VANDALS WHO STRUCK at the Nets biggest Web sites earlier this month most likely used Sun Microsystems Solaris systems, or other machines using the Linux or Unix operating systems. There are three software packages  Trinoo, Tribal Flood, and Stacheldraht  that make it easy for mischievous computer programmers to initiate denial of service attacks.

Until recently, those programs wouldnt run on Windows-based computers. But researchers have discovered that virus writers have updated Trinoo so it runs on 32-bit versions of Windows, including Windows 98, Windows NT, and Windows 2000.

The analogy I use for last weeks attack, you needed to run it on Maseratis. Now the tool is available for Fords.

That means the next time vandals launch a so-called DoS attack, they may turn innocent home PC users into relay points for the assault. This opens the door for a much broader attack, said David Perry, a spokesperson for antivirus firm Trend Micro. The analogy I use is for last weeks attack, you needed to run it on Maseratis. Now the tool is available for Fords.

Trend Micro actually classifies the program as a virus; updated antivirus software should protect most home users. The rogue program can arrive in any number of ways, but most likely will infect users the same way the Melissa virus did  by tricking users into opening an infected e-mail attachment.

The tool is similar to Back Orifice in some respects. That infamous virus allows a computer intruder to control a victims PC from any other computer on the Internet. At any given time, Back Orifice can be found on thousands of computers. If Trinoo spreads similarly, that would give would-be computer vandals an ample arsenal from which to launch another Yahoo-style attack.

The virus has been found in the wild, Perry said, indicating his company knows of three or four real-world victims.

But home PC users who are still using basic dial-up Internet access face little risk from Troj_Trinoo, because they receive a different Net access point, or IP address, each time they log on. The virus should be of great concern to cable modem users or DSL users, who keep the same IP address at all times, Perry said.

http://www.msnbc.com/news/367495.asp#BODY

-- Martin Thompson (mthom1927@aol.com), February 23, 2000