ad info  technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  




Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent



More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections


4:30pm ET, 4/16










CNN Websites
Networks image

Windows PCs become tools for DoS attacks

February 25, 2000
Web posted at: 2:35 p.m. EST (1935 GMT)

SAN FRANCISCO (IDG) -- Computer hackers may quietly be infecting thousands of Windows PCs in preparation for another wave of DoS (denial of service) attacks of the type that brought high-profile Web sites like Yahoo and eBay to their knees two weeks ago, security experts warned Thursday.

James Madison University discovered last week that 16 Windows PCs on its student network had been infected with what looked like a variant of "Trinoo," one of a handful of viruses that hackers have been using to launch DoS attacks. The university has sent a sample of the virus, which it has dubbed "Wintrinoo," to the Computer Emergency Response Team (CERT) for analysis, the university said on its Web site Thursday.

Meanwhile, a university in Florida and a large corporation in Washington, D.C., this week also discovered Windows PCs that had been infected by a version of Trinoo, Stephen Northcutt, director of the Global Incident Analysis Center at the System Administration, Networking, and Security (SANS) Institute, said in a phone interview.

Tracking Web site attacker requires persistence, technology and luck

Is a new Internet architecture needed?
Do you believe the parties responsible for last week's attacks will be caught?

View Results

Using Windows PCs to launch DoS attacks signals a shift in strategy by computer criminals, and is a move that escalates the challenge facing Internet companies as they try to find ways to counter the attacks, security experts said.

The DoS attacks carried out so far, which also affected, ETrade Group and the Cable News Network (CNN), were launched almost exclusively from large Unix computers maintained by governments, businesses and organizations. Using programs like Trinoo, hackers essentially hijack those systems and use their computing power to bombard Web sites with high volumes of requests for information, causing the target sites to grind to a halt.

Experts like Northcutt fear that computer hackers, acting alone or as a group, may have turned their attention to Windows PCs in preparation for another wave of DoS attacks.

"On the Windows side, this has the potential to be much more disastrous," said Randy Marchany, a member of the Computer Incident Response Team at Virginia Tech University. Aside from the sheer number of Windows PCs connected to the Internet, many Windows PCs are operated by novice users, and are not protected by firewalls and other heavy-duty security software.

  Online broker hit by DoS attack 02/24/00
  Microsoft fends off hack attack 02/22/00
  TechInformer: The Thinking Internaut's Guide to the Tech Industry's products pages
  Reviews & in-depth info at
  Year 2000 World
  Questions about computers? Let's editors help you
  Subscribe to's free daily newsletters
  Search in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

"We can't protect these systems," said Allan Paller, director of research at the SANS Institute. "The skill level of most Windows users is novice at best, and the basic design of Windows and Macintosh systems isn't geared to security."

Experts emphasized that no firm evidence exists yet that Windows PCs have been used to launch DoS attacks, although James Madison University reported that its 16 infected PCs were sending out large volumes of data packets, suggesting that they may have been involved in an attack.

Indeed, the assaults on high-profile Web sites appeared to have subsided last week, although a few smaller Internet companies reported problems that may have been caused by DoS attacks. Experts said Internet companies may not be reporting incidents out of fear of negative publicity, or in order to reduce copycat incidents. The Federal Bureau of Investigation (FBI) is continuing its investigation into the DoS attacks.

Making the problem harder to solve is the fact that most users wouldn't even be aware that their PC has been affected. Viruses like Trinoo don't typically cause problems on the computers they infect; rather, they allow the computer to be used in a coordinated attack against the powerful servers that run Web sites or corporate intranets.

The best way for individual users to protect their PCs is to keep their antivirus software up to date, and avoid opening attachments that come from unfamiliar sources. Ideally, users should always scan attachments for viruses before opening them, experts said.

"Those innocent screen savers, pictures and games that we once downloaded with abandon have much more ability to play havoc today," James Madison University said on its Web site.

For businesses and organizations, SANS posted a "roadmap" on its Web site Thursday for defeating the DoS attacks, which includes information about how to protect against the attacks and how to avoid being made a "host" for assaults on other companies. Compiled by SANS, CERT and the The Center for Education & Research in Information Assurance & Security (CERIAS) at Purdue University, the roadmap can be viewed online.

Northcutt at CERT's Global Incident Analysis Center said he is optimistic that the use of Windows computers in the DoS attacks can be nipped in the bud -- if users are conscientious about updating their antivirus software.

"If we can get people on two-week cycles of upgrading their antivirus software, that's the way we can kick this," Northcutt said.

Net crime does pay for cops
February 24, 2000
Avoiding future denial-of-service attacks
February 23, 2000
FBI investigation swamped with tips, continue to seek Midwest 'Coolio'
February 16, 2000
The coming privacy divide
February 24, 2000
Internet2 team seeks speedy apps
February 24, 2000
Insufficient computer security threatens doing business online
February 23, 2000
Rebuffed Internet extortionist posts stolen credit card data
January 10, 2000
A visit to Stanford's Internet2 GigaPoP
November 3, 1999

FBI opens investigation to track denial of service attacks
(Network World Fusion)
Cybervandalism is tough to thwart
(PC World Online)
A primer: How hackers attack
(PC World Online)
EBay, Amazon, hit by attacks
(Network World Fusion)
FBI, industry scramble to stop hack attacks
(PC World Online)
Yahoo outage raises Web concerns
Denial of Service news
HP sets up Internet insurance program in wake of DoS attacks

SANS' roadmap
The SANS Institute
James Madison University

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.