Instant-messaging tool for hackers poses a threat
By Laura Rohde
(IDG) -- A new hacking tool using the instant messaging platform Internet Relay Chat (IRC) is rapidly spreading across the Internet and has the potential to shut down Web servers.
Called "Voyager Alpha Force," the tool has already been used to infect about 300 computers, according to various reports, but its biggest threat lies in its ability to be used in distributed denial-of-service attacks, according to security experts.
"It is a malicious program you download from the Internet. It looks like it's an IRC bot. Though we don't have any numbers, and I don't believe the software has yet been used to bring a Web server down, we do know that it's gone around quite quickly," says John Safa, chief technical officer at BitArts, a software security company in the U.K.
Voyager Alpha Force infects computers running Microsoft's SQL Server database software, allowing rogue software to be sneaked onto computers. In turn that software could then be instructed to send so many requests to a targeted Web server that it shuts down, Safa says.
"It is really, really difficult to stop it because requests come from thousands of IP addresses, so many that the server is flooded and [you end up] being forced to bring the server down," Safa says.
Lines are blurring
"There is a blur going on right now between the hacking and the cracking communities and now hacking tools are utilizing virus techniques. They can make it so that people are launching attacks without even knowing it, because the tool is hidden in the software and programs that they always use and trust. I think a lot of DDoS [distributed denial of service] as an issue is getting swept under the carpet," Safa says.
Though some security experts are recommending that companies and users protect themselves by changing default passwords and putting their servers behind firewall software to block unauthorized access, Safa believes such precautions are not enough.
"There's got to be a new approach. Putting servers behind the firewall is not sufficient to protect anyone from an attack because a large enough DDoS can cause the firewall itself to fall over. What we are saying is that protection has to be built into the software. You've got to get radical to protect your PC," Safa says.
Companies should protect all of the programs they are running that could be used to access the Internet, everything from Outlook Express to Photoshop, and lock them down in order to keep them from being tampered with, Safa says.
"It's fairly easy to do, but it does require a bit of discipline from not only the company but everyone using those programs," Safa says.
Who's reading your instant messages?
May 28, 2001
RELATED IDG.net STORIES:
Denial-of-service attacks plague Internet Relay Chat
Sizing up cybervandalism: Thousands hit monthly
Record-breaking year for security incidents expected
Badtrans worm leaves backdoors, logs data
Wall St. blocks IM traffic flow
Instant messaging at work jumps 110 percent
What lies ahead for the messaging enterprise?
AOL Instant Messenger built into Nokia phone
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
TECHNOLOGY TOP STORIES:
Report: SUVs pose danger to cars
New telemarketer tool trumps TeleZapper
Terra Lycos logs $2.2B loss
AOL to offer song downloads
Microsoft seeks fiscal fountain of youth
|Back to the top|