New swiss army knife-type tool called Phatbot will lead to new wave of spam and DDOS attacks with P2P-based shared resources.
By some estimates, hundreds of thousands of computers running Microsoft’s Windows operating system have already been infected worldwide. The tool, a program that security researchers have dubbed ‘Phatbot,’ allows its authors to gain control over computers and link them into P2P networks that can be used to send large amounts of spam e-mail messages or to flood Web sites with data in an attempt to knock them offline.
Content access, ddos, denial of service, Microsoft, P2P, shared resources, spam, Windows, zombie
Many of us know that Korea (.kr) is the source of a large proportion of spam. It was with some amusement, this morning, that I noticed a lesser number of unwanted emails in my inbox, followed by stories of the SQL worm that affected Microsoft servers worldwide:
- First article pointed out by Adam Peake of Glocom in Japan, Korea’s MIC Issues Emergency Alert Against Computer Hacking:
The Ministry of Information and Communication (MIC) issued emergency alerts Friday warning domestic personal computer (PC) users to be on guard against being used for distributed denial-of-service (DDoS) assaults. The ministry said it was raising the alarm after it received reports international hackers were using Korea as a springboard to launch their electronic attacks on other computers.
It said that starting from Jan. 5, the Korea Information Security Agency (KISA) has been receiving a large number of reports from U.S. and Australian media companies that their systems were being disrupted by Korean PC infiltrated by DDoS software.
- AP News also ran a story, Virus Overwhelms Global Internet Systems:
Bank of America Corp., one of the nation’s largest banks, said many customers could not withdraw money from its 13,000 ATM machines because of technical problems caused by the attack. A spokeswoman, Lisa Gagnon, said the bank restored service to nearly all ATMs by late Saturday afternoon and that customers’ money and personal information had not been at risk.
Millions of Internet users in South Korea were stranded when computers at Korea Telecom Freetel and SK Telecom failed. Service was restored but remained slow, officials said. In Japan, NHK television reported heavy data traffic swamped some of the country’s Internet connections, and Finnish phone company TeliaSonera reported some problems. …
The virus-like attack, which began about 12:30 a.m. EST, sought out vulnerable computers on the Internet to infect using a known flaw in popular database software from Microsoft Corp. called “SQL Server 2000.” The attacking software was scanning for victim computers so randomly and so aggressively, sending out thousands of probes a second, that it saturated many Internet data pipelines.
More info on the problem is available, both at Microsoft (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-039.asp) and at CERT (http://www.cert.org/advisories/CA-2003-04.html). I’d think that any sys admin who chose to run MS servers would be aware of the special, well-documented, and ongoing need for extra care in monitoring the need for and applying patches, but apparently this isn’t so. As Walt Kelly said some 30 years ago, “We have met the enemy… and he is us”
There’s a thread following this on Dave Farber’s Interesting People archive. Of special note are comments by Karl Auerbach (regarding vulnerability of cross-linking communications systems) and Rich Wiggins (Microsoft isn’t mirrored? How shortsighted!).
Content, Network CERT, ddos, KISA, Korea, Microsoft, security, servers, spam, virus