DoS: Have you presented a welcome mat to a bunch of hacks?

Are you hosting "zombie" machines? Lose the parasites! Exterminator examines this week's DoS attacks and more.

Coordinated, distributed denial of service (DoS) attacks paralyzed Web systems this week at eBay, CNN, E*Trade, and others, including Yahoo!. The latter is particularly surprising, as Yahoo! is a popular site and possesses more computing power than almost every other Web site on the planet.

Count on Exterminator!
Each Friday, Exterminator brings you news of important bug fixes, virus recovery information, service release announcements, security notices, and more from the prior week.

Of course, a coordinated, distributed DoS attack, which brings a Web site to its knees by flooding it with bad requests, relies upon “zombie” machines that have been infected by the hackers staging the attack. It’s possible you administrate one of these “zombie” machines.

System administrators can work to prevent such flare-ups as occurred this week by ensuring they’ve loaded, and are maintaining, current antivirus software on their machines. According to Internet Security Systems, the following tools are being used to launch the prevalent DoS attacks:
  • trin00
  • Tribal Flood Network (TFN)
  • Tribal Flood Network 2K (TFN2K)
  • Stacheldraht

The eradication of such programs on compromised machines could prevent similar attacks. Administrators might want to monitor their network traffic, too, in the event that they're suspicious of malevolent behavior.

For more information, see James McPherson’s article "Hacker’s attack! Are you vulnerable? "

Microsoft Security Bulletin (MS00-004), take two
Back in January, Redmond released MS00-004. At the time, the bulletin targeted a hole affecting RDISK creation on Windows NT 4 Server Terminal Server Edition. The bulletin has been updated to also address issues on Windows NT Server 4.0.

The problem is that RDISK creates a temporary file during creation of an emergency rescue disk, and that file can contain sensitive security information. However, access to that security information isn’t properly restricted.

You can download a patch, which addresses the issue, from Microsoft’s Web site, here.

Trend Micro reports new backdoor Trojan on loose
Trend Micro is receiving reports of the proliferation of a new backdoor Trojan program. TROJ_SUB7GOLD.21 permits hackers to remotely control an infected machine. The program arrives as an executable.

TROJ_SUB7GOLD.21 isn’t believed to have played a role in this week’s DoS Web attacks, but it can be used to steal confidential information, such as credit card numbers.

Trend Micro has more information about the Trojan on its Web site .

Have a comment?
If you'd like to share your opinion, please post a comment below or send the editor an e-mail .


Editor's Picks

Free Newsletters, In your Inbox