Hackers amass new zombie army

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

Hackers amass new zombie army CERT says attacks pose threat to Internet infrastructure By Bob Sullivan MSNBC Sept. 15  The nations government-funded computer security watchdog issued a warning Friday that computer intruders have taken control of hundreds of computers connected to the Internet. The attackers are in a position to launch a serious attack, according to the CERT Coordination Center, which said that the situation poses a significant threat to Internet sites and the Internet infrastructure.  COMPUTER VANDALS ARE exploiting two fairly common vulnerabilities in Unix computer systems discovered since July. In about 100 cases since then, intruders have used the vulnerabilities to install distributed denial-of-service tools on machines, according to CERT Incident Response Team Leader Kevin Houle. Those tools figured prominently in Februarys well-publicized attacks on big-name Web sites like Yahoo.com, Amazon.com, and CNN.com.

New reports are coming in at the rate of about two to five per day, he said. In one incident, we recorded over 560 hosts at 220 Internet sites around the world as being a part of a Tribe Flood Network 2000 DDoS network, Poule said. Tribal Flood networks allow a single attacker to control an army of zombie computers remotely; the bandwidth of all those computers can then be brought to bear on a single target Web site, flooding it with traffic and effectively shutting it down. He added that the attackers are not merely installing the tool as a prank, but appear ready to use it  in fact, he said, in about one-quarter of the 100 incidents, the denial-of-service tools have already been used.

Thats the only way some of the sites know theyve been hit, he said. They noticed it because of bandwidth suddenly being used by a machine. Poule said he thinks there are several groups working separately to amass a group of potential zombie computers.

Most of the compromised computers were Red Hat Linux machines running the basic, default configuration, Poule said. Linux is one flavor of Unix, and vulnerabilites often span the many flavors of Unix. Detailed discussions of those flaws are available on CERTs Web site Vendors have patches for these vulnerabilities, and I encourage system administrators to install them, Poule said.


-- Martin Thompson (mthom1927@aol.com), September 16, 2000

Moderation questions? read the FAQ