Fair use for educational/research purposes only

Beware the Computer Zombies by Michelle Delio 10:00 a.m. Dec. 29, 2000 PST

Tens of thousands of computer systems may have been secretly invaded by "zombies" that could suddenly spring to life over the upcoming holiday weekend, the National Infrastructure Protection Center says.

The zombie computers, controlled remotely by crackers, will then eat the brains of the Internet.

Based on "FBI investigations and other information," the National Infrastructure Protection Center (NIPC) has issued a special night of the living dead warning for the holiday weekend.

The agency says that there is a high potential over the next few days for distributed denial-of-service (DOS) attacks, the same cyber attacks that crippled the Internet in February 2000, and is advising IT personnel to take some extra precautions before they head out of the office on Friday.

The NIPC advises network supervisors to run the NIPC's free "Find DDOS" utility to determine if a network harbors any of those nasty DOS Trojans such as Trin00, Tribal Flood Net, TFN2K, MStream, Stacheldraht and Trinity v3, that can turn a mild-mannered system into a crazed zombie computer.

Windows NT administrators should particularly check for the presence of the SubSeven Trojan, which would indicate that a system harbors a zombie.

The NIPC also suggests making sure that virus screening programs are up to date and ready to handle the anticipated glut of e-mail on Tuesday.

And, in case the worst does happen and users are confronted with a crowd of computer cadavers, the NIPC suggests that companies should also consider having a contingency plan, including a way to contact their Internet service provider and a security response team in case of attack.

Andrew Antipass, a Manhattan-based corporate security consultant, says he thinks the Internet will see some "sensational" DOS attacks in 2001.

"Could it happen over the holiday weekend?" Antipass said. "Sure, because when so many business and university machines are left unattended for a few days, you always have to consider that someone will realize it's an optimum time to muck about in systems."

The NIPC and other security experts also suggest a "lights out" check to ensure that all users have logged out of the system before they leave the office.

People tend to want to escape fast over the holidays, and they may leave without closing down their connections. That leaves the network open to anyone who happens to be in the vicinity, either virtually, or -- more likely –- people who are physically in your office.

"That's not to say office cleaning crews are actually frustrated crackers, but in some circles corporate espionage isn't unheard of," Antipass added.

The NIPC also advises running a full data and system backup before stopping work for the holiday weekend. And if systems will be left running unattended, they also suggest applying all current security patches as well.

Antipass suggests that security supervisors should plan to start off the new millennium right by reminding users "once again" that they should "never" open any e-mailed attachments, such as documents, screen savers or pictures that have been sent to them.

"I'm stressing to people that they shouldn't open anything from anyone unless they are specifically expecting to get a document via e-mail. It's important to tell people, and then tell them again, that nasty viruses and worms can be sent from someone you know.

"It doesn't mean they are out to get you, (it) just means you have some lame friends or co-workers who clicked on something they shouldn't have."

MonKeeBiz, a self-described "freelance systems and security investigator", said that the NIPC warning is "somewhat justified" in its warnings and fears.

But he added that the "real story" behind the furor over DoS attacks is that there is a patch readily available for the hole that is being exploited.

"If the zombies are gathering on the front lines, then why are so many people aiding and abetting them by not applying security patches?" MonKeeBiz said.

"Didn't you folks see the Night of the Living Dead? When the zombies started lurching around and lunching on people, the first thing those people did was board up the windows and the doors. Same thing here -– apply the patches and then go out and party."

http://www.wired.com/news/lycos/0,1306,40905,00.html

-- Martin Thompson (mthom1927@aol.com), December 29, 2000