[Fair Use: For Educational and Research Purposes Only]

Malicious program embedded on home computers linked to Internet

9.53 a.m. ET (1405 GMT) June 9, 2000 By D. Ian Hopper, Associated Press WASHINGTON (AP)  In a dark, musty office ominously called the "Attack Lab,'' a cadre of former government sleuths worked through the night to discover a major new threat to Internet users.

Prompted by an attack on one of their own computers, Network Security Technologies investigators unraveled a possible future attack on major Web sites and some 2,000 compromised computers, mostly belonging to home users. The hackers had access to all the computers' secrets  passwords, personal files and all  and can at any point launch a crippling assault similar to February's attacks that included CNN's news site, the Yahoo! Internet directory and Amazon.com.

The hackers, who used the nicknames "Serbian'' and "Badman,'' tested their network of infected computers Wednesday night, said NETSEC, which alerted the Justice Department on Thursday.

The firm, which does work for the department, gave the government a list of the computers that have been infected with the malicious program, which cloaks itself as a movie file.

Even large computer companies were penetrated by the hackers.

The FBI's National Infrastructure Protection Center and the bureau's Washington field office are looking into the incident, a senior Justice Department official said, requesting anonymity.

The problem demonstrates the growing vulnerability that home computer users face as they purchase permanent, high-speed connections to the Internet. Without special software to protect them, Internet surfers using cable modem and digital subscriber lines are easy prey.

"Anybody who is directly connected to the Internet through cable modems or DSL is extremely susceptible to these backdoor programs. We have seen many, many attacks coming on to those people's machines,'' said Vincent Weafer, director of Symantec Corp.'s Anti-Virus Research Center in Cupertino, Calif.

The security firm watched the hackers add to their numbers daily.

"They're gathering up their armies, and as that number increases, so will their testosterone level,'' said Todd Waskelis, a vice president at NETSEC.

The Herndon, Va.-based company first learned of the hackers' plans when the vandals tried to penetrate one of NETSEC's computers, and protective software detected it.

NETSEC was founded by two alumni of the National Security Agency and the Defense Department.

Their office, located in suburban Washington, resembles an electronic fortress. Cameras line the hallways, and most of the company's employees aren't authorized to access secured rooms.

The "Attack Lab,'' with its scattered computers, resembles an abandoned office in a university computer science department. Here, firm engineers track computer vandals worldwide.

"We're all hackers, in the traditional sense of the word,'' Waskelis said. "If we find something like this, we want to pick it apart and see what it's doing.''

One Attack Lab engineer calls himself a "grey hat hacker,'' one who keeps within the law but still keeps close to the hacker underground. "I've done some of my own 'penetration testing,''' he said.

Yet another was in the U.S. Army, doing counterintelligence work and information warfare. He worked in Yugoslavia, protecting the U.S. computer infrastructure against hack attempts. An interesting coincidence, since the hackers call themselves the "Serbian Inteligence Agency,'' though NETSEC investigators don't believe they are in Serbia.

The hackers planted a file that looks like a movie clip on home and commercial computers across the world. The file essentially turns the infected computer into a "zombie'' machine that the hackers can control, NETSEC said. The company has dubbed the file "Serbian Badman Trojan.''

Armed with information gleaned from the infected computers, the hackers can then use the infected computer as a permanent gateway to access personal and corporate files or to launch massive denial of service attacks on Web sites.

In such an attack, the zombie computers can be used to send thousands of repetitive requests, clogging a Web site's computers until they seize up.

NETSEC officials said they uncovered computers across the world that were penetrated by the hackers, including in Austria, Greece, Canada, Russia, France and the United States.

http://www.foxnews.com/national/0609/d_ap_0609_65.sml

====================

-- (Dee360Degree@aol.com), June 09, 2000