|
 n
this Internet age there is always a new hack or hacker in the news, and it's
always the same story with different names. I enjoy posting about them
anyway, though.
More
recent items are added on top of this page.
January
31, 2004
As the Mydoom worm continues to
spread madly (I got over 350 mails to this site today, of which probably 320
were Mydoom. The other 30 were mostly spam or other viruses.) the hunt
for the program's author is heating up. Microsoft has offered a $250k
reward for information leading to his arrest, which is sort of nice of them,
given that the program's initial DOS target of attack was a Linux site, and
that, for once, this isn't a virus that exploits some security flaw in Windows
or Outlook Express. (Just in their users.)
After dissecting the
malicious program, security experts got a little closer to unmasking the
perpetrator. The author apparently signed the worm with the name
"Andy" and left the message: "I'm just doing my job, nothing
personal, sorry."
The first infected e-mails
detected appear to have originated in Russia, but, Wood said, it was unclear
if they were the engineers behind MyDoom or just early victims.
Nabbing virus writers is a
difficult undertaking. Such clues have been used in the past to form a picture
of the suspect. "Most often virus authors are caught when bragging about
their exploits somewhere," said Wood.
Still, a series of bounties
Microsoft placed on the heads of the Blaster and Sobig.F virus writers in
November have come to nothing as chatter about their exploits has been scarce
in the usual online forums.
Given the tight-lipped
approach, security experts and police suspect the authors may be a new breed
of virus writers that possibly have a connection to organized crime groups or
spam e-mail peddling syndicates.
As opposed to bored script
kiddies eager to see if it really is that easy to put together a worm that will
infect millions of computers, largely thanks to their users not knowing what the
hell they are doing.
January
27, 2004
There's a
new email worm running amok across the Internet, and like all of the other
recent ones it scrambles the sender with random names from their email box, so
not only do you get a ton of spam, you can't even tell who sent it to you.
I've gotten several today from names @blackchampagne that don't even exist on my
machine.
SAN JOSE, Calif. - Network
administrators were working to stop a fast-spreading e-mail worm that looks
like a normal error message but actually contains a malicious program that
spreads itself and installs a program that leaves an open door to infected
computers.
The worm — called "Mydoom,"
"Novarg" or "WORM_MIMAIL.R" — was replicating itself so
quickly that some corporate networks were clogged with infected traffic within
hours of its appearance Monday. Its mail engine could send out 100 infected
e-mail messages in 30 seconds, experts said.
It runs on computers running
Microsoft Corp.'s Windows operating systems, though other computers were
affected by slow network and a flood of bogus messages. About 3,800 infections
were confirmed within 45 minutes of its initial discovery, according to the
security firm Central Command.
"This has all the
characteristics of being the next big one," said Steven Sundermeier,
Central Command's vice president of products and services.
Like most worms and viruses, it
only picks off the weak and lame, in Internet knowledge terms.
Unlike other mass-mailing worms, Mydoom does
not attempt to trick victims by promising nude pictures of celebrities or
mimicking personal notes. Instead, one of its messages reads: "The
message contains Unicode characters and has been sent as a binary
attachment."
"Because that sounds like a technical
thing, people may be more apt to think it's legitimate and click on it,"
said Steve Trilling, senior director of research at the computer security
company Symantec.
And like almost every other
worm, it hits MS machines only, though for once it's not MS' crappy programming
that's to blame.
Microsoft offers a patch of
its Outlook e-mail software to warn users before they open such attachments or
prevent them from opening them altogether. Antivirus software also stops
infection.
Christopher Budd, a security
program manager with Microsoft, said the worm does not appear to take
advantage of any Microsoft product vulnerability. "This is entirely a
case of what we would call social engineering — enticing users to take
actions that are not in their best interest," he said.
So far I've gotten about 50 of
them at this site, and 200+ at the D2 site, in just the past 7 or 8 hours.
Most of them are coming in with a blank subject, or "hi" for the
subject, with all of the attachments already deleted. Since I don't use
Outlook Express and have current anti-virus and never run any email attachments,
it's just a nuisance to delete them all searching for the occasional real email.
Who are these people that open
attachments they aren't sure about, and run computers without anti-virus
software? And can we get them off the Internet? They're like that
guy in a white minivan who's going about 10 MPH too slow in the passing lane
with his blinker on while talking on his cell phone, oblivious to the 20 car
line stuck behind his slow ass.
The
new worm, being called Mydoom, is now the fastest spreading ever, which I
find pretty amazing.
