Attack of the Internet Robots
One of
the most highly sought after PCs on the Internet today is yours.
Especially if it is connected by way of digital subscriber link or
cable modem! If your PC is constantly connected to the Internet, then
the dark side of the Web wants you! It's painless, you won't
feel a thing. Oh, they don't want your data (some
do, but not the ones I'm talking about here), they want your machine
to add to their "attack" group.
Your
machine will be a robot, used to deliver bogus messages against
selected targets to knock Web sites completely off the air. The
attacks are called denial of service attacks and they are becoming a
worse problem than ever.
Few
home-bred attackers use anything other than Microsoft Windows which,
up until this coming October when Windows XP hits the shelves, won't
allow "spoofing," or hiding the Internet address of the
sender. The new XP may turn the Net into a horror story of anonymous
attacks. But even now, your PC may be a culprit in the
terrorist war against established Web sites. In a recent attack on
Steve Gibson's company Web site GRC.com, no less
than 474 separate PCs launched a "distributed"
denial of service attack, knocking GRC.com off the
air several times in the week or so that followed.
The
culprit was a 13-year-old who had scavenged the attack robot software
and decided to attack Gibson's company's Web site. For
complete details of the attack and how it was fended off, check out
http://grc.com/dos/grcdos/htm
How
does it work? A small "attack" program, usually very small
and cleverly named to avoid detection. is e-mailed
as a Trojan, or virus-type program, to several different mailing
lists. The Trojan loads itself and “calls home” the next time
you access the Internet.
If you
are constantly on, the response is immediate. The newly installed
attack robot gives the new PC address (yours) to the "robot
controller" who sent the program in the first place. The Trojan
attaches itself to your mailing list, so you pass the nasty little
program along to all your e-mail friends. They, too. will become
attack robots. Once they have called home, they wait for further
instructions. When the "robot controller" sends the right
code, your machine will constantly transmit bogus messages designed
to create errors against the newly selected target, along with
hundreds of others, and the target will succumb to overload.
Your machine won't tell you what it is doing. You will not be able
to do your regular Internet thing, but it looks like you are only
having problems with your connection.
Most firewall programs
have been updated to look for the "attack
robot" program format, but one well known firewall did not
detect the most recent program. Check with your firewall provider for
updates and install them as soon as possible. Make
sure you have all the patches to Microsoft Explorer. even the newer
versions.
Check
Gibson's Web site for details on how to determine if a robot already
resides on you PC and his review of firewall programs. If you don't
use a virus program or firewall against the bad guys, you just
might become one of them.
George
Mindling ©
2001