Friday, November 18, 2005

What hacks and trojans are really about


Few people seem to understand what all of these viruses and malware are really about. Yes, there is a certain amount of spam that you get that is designed to then barrage you with pop-up ads ... as though you would say "Wow, what a great ad! I'm glad I get these pop-ups ... I'll have to go and spend money with these folks!"

One of the real business models behind all of this - the real people doing business in this space - are the ones that use large numbers of compromised computers at business and homes to launch DDOS (Distributed Denial Of Service) Attacks. These attacks are used for good ol' conventional extortion. It becomes a very simple case of "Pay me, or your Internet presence will be shut down!" The person who controls the compromised machines can easily "task" them to attack various web sites, at various times, and for various amounts of time. Reading this article, you can begin to get the idea that large scale "Internet vandelism" can quickly grow into a profitable - yet illegal - business. I recently read another article where a California 20-year-old had over 400,000 machines under his control as a massively distributed "botnet" that he could divide up and control as a virtual military force. Yes ... 400,000 machines!

A while back I had one of my Linux boxes compromised through a hole in a Open Source PHP application. The attackers were able to install and execute a small script that pulled down and ran a larger script. That one actually attached to an IRC server and waited for additional commands. I found that they then sent a command to download a DDOS script, and would then begin to run it from time to time attacking various sites. I discovered this whole scenario when I noticed that my DSL line would get swamped from time to time and isolated the traffic to that Linux box. I actually had some fun before cleaning everything up. I did patch the hole, but I modified the DDOS script to simply log information about the command and the target, but not actually generate the traffic. It was fun to review the log and see that my box was being controlled by a compromised machine in South America, and that I was being to used - at one point - to attack an on-line gambling site.

This got me thinking a lot about what we don't know that we don't know about the whole world of the Internet, spam, viruses, and malware. In addition, it reinforces the levels of indirection that can easily be created to hide the identity of the controller. But not forever!

Hackers Admit to Wave of Attacks. With their ringleader on the run, two cybervandals own up to using an army of compromised PCs to take down sites for commercial gain. By Kevin Poulsen. [Wired News]
[tags: ]

0 Comments:

Post a Comment

<< Home