The Mydoom computer virus was
overtaking the Sobig.F bug as the largest virus outbreak ever, clogging the
Internet with some 100 million infected e-mails in its first 36 hours and
prompting the FBI to launch an investigation.
"Looking at the amount
of e-mail traffic, Mydoom has passed the Sobig.F virus as being the largest
outbreak ever," Mikko Hyppoenen, head of anti-virus research at the
Finnish group F-Secure, told AFP Wednesday.
"Globally it has
generated over 100 million infected e-mails," he added.
The New York-based security
firm MessageLabs said it had intercepted some 1.8 million copies of the bug
during the first 24 hours alone.
The Mydoom virus was found in
one of every 12 e-mails, while the Sobig.F was found in every 17, MessageLabs
marketing chief Brian Czarny said.
By early Wednesday it was
believed that between 390,000 and 500,000 computers had been infected around
the world, Hyppoenen said.
The reason I find it amazing is
that it's not a hack, and it doesn't take advantage of some hole in the MS OS.
It's just an attachment that people who are too dumb to have anti-virus are too
dumb to not click! How ever news item about this doesn't begin with
something like: "Stop clicking attachments, you idiots!" I don't know.
August
30, 2003
Some stupid script kiddy
in Minnesota has
admitted to authoring Blaster.B, and is likely going to get federal
criminal charges filed against him. His biggest sin is being 18, and thus
old enough to go to real prison, rather than just some juvenile hall type
slap on the wrist. Well, that and being really stupid.
Parson apparently took
few steps to disguise his identity. As a byproduct of each infection,
every victim's computer sent signals back to the "t33kid.com"
Web site that Parson had registered in his own name, listing his home
address in Minnesota. The computer bug blamed on Parson also included an
infecting file called "teekids.exe" that experts quickly
associated with Parson's Web site: Hackers routinely substitute
"3" for the letter "e" in their online aliases.
The "Blaster.B"
version of the infection, which began spreading Aug. 13, was remarkably
similar to the original Blaster worm that first struck two days earlier;
experts said the author made few changes, renaming the infecting file
from "msblast" to a "teekids."
So he got a copy of
Blaster, which wasn't exactly hard; hell I had several hundred sent right
to my inbox, and he modified it by changing the site the worm sent info
to, and put his own online nick in it as well. This is like a case
study in how not to run a worm. At least if your goal is to
not get caught doing it. I doubt the kid had any clue what to do
with the info he might have harvested with it either. I suspect he
read about Blaster online in various script kiddy forums and got a
dissected copy of it from some FTP in Sweden, put in his own tiny changes,
and sent it back out.
The judge isn't taking it
too seriously, letting the kid out for basically house arrest, and the
biggest punishment at this point is the FBI taking all of his computers; I
guess it'll be Simpsons rerun marathon time in the Parson's home now.
However if they do press charges he could get millions in fines and years
in prison, where he'll be a lovely new girlfriend to half a dozen real
criminals.
February
13, 2003
"Free Mitnick!"
Then hack
his ass!
The world's best-known
computer hacker suffered the indignity of having someone break into his
new security consulting company's Web site. But Kevin Mitnick shrugged
it off as "quite amusing," not serious enough for him to call
the FBI.
Mitnick said Monday that
the hackers apparently exploited separate flaws in Internet server
software from Microsoft Corp. The person responsible for the company's
Web site failed to apply the repairing patches available from Microsoft,
Mitnick said.
"I haven't had any
time to play webmaster, but it looks like I'll have to look into
it," Mitnick wrote in an e-mail to The Associated Press.
"Actually, it's quite amusing. All the hackers out there figure if
they can hack Kevin Mitnick's site, they're the king of the hill."
It's funny because he was
a big time h4x0r, but more so because his firm is a security consultant,
and they can't even get up to date patches on their server? And
they're running MS, of all things.
July
15, 2002
On Yahoo I saw this interesting
article about hackers working on programs to help people, rather than
their normal goals of gaining access to your PC so they can use it to
destroy commercial websites or trade pirated software.
The new software they (the hackers) are creating and
distributing are various types of super privacy additions to browsers and
chat clients. These can of course by used by terrorists, child
pornographers, and the hackers themselves to continue doing whatever in
secret. However they can also be used by people trapped in countries
with repressive governments (such as China, Iran, Iraq, etc) to surf any
sites they like, in secret.
An international hacker
group calling itself Hactivismo released a program on Saturday called
Camera/Shy that allows Internet users to conceal messages inside photos
posted on the Web, bypassing most known police monitoring methods.
