Language Selection

English French German Italian Portuguese Spanish

Computer viruses become hacker informants

Filed under
Security

An emerging breed of computer virus that keeps hackers informed about the latest weaknesses in computer networks has been discovered by security experts.

The viruses infect a computer network, scan for security vulnerabilities and then report back to hackers through an internet chatroom.

Armies of computers infected with "bot" viruses are routinely controlled via a chatroom connection. Typically these machines are used to knock a website offline with a "denial of service attack" or as a conduit for sending out spam email.

However, the ability of some bots to scan their hosts for unpatched security holes and report their findings back to hackers has gone largely unnoticed until now.

The emerging class of malware or malicious software - known as vulnerability assessment worms - "phone home" to allow hackers to fine-tune further attacks or perhaps even target an individual PC within a network.

This pernicious form of program is just one of a growing number of new viruses identified each month, says computer security expert Bruce Schneier.

"The virus trend doesn't look good," Schneier writes in the June 2005 edition of the Association for Computing Machinery journal, Queue. "More than a thousand new worms and viruses were discovered in the last six months alone."

Schneier cites the worm SpyBot.KEG, discovered in February 2005, as one of those in the vanguard of the vulnerability assessment worms. It reports the nature of vulnerabilities back to its author via an Internet Relay Chat (IRC) channel - a type of online chatroom.

Schneier expects newer IRC worms to emerge with even more complex vulnerability-exploiting behaviours. And he expects to see peer-to-peer file-trading networks becoming a major launch pad for new viruses.

Schneier's firm, California-based Counterpane Internet Security, monitors more than 400 corporate networks around the world and defends these against attack.

Kevin Hogan, senior manager at Symantec's Security Response division in Dublin, Ireland, says that the volume of new viruses is so vast because the source code for many programs is posted online, allowing anyone to make their own variant.

"As soon as a new vulnerability is apparent in a server, someone can modify a bot to exploit it," Hogan says. "So the bot tells the hacker which machines on a network are vulnerable and it can be ordered to attack a host PC or a whole set of hosts, turning them into spam relays perhaps, or harvesting credit card numbers from their hard drives."

Hogan says that good firewall defences will prevent hackers from communicating with bots. And he says IRC has proved the downfall of many a botnet operator. Once the genuine IP address of the IRC channel host is known, tracking the hacker is not too difficult. "IRC is how they work, but it's also the Achilles heel of the botnet," he says.

Source.

More in Tux Machines

GIMP Roadmap

  • GIMP's Progress In 2016, What's Ahead For 2017
    GIMP contributor Alexandre Prokoudine published a lengthy blog post today looking back at what were the accomplishments for this open-source image manipulation program in 2016 and some of what's ahead for the program this year. [...] Among the work still being done before GIMP 2.10 is released includes cleaning up libgimp, changing linear/gamma-corrected workflows, and 16/32-bit per color channel support, a new color management implementation, and more. GIMP 2.10 will hopefully ship later in 2017.
  • How To Install The Latest GIMP 2.9 Development Build on Ubuntu
  • What To Expect In GIMP 2.10
    The GIMP is our favorite image editing app for Linux, and this year it’s set to get even better. The development team behind the hugely popular open-source project this week shared word about ‘what’s next for GIMP‘ in 2017.

Linux 4.10-rc4

  • Linux 4.10-rc4
    Things are still looking fairly normal, and this is the usual weekly Sunday rc release. We're up to rc4, and people are clearly starting to find the regressions. Good, good. it's a slightly more random collection of fixes from last week: the bulk of it is still drivers (gpu, net, sound, usb stand out), and there's the usual architecture work (but mostly just x86 this time around), but there's a fair amount of fixes all over. Filesystems (xfs, btrfs, some core vfs), tooling (mostly perf), core mm, networking etc etc. This is also the point where I start hoping that the rc's start shrinking. We'll see how the tiny rc2 affects things - this may technically be rc4, but with that one almost dead week, it feels like rc3. But I'm crossing my fingers that we'll have less next week. Regardless, go out and test. This was not a huge merge window, I think we're in pretty good shape for people to dive in.. Linus
  • Linux 4.10-rc4 Kernel Released
    The fourth weekly test release of the Linux 4.10 kernel is now available. For those not up to speed on Linux 4.10, see our Linux 4.10 feature overview. There is a lot of great work included like Nouveau atomic mode-setting, Nouveau boost support, AMD Zen/Ryzen work, new ARM board/platform support, EXT4/XFS DAX iomap support, ATA command priority support, Intel Turbo Boost Max 3.0, and much more.
  • Linus Torvalds Announces Fourth Linux 4.10 Kernel Release Candidate, Get It Now
    It's Sunday evening, again, and Linus Torvalds just made his weekly announcement to inform the community about the immediate availability for download of a new Release Candidate of the upcoming Linux 4.10 kernel. One more week has passed in our lives, but the development of the Linux kernel never stops, and we're now seeing the release of fourth RC (Release Candidate) build of Linux kernel 4.10, which appears to be fairly normal, yet again, bringing only a collection of assorted bug fixes and improvements from last week.

Android Leftovers

Debian from 10,000 feet and First Release Candidate of Installer

  • Debian from 10,000 feet
    Many of you are big fans of S.W.O.T analysis, I am sure of that! :-) Technical competence is our strongest suit, but we have reached a size and sphere of influence which requires an increase in organisation. We all love our project and want to make sure Debian still shines in the next decades (and centuries!). One way to secure that goal is to identify elements/events/things which could put that goal at risk. To this end, we've organized a short S.W.O.T analysis session at DebConf16. Minutes of the meeting can be found here. I believe it is an interesting read and is useful for Debian old-timers as well as newcomers. It helps to convey a better understanding of the project's status. For each item, we've tried to identify an action.
  • Debian Outs First Release Candidate of Debian GNU/Linux 9 "Stretch" Installer
    Work on the upcoming Debian GNU/Linux 9 "Stretch" operating system is ongoing, and Debian Project's Cyril Brulebois announced today the availability of the first Release Candidate of the Debian Installer for Stretch. A lot of things have been implemented since the eight, and last Alpha development release of the Debian Stretch Installer, but the most important changes outlined in the announcement for the RC1 build are the revert of the switch to merged-/usr as default setting for debootstrap and disablement of Debian Pure Blends support.
  • Debian Installer Stretch RC 1 release
    The Debian Installer team[1] is pleased to announce the first release candidate of the installer for Debian 9 "Stretch".
  • Debian Installer Stretch RC 1 Arrives, The /usr Merge Has Been Postponed
    The Debian Installer is getting ready for the 9.0 "Stretch" release.