Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Heartbleed prompts joint vendor effort to boost OpenSSL, security
FCC will seek input on latest net neutrality proposal
China working on Linux replacement for Windows XP
FCC adds $9 billion to broadband subsidy fund
Raspberry Pi alternatives emerge to fill need for speed
It's now possible to wirelessly charge 40 smartphones from 16 feet away
Ex-FCC commissioner to head CTIA in latest Washington shuffle
Go time traveling with Google Maps
While Heartbleed distracts, hackers hit US universities
Survey respondents shun much-hyped mobile shopping technologies
Survey respondents shun much-hyped mobile shopping technologies
7 Ways to Advance Your Project Management Career
How Apple's billion dollar sapphire bet will pay off
US to vote on sharp increase in broadband subsidies
iPhone 6 rumor rollup for the week ending April 18
NSA spying revelations have tired out China's Huawei
Arista co-founder may have switch maker by its jewels
Apple kicks off public OS X beta testing
Open source pitfalls – and how to avoid them
AT&T's expanded 1 Gbps fiber rollout could go head to head with Google
BlackBerry Releases BES 10 Security Update to Address 'Heartbleed' Flaw
Verizon: Web apps are the security punching bag of the Internet
Cisco announces security service linked with new operations centers
Dell launches virtual storage accelerator, aims to boost SAN performance
/

Windows PCs become tools for denial-of-service attacks

Today's breaking news
Send to a friendFeedback


Computer hackers may quietly be infecting thousands of Windows PCs in preparation for another wave of denial-of-service attacks of the type that brought high-profile Web sites like Yahoo and eBay to their knees two weeks ago, security experts today warned.

James Madison University discovered last week that 16 Windows PCs on its student network had been infected with what looked like a variant of "Trinoo," one of a handful of viruses that hackers have been using to launch denial-of-service attacks. The university has sent a sample of the virus, which it has dubbed "Wintrinoo," to the Computer Emergency Response Team (CERT) for analysis, the university says on its Web site.

Meanwhile, a university in Florida and a large corporation in Washington, D.C., this week also discovered Windows PCs that had been infected by a version of Trinoo, says Stephen Northcutt, director of the Global Incident Analysis Center at the System Administration, Networking and Security (SANS) Institute.

Using Windows PCs to launch denial-of-service attacks signals a shift in strategy by computer criminals, and is a move that escalates the challenge facing Internet companies as they try to find ways to counter the attacks, security experts say.

The denial-of-service attacks carried out so far, which also affected Amazon.com, ETrade and CNN, were launched almost exclusively from large Unix computers maintained by governments, businesses and organizations. Using programs like Trinoo, hackers essentially hijack those systems and use their computing power to bombard Web sites with high volumes of requests for information, causing the target sites to grind to a halt.

Experts like Northcutt fear that computer hackers, acting alone or as a group, may have turned their attention to Windows PCs in preparation for another wave of denial-of-service attacks.

"On the Windows side, this has the potential to be much more disastrous," says Randy Marchany, a member of the Computer Incident Response Team at Virginia Tech University. Aside from the sheer number of Windows PCs connected to the Internet, many Windows PCs are operated by novice users, and are not protected by firewalls and other heavy-duty security software.

"We can't protect these systems," says Allan Paller, director of research at the SANS Institute. "The skill level of most Windows users is novice at best, and the basic design of Windows and Macintosh systems isn't geared to security."

Experts emphasized that no firm evidence exists yet that Windows PCs have been used to launch denial-of-service attacks, although James Madison University reported that its 16 infected PCs were sending out large volumes of data packets, suggesting that they may have been involved in an attack.

Indeed, the assaults on high-profile Web sites appeared to have subsided last week, although a few smaller Internet companies reported problems that may have been caused by denial-of-service attacks. Experts say Internet companies may not be reporting incidents out of fear of negative publicity, or in order to reduce copycat incidents. The FBI is continuing its investigation into the denial-of-service attacks.

Earlier this week, hackers attempted to bring down Microsoft's Web site, but the company claims it only suffered a 3% to 7% slump in performance.

Making the problem harder to solve is the fact that most users wouldn't even be aware that their PC has been affected. Viruses like Trinoo don't typically cause problems on the computers they infect; rather, they allow the computer to be used in a coordinated attack against the powerful servers that run Web sites or corporate intranets.

The best way for individual users to protect their PCs is to keep their antivirus software up to date, and avoid opening attachments that come from unfamiliar sources. Ideally, users should always scan attachments for viruses before opening them, experts say.

"Those innocent screen savers, pictures and games that we once downloaded with abandon have much more ability to play havoc today," James Madison University says on its Web site.

For businesses and organizations, SANS posted a "roadmap" on its Web site yesterday for defeating the denial-of-service attacks, which includes information about how to protect against the attacks and how to avoid being made a "host" for assaults on other companies. Compiled by SANS, CERT and the Center for Education & Research in Information Assurance & Security at Purdue University, the roadmap can be viewed at www.sans.org/ddos_roadmap.htm/.

Northcutt, at CERT's Global Incident Analysis Center, says he is optimistic that the use of Windows computers in the denial-of-service attacks can be nipped in the bud-if users are conscientious about updating their antivirus software.

"If we can get people on two-week cycles of upgrading their antivirus software, that's the way we can kick this," Northcutt says.

The SANS Institute, in Bethesda, Md., can be reached at www.sans.org/.

RELATED LINKS

See our DoS Reasearch page
Network Fusion.

The CERT Coordination CenterDedicated to solving high impact computer vulnerability problems and incident response.

Internet Security Advisors Group

The FBI's Denial of Service Information area

Steps for dealing with an attack
Includes information about security products.
Internet Security Systems.

Report: Common Vulnerabilities and Exposures
Background about the perils of information sharing.
Mitre.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.