Language Selection

English French German Italian Portuguese Spanish

Computer viruses become hacker informants

Filed under
Security

An emerging breed of computer virus that keeps hackers informed about the latest weaknesses in computer networks has been discovered by security experts.

The viruses infect a computer network, scan for security vulnerabilities and then report back to hackers through an internet chatroom.

Armies of computers infected with "bot" viruses are routinely controlled via a chatroom connection. Typically these machines are used to knock a website offline with a "denial of service attack" or as a conduit for sending out spam email.

However, the ability of some bots to scan their hosts for unpatched security holes and report their findings back to hackers has gone largely unnoticed until now.

The emerging class of malware or malicious software - known as vulnerability assessment worms - "phone home" to allow hackers to fine-tune further attacks or perhaps even target an individual PC within a network.

This pernicious form of program is just one of a growing number of new viruses identified each month, says computer security expert Bruce Schneier.

"The virus trend doesn't look good," Schneier writes in the June 2005 edition of the Association for Computing Machinery journal, Queue. "More than a thousand new worms and viruses were discovered in the last six months alone."

Schneier cites the worm SpyBot.KEG, discovered in February 2005, as one of those in the vanguard of the vulnerability assessment worms. It reports the nature of vulnerabilities back to its author via an Internet Relay Chat (IRC) channel - a type of online chatroom.

Schneier expects newer IRC worms to emerge with even more complex vulnerability-exploiting behaviours. And he expects to see peer-to-peer file-trading networks becoming a major launch pad for new viruses.

Schneier's firm, California-based Counterpane Internet Security, monitors more than 400 corporate networks around the world and defends these against attack.

Kevin Hogan, senior manager at Symantec's Security Response division in Dublin, Ireland, says that the volume of new viruses is so vast because the source code for many programs is posted online, allowing anyone to make their own variant.

"As soon as a new vulnerability is apparent in a server, someone can modify a bot to exploit it," Hogan says. "So the bot tells the hacker which machines on a network are vulnerable and it can be ordered to attack a host PC or a whole set of hosts, turning them into spam relays perhaps, or harvesting credit card numbers from their hard drives."

Hogan says that good firewall defences will prevent hackers from communicating with bots. And he says IRC has proved the downfall of many a botnet operator. Once the genuine IP address of the IRC channel host is known, tracking the hacker is not too difficult. "IRC is how they work, but it's also the Achilles heel of the botnet," he says.

Source.

More in Tux Machines

Critical Live Boot Bug Fixed and Ubuntu 18.04 is Finally Released

A critical bug in live boot session delayed Ubuntu 18.04 LTS release for several hours. The bug has been fixed and the ISO are available to download. Read more

Nintendo Switch hack + Dolphin Emulator could bring GameCube and Wii game support

This week security researchers released details about a vulnerability affecting NVIDIA Tegra X1 processors that makes it possible to bypass secure boot and run unverified code on some devices… including every Nintendo Switch game console that’s shipped to date. Among other things, this opens the door for running modified versions of Nintendo’s firmware, or alternate operating systems such as a GNU/Linux distribution. And if you can run Linux… you can also run Linux applications. Now it looks like one of those applications could be the Dolphin emulator, which lets you play Nintendo GameCube and Wii games on a computer or other supported devices. Read more

Openwashing Leftovers

Linux Foundation: New Members, Cloud Foundry, and Embedded Linux Conference + OpenIoT Summit

  • 41 Organizations Join The Linux Foundation to Support Open Source Communities With Infrastructure and Resources
    The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the addition of 28 Silver members and 13 Associate members. Linux Foundation members help support development of the shared technology resources, while accelerating their own innovation through open source leadership and participation. Linux Foundation member contributions help provide the infrastructure and resources that enable the world's largest open collaboration communities.
  • Cloud Foundry for Developers: Architecture
    Back in the olden days, provisioning and managing IT stacks was complex, time-consuming, and error-prone. Getting the resources to do your job could take weeks or months. Infrastructure-as-a-Service (IaaS) was the first major step in automating IT stacks, and introduced the self-service provisioning and configuration model. VMware and Amazon were among the largest early developers and service providers. Platform-as-a-Service (PaaS) adds the layer to IaaS that provides application development and management. Cloud Foundry is for building Platform as a Service (PaaS) projects, which bundle servers, networks, storage, operating systems, middleware, databases, and development tools into scalable, centrally-managed hardware and software stacks. That is a lot of work to do manually, so it takes a lot of software to automate it.
  • Jonathan Corbet on Linux Kernel Contributions, Community, and Core Needs
    At the recent Embedded Linux Conference + OpenIoT Summit, I sat down with Jonathan Corbet, the founder and editor-in-chief of LWN to discuss a wide range of topics, including the annual Linux kernel report. The annual Linux Kernel Development Report, released by The Linux Foundation is the evolution of work Corbet and Greg Kroah-Hartman had been doing independently for years. The goal of the report is to document various facets of kernel development, such as who is doing the work, what is the pace of the work, and which companies are supporting the work.