Ivo Skoric on Sat, 10 Jun 2000 03:26:49 +0200 (CEST)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> Computer Virus named "Serbian"

------- Forwarded Message Follows -------

Hackers embed malicious program on home computers linked to Internet
June 8, 2000 
Web posted at: 8:47 PM EDT (0047 GMT) 

WASHINGTON (AP) -- The FBI will meet with experts from a security company
Friday to discuss the firm's discovery that hackers have embedded a
malicious program disguised as a movie clip on 2,000 commercial and home
computers, positioning themselves to launch an attack designed to shut
down Web sites. 

The problem, detected by a security firm that does work for the Justice
Department, demonstrates the growing vulnerability that home computer
users face as they begin to purchase permanent, high-speed connections to
the Internet. 

Without special software to protect them, Internet surfers using cable
modem and digital subscriber lines are easy prey. 

Even computers at some large computer companies were penetrated by the
hackers, according to Network Security Technologies, which alerted the
government to the problem. 

"Anybody who is directly connected to the Internet through cable modems or
DSL is extremely susceptible to these back-door programs. We have seen
many, many attacks coming on to those people's machines," said Vincent
Weafer, director of Symantec Corp.'s Anti-Virus Research Center in
Cupertino, California. 

The hackers, who used the nicknames "Serbian" and "Badman," tested their
network of infected computers Wednesday night and could launch an attack
at any time, NETSEC said. 

NETSEC said it alerted the Justice Department on Thursday about its
discovery, and provided the government a list of 2,000 computers worldwide
that have been infected with the malicious program. 

The security firm suspects the hackers are adding to their numbers daily
and could soon launch a major attack. 

"They're gathering up their armies, and as that number increases, so will
their testosterone level," said Todd Waskelis, a vice president at NETSEC. 

The Herndon, Va.-based company first learned of the hackers' plans when
the vandals tried to penetrate one of NETSEC's computers, and protective
software detected it. 

NETSEC employees have since monitored an Internet chat room set up by the
hackers as the vandals identified victimized computers, discussed
strategies and boasted of their work. 

"When he thinks all of those clients are sleeping, one of them is really
active and watching them," Waskelis explained. 

The hackers planted a file that looks like a movie clip on home and
commercial computers across the world. The file essentially turns the
infected computer into a "zombie" machine that the hackers can control,
NETSEC said. 

When the fake movie clip is activated, the malicious program called
"Serbian Badman Trojan" runs without any visible clues to the user. The
program sends passwords, network details and other information to the

Armed with that information, the hackers can then use the infected
computer as a permanent gateway to access personal and corporate files or
to launch massive denial of service attacks on Web sites. 

In such an attack, the zombie computers can be used to send thousands of
repetitive requests, clogging a Web site's computers until they seize up. 

Hackers used a similar strategy during well-publicized attacks in February
that included CNN's news site, the Yahoo! Internet portal and book seller

NETSEC officials said they uncovered computers across the world that were
penetrated by the hackers, including in Austria, Greece, Canada, Russia,
France and the United States. 

A handful of machines belonged to computer companies, like New Media
Systems in Aurora, Colorado. "It was surprising that someone called us
externally. We can't be sure how it even got here," said Grant Stanion, a
network developer at New Media who tracked down the malicious program on
one of the company's computers after getting a call from NETSEC. 

Most of the infected computers belonged to home users connected to
high-speed Internet providers, NETSEC said. 

Home users are especially susceptible because they do not have up-to-date
antivirus software or firewall programs that block hacker attacks. Also,
most home users have fixed Internet addresses that are easily identified. 

NETSEC, founded by two alumni of the National Security Agency and
Department of Defense, provides computer emergency services to the Justice

Their office suite, located in suburban Washington, resembles an
electronic fortress. Cameras line the hallways, and most of the company's
employees aren't authorized to access secured rooms. 

One room, called the "Attack Lab," resembles an abandoned office in a
university computer science department. Amid a musty smell and a few
scattered computers, firm engineers track computer vandals worldwide. 

"We're all hackers, in the traditional sense of the word," Waskelis said.
"If we find something like this, we want to pick it apart and see what
it's doing." 

Copyright 2000 The Associated Press. All rights reserved. This material

----- End forwarded message -----
#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body
#  archive: http://www.nettime.org contact: nettime@bbs.thing.net