Sometimes it means giving in
When you know that nothing else matter
Sometimes it means needing to be quiet
When words can no longer deliver the message
Sometimes it means going separate ways
When things have gotten unbearable and hopeless
Sometimes it means turning away
When your presence will do more harm than good
Sometimes it means giving up your dreams
When you no longer have time to dream
Sometimes it means stop hoping
When there's nothing else to hope for
Sometimes it means giving up your reasons
When you know that they just don't fit
Sometimes it means masking your true feelings
When you know that you have to put up a face
Sometimes it means keeping the love within your heart
When you know that it can only bring pain
-- Malaya Bodlaver
Worms reveal that hackers evolving from mischief to crimeBy BOB KEEFECox News Service.The ugly new computer worms that wriggled their way onto the Internet last week didn't cause widespread damage or disruption — and that's what worries many security experts the most.
Unlike earlier generations of worms, Zotob, Rbot and their cousins were designed not to damage computers or networks, but to steal information and then secretly take over their host computers and turn them to other uses.
The experts say they are signs of an ongoing evolution in the hacker world from mere maliciousness to clear-cut crime.
"If you look at (past worms), they were all about notoriety and how to kill the Internet," said Peter Allor of Atlanta-based Internet Security Systems Inc. "This is more economic. It's about how to use malware in an organized fashion to get money." "This is a new world," said Scott Lupfer of computer security company McAfee Inc. "A lot of us in the industry have known this was a possibility and could happen at some point. ... Now it has."
In the past, the intent of computer worms — which get their name from their ability to replicate themselves and travel from computer to computer without human intervention — was clear.Hackers would create the stealthy software bombs to flood corporate computer networks, shut down entire portions of the Internet or generally wreak havoc on the Web — just for notoriety, a good challenge and bragging rights among their peers.But last week's attacks were decidedly different.
It did no major damage, though organizations ranging from Caterpillar Inc. to CNN were forced to fix unprotected machines running the Windows 2000 operating system.The worms didn't stall e-commerce and didn't shut down Web sites. They really didn't have much effect at all on most home computer users, whose machines typically run on more recent operating systems such as Windows XP.
They didn't require computer users to do anything to activate them, such as open an e-mail attachment from an unknown sender or enter their personal information on a bogus Web site.
After the usable data was sold to identity thieves, the "bot" networks could be sold on virtual black markets to e-mail spammers, computer experts say. The spammers could use them to spew out unsolicited e-mails for porn sites or get-rich-quick schemes, while the machines' owners remained unaware.
The worms may never have been discovered if hackers hadn't made some mistakes in their coding that caused computers to repeatedly shut down and restart, Allor said.
Computer experts who dissected the coding in last week's worms uncovered other disturbing clues about the virtual underground world of hackers.
The worms apparently were created by two or three different hackers or groups of hackers. After the initial worms hit the Internet, the hackers churned out numerous other variations designed to kill off competing worms — indicating a virtual turf war among hackers for vulnerable computers.
"We seem to have a bot war on our hands," Mikko Hypponen, chief research officer at Internet security company F-Secure Corp., said in a statement. "There appears to be three different virus-writing gangs turning out new worms at an alarming rate, as if they would be competing who would build the biggest network of infected machines."
Microsoft released the patches Aug. 9 as part of its regular monthly software updates. But in doing so, it may have alerted hackers to the vulnerability.
By the next day, a Russian hacker or group of hackers known as "houseofdabus" released a blueprint on a well-known hacker site detailing how to exploit the vulnerability on the Windows 2000 operating system.
Houseofdabus isn't new to the hacker site. Since April 2004, Houseofdabus has released at least nine other exploit codes on the site, including one used in last year's devastating Sasser worm.
Using the new houseofdabus code, any hacker with malicious intent could easily create a malicious worm.And that's exactly what happened.
The first Zotob worm based on the code appeared on Aug. 14, according to F-Secure. Within a few days, nearly a dozen other variations popped up on the Internet.
Fortunately for most Internet users, the worm attacks were limited only to unpatched computers running Windows 2000.
But that doesn't mean a new worm couldn't be developed quickly to attack unprotected versions of other operating systems, security experts say. That includes the most popular operating system, Windows XP.
As a result, Microsoft and security experts warn that computer users should download and install the "Plug and Play" patches — and all other applicable patches — from Microsoft immediately.
Most newer computers either automatically download new patches when available or prompt users to do so. Computer users also should constantly update and run antivirus and firewall software.Yet even with patches, firewalls and virus protection, last weeks' worm attacks showed that keeping bad guys out isn't easy in the new age of hackers.
"It's like your house," said Javier Santoyo, of Symantec Corp., another Internet security company. "If you have three thieves who live around you ... and you leave your front door unlocked, there's a pretty good chance they're going to get in."
Bob Keefe's e-mail address is : bkeefe@coxnews.com
Subscribe to:
Posts (Atom)
