Just When You Thought It Was Safe to Chat Online

SAN FRANCISCO (09/07/2000) - Security researchers have discovered what they believe is the first distributed denial-of-service tool that uses Internet relay chat, a real-time chat system, to direct hits on target computers.

The tool, dubbed Trinity v3, has been used to launch denial-of-service attacks on several educational institutions but no major e-commerce Web sites as yet, according to Chris Rouland, director of Atlanta-based Internet Security System's internal research and development group, called X-Force.

Hackers use distributed denial-of-service, or DOS, attacks, like the ones launched in February against eBay Inc. (EBAY) , Yahoo Inc. (YHOO) and several other sites, to flood Web sites with so much traffic that they become inaccessible to legitimate traffic. They do this by embedding software onto other machines, which then are used as agents to launch the attack.

Hackers have been using Internet Relay Chat, or IRC, systems for at least a year to control compromised computers via back doors and programs called trojan horses that contain hidden malicious instructions. Until now, though, IRC systems haven't been used for DOS attacks, Rouland says.

"The reason they're using IRC is because it's a very effective guaranteed delivery client-server transport mechanism that also provides the attacker with anonymity," says Rouland. "It's easy to log in and hide your identity."

Because of the ease with which hackers and malicious code writers can use IRC and the instant chat system ICQ to spread viruses, Rouland recommends that corporations block access to the systems. "IRC and ICQ are both very risky Internet behaviors because you are establishing a TCP/IP, or handshake, connection with untrusted hosts," he says.

Trinity automatically logs the compromised computer onto a specific IRC system, whereupon the hacker can control that computer and others by logging onto the same chat channel.

More than 400 host computers, all running Linux, were found to have Trinity installed, Rouland says. The tool not only allows a hacker to use the compromised machine to launch DOS attacks - it also allows the hacker, or anyone with password access to the IRC system, root access to the compromised machine, enabling visitors to do anything to the computer that they want.

More about: eBay, ICQ, On Target, X-Force, Yahoo

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/170/gadwin-geforms/

Gadwin GeForms

GeForms allows you to create your own forms or fill in existing forms electronically. Using GeForms you are provided with sophisticated form design tools which ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia