Users of public instant-messaging (IM) networks and Internet Relay Chat (IRC), beware: You may be the target of malicious hackers — known as “crackers” — that want to use your computer in a distributed denial-of-service (DDoS) attack that could affect Web sites. Just participating on those networks, though, won’t put you directly at risk.
The CERT Coordination Center has published an incident note with a warning to anyone running a system that uses IRC or public IM networks. CERT says it has received reports of “social engineering attacks,” where crackers trick unsuspecting users into downloading and executing software that can be used to launch a DDoS attack.
Two of the most prominent denial-of-service attacks occurred in 2000, when CNN and Yahoo’s sites were affected by such assaults. A DDos attack is designed to bring a network or a Web site to its knees by flooding it with useless traffic.
CERT says that “tens of thousands of systems” have recently been compromised in this manner by crackers.
Other reports say that Trojan horse and backdoor programs are being propagated via similar techniques, CERT said. A Trojan horse is a destructive program that masquerades as a benign application, like an anti-virus program. A backdoor program, also known as a trapdoor, plants an electronic way into a program, computer system or online service.
The would-be intruders use automated tools to send messages to unsuspecting users of IRC or IM services, CERT said. The message senders typically offer the end-user the opportunity to download software of some value to the user, like a way to improve music downloads, anti-virus protection or pornography.
A user can simply ignore the message, and nothing will happen to his or her PC. But if the person downloads and executes the software, their system is co-opted.
One such message reads:
You are infected with a virus that lets hackers get into your machine and read ur files, etc. I suggest you to download [malicious url] and clean ur infected machine. Otherwise you will be banned from [IRC network].
This wave of attempted cracking is called social engineering, since the user’s decision to download and run the software is the deciding factor in whether or not the attack is successful. “Although this activity is not novel, the technique is still effective, as evidenced by reports of tens of thousands of systems being compromised in this manner, CERT said in a statement.
Users can avoid such problems by not running programs of unknown origin. Running and maintaining an anti-virus software program can also help to rid a PC of these malicious programs — the code being distributed in these attacks is under continuous development by intruders, but most anti-virus software vendors frequently release updated information, tools or virus databases to help detect and recover from the malicious code involved in this activity, CERT said.
For home users, CERT has a Home Network Security tech tip, which provides an overview of the risks users face when connecting to the Internet, as well as pointers on how to avoid those risks.
Bob Woods is the managing editor of InstantMessagingPlanet.