OT: Follow-up on New threat hits Web

greenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread

2/24/00- Updated 11:56 AM ET

New threat hits Web

By M.J. Zuckerman USA TODAY

An insidious new version of the online attack software that brought down major e-commerce sites earlier this month is circulating the Web and is squarely aimed at users of Windows-based PCs.

Several Midwestern universities already are reporting infections of students' PCs.

"Home users definitely need to be aware that it's out there," said Jed Pickel of Carnegie Mellon University's Computer Emergency Response Team.

Ninety percent of computer users worldwide use Windows-based PCs.

These new software tools, which have been identified in recent days by FBI investigators, are being examined by the response team for similarities to the tool used this month to cripple eBay, Amazon.com, Yahoo and others. In those incidents, now the subject of an international manhunt, vandals used the Internet to introduce bugs into large computers at universities or corporations operating on Unix or Sun Microsystems computers.

On the command of a "master" computer, the machines became unwitting "zombies" and used their superior bandwidth or pipeline to drown the target in worthless messages.

"What this opens up is every user of a DSL, every user of a cable modem line, everything with high bandwidth is exposed," said Mike Higgins of the security firm Para-Protect.

Authorities say the new threat should reinforce the message they have been repeating since the Melissa virus damaged millions of computers worldwide last year: Never open a file from an unknown or untrustworthy source; frequently update anti-virus files; and use a home firewall.

Even downloading MP3 music files or other seemingly trustworthy sources of data should be scanned for unwanted attachments, experts say.

Why should home users or small businesses care if they become the unwitting party to an attack? "This opens a whole new dimension of negligence," said Richard Forno, co-author of The Art of Information Warfare. "It's only a matter of time until the lawsuits start."

http://www.usatoday.com/life/cyber/tech/cth433.htm

-- PA Engineer (PA Engineer@longtimelurker.com), February 24, 2000


Moderation questions? read the FAQ