Hack attacks are becoming more common these days. Besides beefing up your computer's security, you should also know who you're protecting yourself from, says columnist Robert Vamosi.
COMMENTARY--A few weeks ago, I discussed the dangers of having open ports on a computer. This week I'd like to call your attention to a report that provides an insider's view of what happens when teenage hackers use hundreds of open-port PCs like yours and mine to shut down Web sites in what is commonly known as a distributed denial-of-service attack (DDoS).
The report by Steve Gibson, whose Gibson Research site was taken down in early May, alleges that changes made in Microsoft's new XP operating system (specifically, the full implementation of Unix (news - web sites) sockets, currently found in Windows 2000 (news - web sites) systems) will make it harder for system administrators to stop future attacks, and will promote "an escalation of Internet terrorism the likes of which has never been seen before." Of course, Microsoft disagrees. Read more about this debate here.
What I found interesting about Gibson's report were the messages exchanged between Gibson and the young hackers, Wkd ("Wicked"), b0ss, and others, who brought down his site. Wkd turns out to be a bright 13-year-old boy living in Kenosha, Wis., using a pirated EarthLink reseller ISP. Apparently, he and his buds thought Gibson had used the derisive phrase "script kiddies" to describe all young hackers.
Young hackers, unlike most urban gang members, tend to be suburban kids who try to one up (or "dis") each other's computer skills. Many of these cyber-gangsters get their kicks by mobilizing your computer and mine to attack or just parry with one another in turf wars. These cyber-gangsters also tag--not with spray paint, but with silly Web site defacements. These cyber-gangsters aren't necessarily malicious, just bored. Yet it's often the malicious minority who make the news with their drive-by attacks on major commercial Web sites like Yahoo or Amazon.
To carry out these pranks (whether malicious or otherwise), Wkd and other young hackers author Trojan horses (called "bots") that allow them to indiscriminately access infected computers across the Internet. A lot of these bots are actually derived from SubSeven, a customizable Trojan horse program that's available on the Internet. Wkd claims to have authored his own custom bots. They also trade IP address lists of machines already inflected by cable- or DSL-bots, making their DDoS attacks somewhat easier to pull off.
So, how does a bot get inside your machine and open ports? Visit any random Web site, and by simply viewing the page, you could be downloading some bot-infected ActiveX or Java code. Open any e-mail attachment or share any bot-infected document from a co-worker in another office, and your computer might suddenly start communicating with the Internet without your permission.
Until last month, Word's harmless RTF file format was considered to be an unlikely source for Trojan horses. Last week, a Russian virus called Goga used a flaw in RTF Word documents to hide a Trojan that connects to the Internet and sends your Internet access password information to another party.
Open ports and any unsolicited attempts by your computer to contact the Net should always be a cause for concern. Unfortunately, most of us never really know what our computers are doing. Keep restless youths from playing in your cyber-backyard by doing the following to monitor your PC:
Keep your antivirus software up to date.
Install a firewall such as Zone Alarm or BlackICE.
In addition to these precautions, consider installing some of the new behavior-monitoring software programs that offer an extra layer of protection from all forms of malicious code.
What do you think about bored, computer-literate youths roaming the Internet? TalkBack to me below.