In addition, "Mixter,"
an internationally known German hacker, said Hactivismo was preparing in
coming weeks to launch technology, which if adopted widely could allow
anyone to create grassroots, anonymous networks where Internet users
worldwide could access and share information without a trace.
This is of course totally against what most companies and especially
law enforcement wants, what with plans for universal identification
online, for ease of shopping and security, as well as surveillance. The
hackers are showing some publicity savvy, I'll give them that.
Six/Four protocol
designer "Mixter" told Reuters that the system is named in
honor of the date when Chinese authorities cracked down on democracy
activists in Tiananmen Square on June 4, 1989.
There is a lot more technical info in the article about how such
software will work, and the interesting thing about six/four is that it
will only work if lots of people around the world use it. It's
possible to tell if it's being used, and if only a few people are using
it, then it could apparently be tracked. Given that these hackers
are the type who are constantly passing around infected programs to get
backdoors on your computer already, it feels slightly insane to
intentionally install their stuff, for whatever noble purpose.
Towards the end of the article there is a funny gaff:
In the future they plan
to develop programs that will allow anonymous direct email, file trading
and untraceable chat programs that bypass conventional Internet
monitoring.
The latter is
especially important in places like China, where online chat is more
popular than Web surfing. The group's work can be found on the Internet
at
.
That's not a typo, the sentence just ends with an obviously missing
link. Removed pre-publication by an editor? Something the
article author meant to add in but didn't get back to?
It will be interesting to see where this goes in the future.
Experienced Internet users want privacy and anonymity, while the censoring
governments want to keep control of their citizens, and various
corporations want to give everyone an ID# online. Will we see the
FBI, Chinese government, and Microsoft collaborating to battle the
hacker's anonymity measures?
I've seen various articles in the past about major computer makers such
as Intel specially-modifying their servers and other hardware for sale to
China, to enable the country to more-easily set up their international
firewalls. Businesses are always more interested in profits and
sales than in trying to encourage democracy or freedom, so it's not as if
they wouldn't capitulate to whatever they had to in order to move more
merchandise.
I think that the early (and current) Internet days of user privacy and
secrecy are coming to an end. Most people online now are normal
adults, with jobs, families, etc. They don't care about piracy or
warez or being anonymous so they can hack IRC chats or whatever.
These are people with real lives, 5 credit cards, children, and a
mortgage. They don't care about totally anonymous surfing, since
they never do anything they feel a need to hide. Maybe they don't
want their boss to know they're looking at a new job on Monster.com, or
their wife to know of their porn surfing, but unless there are new browser
features that expose (to anyone) everything you've been doing online, the
average user is fine with their current level of privacy. Most
people know so little of how their browser cache or cookies or IP#
identify them that they probably think they are largely anonymous now
(hint, you aren't) so don't see any need for more cloaking, and I doubt
that will change.
So what will the Internet be in a few years? There are more
commercial sites every day; sites and services like Amazon.com and Pay Pal
and Ebay that more or less require an actual identity to use them fully.
Microsoft tried to put the unique permanent ID feature in with WinXP,
until bad publicity forced them to disable it. I think that contrary
to what hackers want, anonymity is steadily drying up on the Internet, and
will probably continue doing so in the future. If you want to have
useful services on the Internet, you'll need an identity to access them.
You can't wear a skimask to a bank and expect them to give you your money,
just because you assure them you aren't a criminal. But while there
is less anonymity on a personal level, savvy users will probably continue
to use secrecy software like the hacker stuff listed above for some
purposes. Activate cloaking mode to surf and check your hotmail,
deactivate it from time to time for shopping or checking your official
email. How long that is possible to continue with the corporations
who run the Internet working to remove the secrecy remains to be seen.
June
4, 2002
The X-box has
been hacked, at least partially. It's basically a pretty good
computer, with video card, sound card, etc, with various blocks to keep it
from being used as a real computer, and it sells for just $199.
Which is much less than the components cost; MS is just selling them for
that trying to make it back in software games. This would be sort of
the hacker's holy grail, given that most hackers are Linux geeks with
pathological hatred of Microsoft.
Computer enthusiasts
have been excited about the possibility of using the $199 Xbox, which is
technologically similar to a PC, as a stand-alone computer running
operating systems like Linux.
Some see it as the
ultimate slight against Microsoft -- using the software giant's own
hardware to run software that competes against its Windows operating
system.
|
