Watch out for worm wars: Possible criminal activities as after-effect
Joris Evers writes in C|Net News:
The recent surge in worms could be part of an underground battle to hijack PCs for use in Net crimes, some security experts say--but others aren't convinced.Okay, trade press being as it is....
Signs of a turf war between cybercrooks lie in the behavior of the worms that have emerged since Sunday, said Mikko Hypponen, chief research officer at F-Secure, a Finnish security software company.
The dozen or so worms and variants all exploit a security hole in the plug-and-play feature in the Windows 2000 operating system. But some versions undo the effects of earlier worms, suggesting that the creators are battling to take over computers that others have already compromised, Hypponen said.
Now, you can go read the rest of the article for yourself, but my opinion is that this is the prelude to a massive, and I mean massive, criminal effort to plant keyloggers (or other similar forms of malware) on pwn3d! computers, and perpetrate one of the largest collective ID and financial theft actitivities known thus far.
I don't mean to be an alarmist, but this has a preemptive smell to it, and I've been doing network security work for a long, long time. I hope I'm wrong.
As an example, in the initial establishment (initial MS05-039 infection vector) of zombified botnets I saw earlier this week, after the initial port 445 port scanning inside a particular prefix (a contiguous block of IP adresses) was completed, everything went pretty much quite. Of course, people fighting the fire would be lulled into a sense of satisfaction that they had pretty much neutralized the attack, but in reality, the zombie computers could have indeed been (at that point) downloading new malware onto the victimized host via commands from the C&C bot controller by IRC commands.
Actually, thinking of the depth and scope of this, it actually makes the hair on the back of my neck stand up...
Let's be careful out there....
posted by Fergie @ 8/17/2005 03:06:00 PM
0 Comments:
Post a Comment
<< Home