Denial-Of-Service Program Expands To PCs

(02/25/00, 7:33 p.m. ET)

By Marcia Savage, Computer Reseller News

The cracker tools used in the denial-of-service attacks on Yahoo and other websites earlier this month have migrated from servers to Windows 98-based PCs.

In the Internet attacks earlier this month, crackers planted programs on servers, turning them into "zombies" they commanded to attack Yahoo and others with a barrage of bogus messages, consuming bandwidth and shutting down legitimate traffic.

"Those original programs worked on Windows NT and flavors of Unix," said Patrick Taylor, a vice president at Internet Security Systems, an Atlanta-based security vendor. "Now someone has created a version that works on Windows 98 and transmitted via e-mail attachments. The ultimate outcome is your Windows 98 box becomes a zombie and, thus, potentially part of a DoS attack on a third computer."

James Madison University, Harrisonburg, Va., discovered 16 student-owned Windows-based PCs were infected with an agent that may be a variant of the Trin00 denial-of-service tool.

With hackers able to use Windows 98-based PCs in DoS attacks, it changes the kind of threat DoS presents, Taylor said. It expands the "range of possibilities."

While it likely takes several big servers to launch a major DoS attack, a gang of PCs still could prove annoying to a particular ISP, he said.

Computer users can protect their systems from becoming infected by taking precautions with e-mail attachments, configuring their computers with proper security settings, and using antivirus software, Taylor said.

Ken Cutler, director of information security professional services with the NetPlex Group, in McLean, Va., said the James Madison University incident is a reminder for end-users to keep up with current antivirus software.

"What it's signaling is we have to keep up our continuing vigilance for using the best and most current anti-malicious defenses that's available so you don't become an accomplice," he said.

http://techweb.about.com/frames/cmpheadline.htm?url=http://www.techweb.com/wire/story/TWB20000225S0016&trail=/compute/index.htm&sitedir=home

-- Jennifer Bunker (jen@bunkergroup.com), February 28, 2000