Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Where's my gigabit Internet, anyway?
Americans cool with lab-grown organs, but not designer babies
IE6: Retired but not dead yet
Enterprise who? Google says little about Apps, business cloud services in Q1 report
DDoS Attackers Change Techniques To Wallop Sites
Can we talk? Internet of Things vendors face a communications 'mess'
AMD's profitability streak ends at two quarters
Michaels says breach at its stores affected nearly 3M payment cards
Exclusive: Google's Project Loon tests move to LTE band in Nevada
H-1B loophole may help California utility offshore IT jobs
How a cyber cop patrols the underworld of e-commerce
For Red Hat, it's RHEL and then…?
Will the Internet of Things Become the Internet of Broken Things?
Kill switches coming to iPhone, Android, Windows devices in 2015
Israeli start-up, working with GE, out to detect Stuxnet-like attacks
Galaxy S5 deep-dive review: Long on hype, short on delivery
Google revenue jumps 19 percent but still disappoints
Windows XP's retirement turns into major security project for Chinese firm
Teen arrested in Heartbleed attack against Canadian tax site
Still deploying 11n Wi-Fi?  You might want to think again
Collaboration 2.0: Old meets new
9 Things You Need to Know Before You Store Data in the Cloud
Can Heartbleed be used in DDoS attacks?
Secure browsers offer alternatives to Chrome, IE and Firefox
Linksys WRT1900AC Wi-Fi router: Faster than anything we've tested
/

Denial-of-service attack code infects Windows

Today's breaking news
Send to a friendFeedback


The code used in the recent denial-of-service attacks on Yahoo, eBay and other victims was Unix-based, but new Windows-based variants of denial-of-service attack tools are now being identified.

James Madison University discovered last week that 16 Windows PCs on its student network were infected with what looked like a Windows variant of the original Unix-based "Trin00," a Trojan horse that hackers secretly install on machines to remotely launch denial-of-service attacks.

James Madison's network administrator Gary Flynn reported the discovery to the public service Computer Emergency Response Team (CERT). The new Trin00 variant is dubbed Wintrin00. Flynn acknowledged that the university's 16 machines were being remotely manipulated by an unknown attacker to send out a User Datagram Protocol (UDP) flood against unspecified victims on the Internet.

Meanwhile, a university in Florida and a large corporation in Washington, D.C., this week also discovered Windows PCs that had been infected by a Trin00 variant, Stephen Northcutt, director of the Global Incident Analysis Center at the System Administration, Networking and Security (SANS) Institute, said in a phone interview.

Windows-based denial-of-service attack code appear to be far less deadly in terms of fire-power compared to the earlier Unix versions, say experts at Internet Security Systems after an initial review of the Windows-based attack code last week.

However, because there are so many Windows machines in use, many are concerned the potential for launching attacks with them is great.

"On the Windows side, this has the potential to be much more disastrous," says Randy Marchany, a member of CERT at Virginia Tech University. Aside from the sheer number of Windows PCs connected to the Internet, many Windows PCs are operated by novice users, and are not protected by firewalls and other heavy-duty security software.

Detection difficult

Making the problem harder to solve is the fact that most users wouldn't even be aware that their PC has been affected. Trojan horses such as Trin00 don't typically cause problems on the computers they infect; rather, they allow the computer to be used in a coordinated attack against the powerful servers that run Web sites or corporate intranets.

The best way for individual users to protect their PCs is to keep their antivirus software up-to-date and avoid opening attachments that come from unfamiliar sources. Ideally, users should always scan attachments for viruses before opening them, experts say.

"Those innocent screen savers, pictures and games that we once downloaded with abandon have much more ability to play havoc today," James Madison University said on its Web site.

For businesses and organizations, SANS posted a "roadmap" on its Web site last week for defeating the denial-of-service attacks, including information about how to protect against the attacks and how to avoid being made a "host" for assaults on other companies. Compiled by SANS, CERT and The Center for Education & Research in Information Assurance & Security at Purdue University, the roadmap can be viewed at www.sans.org/ddos_roadmap.htm.

Northcutt at CERT's Global Incident Analysis Center says he is optimistic that the use of Windows computers in the denial-of-service attacks can be nipped in the bud - if users are conscientious about updating their antivirus software.

Most antivirus and security vendors have rapidly moved to include ways to detect and eradicate the Trojan-horse denial-of-service attack code through scanning software. CERT and others are urging organizations to beef up their detection and eradication measures to prevent their machines being taken over for denial-of-service attacks.

"If we can get people on two-week cycles of upgrading their antivirus software, that's the way we can kick this," Northcutt says.

RELATED LINKS


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.