Return-Path: <sentto-279987-3956-1006847035-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Mon, 26 Nov 2001 23:47:12 -0800 (PST) Received: (qmail 14770 invoked by uid 510); 27 Nov 2001 07:44:18 -0000 Received: from n27.groups.yahoo.com (216.115.96.77) by all.net with SMTP; 27 Nov 2001 07:44:18 -0000 X-eGroups-Return: sentto-279987-3956-1006847035-fc=all.net@returns.groups.yahoo.com Received: from [10.1.4.56] by n27.groups.yahoo.com with NNFMP; 27 Nov 2001 07:43:54 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 27 Nov 2001 07:43:54 -0000 Received: (qmail 41331 invoked from network); 27 Nov 2001 07:43:53 -0000 Received: from unknown (216.115.97.171) by m12.grp.snv.yahoo.com with QMQP; 27 Nov 2001 07:43:53 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta3.grp.snv.yahoo.com with SMTP; 27 Nov 2001 07:43:52 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fAR7jZD08426 for iwar@onelist.com; Mon, 26 Nov 2001 23:45:35 -0800 Message-Id: <200111270745.fAR7jZD08426@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Mon, 26 Nov 2001 23:45:34 -0800 (PST) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Alpha.Force.on.Voyage.to.Hack.Web.Servers] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Alpha Force on Voyage to Hack Web Servers By Robyn Weisman, www.NewsFactor.com, 11/26/2001 <a href="http://dailynews.yahoo.com/h/nf/20011126/tc/14957_1.html">http://dailynews.yahoo.com/h/nf/20011126/tc/14957_1.html> Internet security firm SecurityFocus.com has discovered new hacker "malware" that unites the ability to launch distributed denial of service (DDoS) attacks with the replicating technologies that, until now, were automated only in computer viruses and worms. According to SecurityFocus.com, the new malware, known as Voyager Alpha Force, "is human-controlled through Internet Relay Chat (IRC) communications by connecting to an IRC server and joining a password-protected channel." Voyager subsequently enables hackers to control a large number of "bots" on infected Microsoft SQL server hosts. Hackers can then manipulate these controlled agents, either to start a DDoS attack or to continue reproducing on other incorrectly configured SQL hosts. How It Works "The code contains a few different DoS functions, which the person controlling the agents can choose from," Ryan Russell, an incident analyst for SecurityFocus.com, told NewsFactor Network. "All they have to do is issue a single command for the type of DoS they want, and the victim's address. However, many victims that are online at the moment will carry out the command." Russell explained that if a system administrator (SA) does not have a password on his or her MS SQL Server SA account, any attacker could execute whatever command they want on that particular server. "Voyager checks to see if it can issue a 'ver' command, and if that succeeds, it builds a script for the victim's FTP client program that will cause the victim to download a copy of the code," Russell said. "It has been reported elsewhere that the FTP server was shut down, so this thing can't spread any longer, [but] that's not correct [because] there are commands to change the FTP server, which makes it easy for the person controlling the attacks to simply move his files elsewhere," Russell said. "We know for a fact that there were still new infections taking place after the first FTP server was shut down." P2P: Latest in Hacker Tools Matthew Kovar, Internet security analyst for the Yankee Group, told NewsFactor that peer-to-peer (P2P) services such as instant messaging will be the dominant exploit target for hackers as these services are rolled out to corporate customers. Said Kovar: "Information security officers should take appropriate steps to create policies and procedures that limit and control the utilization of these services, even going so far as to disallow them altogether." Perfect Wedding Trousseau? Bill Malik, vice-president and research area director of Gartner Inc.'s Internet security group, told NewsFactor that while he had not yet heard of Voyager, it certainly seems plausible. "The advice that users configure their systems to replace default passwords is about forty years old -- and still true," said Malik. "We can't move forward and start exploring the consequences of new mistakes unless we collectively stop making the same old mistakes." Malik found it interesting that the malware exploits something old -- improperly installed SQL Server -- and something new -- a messaging service. Quipped Malik: "If they were to additionally exploit something borrowed (shareware) and something blue (an online porn site), they would have a perfect wedding trousseau." ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:59 PST