Friday, July 20, 2001

George Mindling Column 7-20-2001 - Internet Robots

Attack of the Internet Robots


One of the most highly sought after PCs on the Internet today is yours. Especially if it is connected by way of digital subscriber link or cable modem! If your PC is constantly connected to the Internet, then the dark side of the Web wants you! It's painless, you won't feel a thing. Oh, they don't want your data (some do, but not the ones I'm talking about here), they want your machine to add to their "attack" group.

Your machine will be a robot, used to deliver bogus messages against selected targets to knock Web sites completely off the air. The attacks are called denial of service attacks and they are becoming a worse problem than ever.

Few home-bred attackers use anything other than Microsoft Windows which, up until this coming October when Windows XP hits the shelves, won't allow "spoofing," or hiding the Internet address of the sender. The new XP may turn the Net into a horror story of anonymous attacks. But even now, your PC may be a culprit in the terrorist war against established Web sites. In a recent attack on Steve Gibson's company Web site GRC.com, no less than 474 separate PCs launched a "distributed" denial of service attack, knocking GRC.com off the air several times in the week or so that followed.

The culprit was a 13-year-old who had scavenged the attack robot software and decided to attack Gibson's company's Web site. For complete details of the attack and how it was fended off, check out http://grc.com/dos/grcdos/htm

How does it work? A small "attack" program, usually very small and cleverly named to avoid detection. is e-mailed as a Trojan, or virus-type program, to several different mailing lists. The Trojan loads itself and “calls home” the next time you access the Internet.

If you are constantly on, the response is immediate. The newly installed attack robot gives the new PC address (yours) to the "robot controller" who sent the program in the first place. The Trojan attaches itself to your mailing list, so you pass the nasty little program along to all your e-mail friends. They, too. will become attack robots. Once they have called home, they wait for further instructions. When the "robot controller" sends the right code, your machine will constantly transmit bogus messages designed to create errors against the newly selected target, along with hundreds of others, and the target will succumb to overload. Your machine won't tell you what it is doing. You will not be able to do your regular Internet thing, but it looks like you are only having problems with your connection.

Most firewall programs have been updated to look for the "attack robot" program format, but one well known firewall did not detect the most recent program. Check with your firewall provider for updates and install them as soon as possible. Make sure you have all the patches to Microsoft Explorer. even the newer versions.

Check Gibson's Web site for details on how to determine if a robot already resides on you PC and his review of firewall programs. If you don't use a virus program or firewall against the bad guys, you just might become one of them.

George Mindling © 2001