hackers through an internet chatroom.

Armies of computers infected with "bot" viruses are routinely controlled via a chatroom connection. Typically these machines are used to knock a website offline with a "denial of service attack" or as a conduit for sending out spam email.

However, the ability of some bots to scan their hosts for unpatched security holes and report their findings back to hackers has gone largely unnoticed until now.

The emerging class of malware or malicious software - known as vulnerability assessment worms - "phone home" to allow hackers to fine-tune further attacks or perhaps even target an individual PC within a network.

This pernicious form of program is just one of a growing number of new viruses identified each month, says computer security expert Bruce Schneier.

"The virus trend doesn't look good," Schneier writes in the June 2005 edition of the Association for Computing Machinery journal, Queue. "More than a thousand new worms and viruses were discovered in the last six months alone."

Schneier cites the worm SpyBot.KEG, discovered in February 2005, as one of those in the vanguard of the vulnerability assessment worms. It reports the nature of vulnerabilities back to its author via an Internet Relay Chat (IRC) channel - a type of online chatroom.

Schneier expects newer IRC worms to emerge with even more complex vulnerability-exploiting behaviours. And he expects to see peer-to-peer file-trading networks becoming a major launch pad for new viruses.

Schneier's firm, California-based Counterpane Internet Security, monitors more than 400 corporate networks around the world and defends these against attack.

Kevin Hogan, senior manager at Symantec's Security Response division in Dublin, Ireland, says that the volume of new viruses is so vast because the source code for many programs is posted online, allowing anyone to make their own variant.

"As soon as a new vulnerability is apparent in a server, someone can modify a bot to exploit it," Hogan says. "So the bot tells the hacker which machines on a network are vulnerable and it can be ordered to attack a host PC or a whole set of hosts, turning them into spam relays perhaps, or harvesting credit card numbers from their hard drives."

Hogan says that good firewall defences will prevent hackers from communicating with bots. And he says IRC has proved the downfall of many a botnet operator. Once the genuine IP address of the IRC channel host is known, tracking the hacker is not too difficult. "IRC is how they work, but it's also the Achilles heel of the botnet," he says.

Source.

More in Tux Machines

Samsung Sells a Million Tizen Phones as Mozilla Rethinks Firefox OS

On June 29, Samsung announced that since January, it has sold over one million units of its Tizen-based Samsung Z1 smartphones in India, Bangladesh, and Sri Lanka. According to Reuters, Samsung will "launch several more Tizen smartphones at varying prices." The Reuters report, which did not mention a timetable, was based on a tip from an undisclosed source. The story also cited a Counterpoint study that estimated the Z1 to be the best-selling smartphone in Bangladesh in Q1 2015. Read more

DigiKam 4.11.0 Released With Bug Fixes, Install/Update In Ubuntu 15.04/Linux Mint "Refaela" Or Other Darivatives


digikam 4.11.0 release with 90 bug fixes

digiKam is an Open-Source project Photos management software, specially for KDE but you can use it on Ubuntu or others distros too. In digiKam photos are organized in albums which can be sorted chronologically, by folder layout or by custom collections. Developers recently released digiKam 4.11.0 with huge list of 90 bug fixes.
 

Read more at LinuxAndUbuntu

Mageia 5 Linux Distro Offers New Tools, Improved Stability

The Mageia 5 Linux distribution, which launched June 19, provides new tools, improved stability and overall ease of use. The Mageia Linux distro was first formed in September 2010 as a fork of French Linux distribution Mandriva. While Mandriva as a commercial entity ceased operation in May of this year, Mageia is alive and well, continuing on its mission of creating a user-friendly desktop-focused Linux distribution. New features in Mageia 5 include support for Unified Extensible Firmware Interface (UEFI) hardware, which enables Mageia to run on a broader array of systems than previously. Historically, Mandriva was focused on the KDE Linux desktop as the default. In addition to KDE, Mageia offers users an easy installation choice of other desktops, including GNOME 3.14, Cinnamon 2.4.5 and Xfce 4.12. With Mageia 5, the Btrfs next-generation Linux file system is now fully supported, providing users with a robust file system capability. Helping users move from Microsoft's Windows operating system is also part of Mageia 5, which has a Windows settings import feature. eWEEK examines key highlights of the Mageia 5 Linux distribution release. Read more Also: Mageia 5: I See no Change... and That's Good! OpenMandriva Lx 2014.2 Screencast and Screenshots

Intel Compute Stick with Ubuntu Goes on Sale, Lower Specs than Windows Version

The Ubuntu 14.04 LTS flavored Intel Compute Stick is finally going on sale next week, and it joins the Windows version that was already made available a while back. Read more