Worms: One More Reason to Install a Personal Firewall
In a newly released paper, the Honeynet Project explains how intruders unleashed worms that successfully installed themselves in its Win98 honey pot using intentionally unprotected network shares.
November 22, 2000
Remember the Honeynet Project? I discussed it in my July 6, 2000, column. At that time, the project team had just released a paper that revealed details about how system crackers had fallen prey to itsUNIX-based honey pot trap. More recently, the group has beenexperimenting with a Windows 98-based honey pot, and, as you might havealready guessed, as soon as the group placed the new honey pot online,the system began to receive probes.
In a newly released paper, the Honeynet Project explains howintruders unleashed worms that successfully installed themselves in itsWin98 honey pot using intentionally unprotected network shares. I readthe paper last week and found it very interesting. According to the report,the attacking worms weren't designed to inflict damage or steal data;they were designed to steal CPU cycles for a contest hosted byDistributed.net.
Distributed.net conducts public contests to crack various forms ofencryption. To facilitate the contests, the company offers clientsoftware that attempts to crack the unknown encryption key by bruteforce. The client program runs in the background using spare CPU cyclesto test keys one by one until the successful key is found. Participantscan join teams where all individual team members' key tests count forthe team as a whole. Distributed.net awards considerable cash prizes tothe person or team that discovers the working encryption key. And cashis plenty of incentive for some crackers--that's why they created theworm: it silently installs Distributed.net client software, which stealsunsuspecting users' spare CPU cycles for their team in hopes that theteam will win the cash.
When I first heard about this ploy, I chuckled. After all, using aworm to steal CPU cycles is rather harmless. But consider the biggerpicture: If a worm can steal CPU cycles, what else can it steal?Usernames and passwords?
I read another interesting story last week that details how certainRussian crackers who can't afford Internet access still manage to getonline everyday. To gain Internet access, the Russian crackers break into unsuspecting users' systems and steal their Internet logoncredentials. With the credentials in hand, the crackers hijack a user'sISP account for a day and, among other things, use the account toinfiltrate more systems looking for additional logon credentials. Thisway they quickly develop a running supply of Internet access accounts.
Not only could this cost users' money through unauthorized use oftheir account, but it could also place users at risk because thecrackers masquerade as the unsuspecting users by virtue of the accountuse. If a crime is perpetrated and detected, the account owner must faceauthorities to explain.
There's really no such thing as a harmless worm. Minimally, othercrackers will take known worm code and, with a few quick tweaks, turn aworm designed to steal CPU cycles into a worm that can steal your mostsensitive information--or perhaps even worse, use your system to commitother crimes. To help stop intruders, consider a desktop firewall--it'sworth every penny.
If you think you can't afford a desktop firewall, know that there arefree firewall products available today. One product I learned about justthis week is Tiny Software's Tiny Personal Firewall, which is currentlyin V.2 beta release. The company announced Monday that it's offering the product free for personal use with the final V.2 release due by December 1, and although I haven't tested the product, its specifications sound promising. If you need a free desktop firewall, be sure to check it out. Until next time, have a great week.
About the Author
You May Also Like