 |
 |
|
|
|
|||||||||||||||||||||||||||||||||||||||
|
Hacker unleashers updated backdoor program
(IDG) -- An updated version of the backdoor program SubSeven was released by its creator, a hacker known as "mobman," on Friday, according to the "official" Web page of the program. The SubSeven backdoor, which allows malicious hackers to access and control a user's computer without his or her knowledge, is "one of the highest threats to Windows PCs, especially those running in broadband environments," said Chris Rouland, director of the X-Force research team at computer security firm Internet Security Systems (ISS) in Atlanta, Georgia. The program typically arrives in an email disguised as one of a variety of benign file types. Users unwittingly launch the program, potentially allowing a malicious hacker to perform actions including restarting and shutting down their computer and retrieving passwords, as well as uploading, downloading, and deleting files from the hard drive.
The new version, SubSeven 2.2, has a broader set of functions than its predecessor, making it more dangerous. For example, the program includes expanded notification capabilities that could allow hackers to more effectively coordinate DDoS (distributed denial-of-service) attacks, giving them a list of infected computers. The list makes it easier to orchestrate such an attack, which can shut down a Web site by flooding it with fake requests for information. Another new feature, which helps the attacker hide their identity, supports what are known as socks4 and socks5 proxies. Using these proxies to cross international borders between countries whose governments don't cooperate with investigators could make it even more difficult to track down the hacker, Rouland said. SubSeven 2.2 has already been spotted on the Internet, hidden in pornography files on a Usenet group, Rouland said. It wasn't immediately clear if any users have been infected with the new version yet. Another major development in Version 2.2 is that most of the program's functionality resides in plug-in DLLs (dynamic link libraries), making it fairly simple to upgrade. The hacker community plans to release an SDK (software developer kit), which would enable hackers to create custom plug-ins, making it even harder to detect than previous versions, as well as allowing customization of the program, Rouland said. Backdoors such as SubSeven and the better-known BackOrifice have a tendency to spread quickly because they are easy for hackers to launch, Rouland said. ISS found one strain of SubSeven 2.17 in thousands of computers, and Rouland estimates the total number of infected machines to be in the tens of thousands. In many cases, the malicious code lies dormant in the infected PC unless a hacker chooses to target that machine. "Up to date antivirus software and intrusion detection software is the real solution here," Rouland said. RELATED STORIES:
Security center issues antihacker tool RELATED IDG.net STORIES:
Top 5 firewall utilities RELATED SITES:
Internet Security Systems |
|
|
SCI-TECH
Study: Gadget sales flat Protest slams Dell's use of prison labor Steve Jobs keeps Apple in the limelight (MORE)
![[CNN.com]](http://i.cnn.net/cnn/images/newsnet/cnnlogo.gray.gif){kind=small} TOP STORIESN. Y. plans to heal skyline Stocks rise on Case departure Lieberman's presidential announcement today New arrests may be linked to UK ricin scare (MORE)
![[SI.com]](http://i.cnn.net/cnn/images/main/si.logo.gif){kind=logo} SPORTSJordan says farewell for the third time Shaq could miss playoff game for child's birth Ex-USOC official says athletes bent drug rules (MORE)
 All Scoreboards
|
|
|||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||
| Back to the top | |
© 2003 Cable News Network LP, LLLP.
A Time Warner Company. All Rights Reserved. Terms under which this service is provided to you. Read our privacy guidelines. Contact us. |
![[CNN Money]](http://i.cnn.net/cnn/images/main/fn.logo.newsnet.gif){kind=logo}
(