Hackers embed maclicious program on home computers linked to Internet 9.06 p.m. ET (117 GMT) June 8, 2000 By D. Ian Hopper, Associated Press

WASHINGTON (AP)  The FBI will meet with experts from a security company Friday to discuss the firm's discovery that hackers have embedded a malicious program disguised as a movie clip on 2,000 commercial and home computers, positioning themselves to launch an attack designed to shut down Web sites.

The problem, detected by a security firm that does work for the Justice Department, demonstrates the growing vulnerability that home computer users face as they begin to purchase permanent, high-speed connections to the Internet.

Without special software to protect them, Internet surfers using cable modem and digital subscriber lines are easy prey.

Even computers at some large computer companies were penetrated by the hackers, according to Network Security Technologies, which alerted the government to the problem.

"Anybody who is directly connected to the Internet through cable modems or DSL is extremely susceptible to these back-door programs. We have seen many, many attacks coming on to those people's machines,'' said Vincent Weafer, director of Symantec Corp.'s Anti-Virus Research Center in Cupertino, Calif.

The FBI National Infrastructure Protection Center and the bureau's Washington field office were looking into the incident, a senior Justice Department official said Thursday night, requesting anonymity.

The hackers, who used the nicknames "Serbian'' and "Badman,'' tested their network of infected computers Wednesday night and could launch an attack at any time, NETSEC said.

NETSEC said it alerted the Justice Department on Thursday about its discovery, and provided the government a list of 2,000 computers worldwide that have been infected with the malicious program.

The security firm suspects the hackers are adding to their numbers daily and could soon launch a major attack.

"They're gathering up their armies, and as that number increases, so will their testosterone level,'' said Todd Waskelis, a vice president at NETSEC.

The Herndon, Va.-based company first learned of the hackers' plans when the vandals tried to penetrate one of NETSEC's computers, and protective software detected it.

NETSEC employees have since monitored an Internet chat room set up by the hackers as the vandals identified victimized computers, discussed strategies and boasted of their work.

"When he thinks all of those clients are sleeping, one of them is really active and watching them,'' Waskelis explained.

The hackers planted a file that looks like a movie clip on home and commercial computers across the world. The file essentially turns the infected computer into a "zombie'' machine that the hackers can control, NETSEC said.

When the fake movie clip is activated, the malicious program called "Serbian Badman Trojan'' runs without any visible clues to the user. The program sends passwords, network details and other information to the hackers.

Armed with that information, the hackers can then use the infected computer as a permanent gateway to access personal and corporate files or to launch massive denial of service attacks on Web sites.

In such an attack, the zombie computers can be used to send thousands of repetitive requests, clogging a Web site's computers until they seize up.

Hackers used a similar strategy during well-publicized attacks in February that included CNN's news site, the Yahoo! Internet portal and book seller Amazon.

NETSEC officials said they uncovered computers across the world that were penetrated by the hackers, including in Austria, Greece, Canada, Russia, France and the United States.

A handful of machines belonged to computer companies, like New Media Systems in Aurora, Colo. "It was surprising that someone called us externally. We can't be sure how it even got here,'' said Grant Stanion, a network developer at New Media who tracked down the malicious program on one of the company's computers after getting a call from NETSEC.

Most of the infected computers belonged to home users connected to high-speed Internet providers, NETSEC said.

Home users are especially susceptible because they do not have up-to-date antivirus software or firewall programs that block hacker attacks. Also, most home users have fixed Internet addresses that are easily identified.

NETSEC, founded by two alumni of the National Security Agency and Department of Defense, provides computer emergency services to the Justice Department.

Their office suite, located in suburban Washington, resembles an electronic fortress. Cameras line the hallways, and most of the company's employees aren't authorized to access secured rooms.

One room, called the "Attack Lab,'' resembles an abandoned office in a university computer science department. Amid a musty smell and a few scattered computers, firm engineers track computer vandals worldwide.

"We're all hackers, in the traditional sense of the word,'' Waskelis said. "If we find something like this, we want to pick it apart and see what it's doing.''

http://www.foxnews.com/national/0608/d_ap_0608_254.sml

-- Martin Thompson (mthom1927@aol.com), June 08, 2000