Thanks to David Sunfellow for bringing this to our attention:

POTENTIAL 'ATTACK' SOFTWARE PLANTED By Ted Bridis, WSJ Interactive Edition June 9, 2000

http://www.zdnet.com/zdnn/stories/news/0,4586,2585095,00.html

A computer-security company said it has evidence that new "attack" software has been implanted in a coordinated effort in perhaps thousands of business and home computers, which could be used to cripple e-commerce and other Web sites.

The software is secretly loaded onto computers when a victim launches what is partially disguised as a small video file received in e-mail or found on the Internet. The program effectively turns a victim's computer into a platform for remote-controlled attacks on Web sites.

The greatest threat is posed to e-commerce Web sites, which could be disrupted if "zombie" computers with the attack software were instructed to overwhelm those sites with floods of spurious data, called a "distributed denial of service" attack. The same technique, on an enormous scale, was used in February to bring down some of the Internet's marquee sites, including Yahoo!, CNN and eBay. But in those cases, hackers broke into corporate and academic computers to implant the attack software rather than tricking victims into implanting it themselves.

The security company, Network Security Technologies Inc., of Herndon, Va., said it planned to turn over copies of its evidence today during a meeting with investigators from the FBI's National Infrastructure Protection Center. The FBI declined to discuss the matter, but one federal law enforcement source speaking on condition of anonymity confirmed that the threats appear genuine.

Changes name randomly

The program appears to be a video file in the so-called avi format, but actually carries an "exe" extension, signifying that it will execute commands on the computer. The name of the infected file changes randomly to avoid easy detection, but typically includes nonsensical letters, such as "WUYILLKM."

Network Security officials said they have identified as many as 2,000 computers world-wide implanted with the attack software, which registers itself with two computers -- one in Maine and another in Canada -- each time a victim logs onto the Internet. Todd Waskelis, a Network Security vice president, said the firm believes the people behind those computers, known online as "Badman" and "Serbian," are directly responsible, "but we can't prove it."

During one online chat session hosted on the computer in Canada, which Waskelis said was recorded, the hacker known as Serbian referred to police officers as "constables." He also boasted to a colleague that he controlled "thousands" of computers.

An Internet-design company, New Media Designs, of Aurora, Colo., confirmed the attack software was discovered on one of its computers after it was tipped by Network Security. An employee, Grant Stanion, said the program was easily removed once it was detected.

The software runs only on computers with Microsoft's Windows 95 or Windows 98 operating systems. Network Security said it discovered the problem after one of its employees inadvertently downloaded and launched the infected file onto a laptop computer, a serious breach of security etiquette. When the laptop was connected to its corporate network, administrators noticed suspicious data traffic and investigated.

-- Jan Nickerson (JaNickrson@aol.com), June 11, 2000