The programs mentioned below have been covered at www.cert.org.
Check out the "Distributed Denial of Service Tools" link.
On Wed, 15 Dec 1999 [EMAIL PROTECTED] wrote:
>> Ok, I have to say I've never seen this one in the typical Hoax "alerts"
>> people pass around, I'm not sure how these programs can "lie dormant until
>> activated" (sure crontab, but it'd be pretty obvious somethings up..)
>> anyone confirm this is a hoax?
>>
>> >>>>
>>
>> Malicious programs lie in wait, FBI warns
>> By Bruce V. Bigelow
>> STAFF WRITER
>> Union-Tribune Publishing Co.
>> December 15, 1999
>>
>> The FBI's nerve center for cyberspace crimes has warned that outlaw hackers
>> may use a new class of malicious software to cripple Internet operations
>> and
>> other computer networks on New Year's Eve.
>>
>> Under a "worst-case but clearly possible scenario," the National
>> Infrastructure Protection Center says the destructive new programs could be
>> used to wreak havoc during the Y2K period.
>>
>> The center issued its alert last week to computer-security professionals
>> throughout the United States.
>>
>> Some of those experts already are alarmed, saying thousands of copies of
>> the
>> malicious programs have been discovered in Unix and Linux-based computers
>> operated by corporations, governments and universities.
>>
>>
>> Dormant danger
>> The malicious programs -- including ones dubbed "trinoo" and "Tribe Flood
>> Network" -- typically lie dormant until activated. Once activated, however,
>> the program orchestrates a coordinated attack -- commanding legions of
>> machines to transmit a flood of computerized data to a particular system.
>> "It's like puting something into a computer and then issuing a command that
>> says, 'Lazarus come forth!' " said Gene Schultz, a network security expert
>> at
>> SAIC's Global Integrity Corp.
>>
>> In its alert, the FBI center says the unknown perpetrators apparently have
>> targeted "high bandwidth Internet connections," such as computers operated
>> by
>> universities.
>>
>> Thousands of illicit programs also have been found in computers operated by
>> major telecommunication corporations.
>>
>> The center urges computer network owners to rapidly examine their systems
>> for
>> signs that the programs such as trinoo have been covertly installed.
>>
>>
>> Significant concerns
>> "NIPC recommends these actions as strongly as any of the instructions
>> provided by information technology security personnel for Y2K preparation,"
>> the bulletin says.
>> Officials at the FBI center, which was established last year, were
>> unavailable for comment on the alert.
>>
>> In its bulletin, however, the center says it is "highly concerned about the
>> scale and significance" of reports it has received.
>>
>> "Some of the known cases involve substantial financial loss, with at least
>> one million-dollar loss known to date," the alert states. "The FBI is
>> currently investigating a large number of these cases through many
>> different
>> field offices."
>>
>> In one attack, a network computer operated by the University of Minnesota
>> was
>> rendered unusable for almost two days. The system was swamped by data
>> traffic
>> transmitted from at least 227 different computer "slaves," including more
>> than 100 compromised computers operated by the University of Washington.
>>
>> One of the problems for system administrators is determining who's the
>> victim
>> and who's the attacker, said Dave Dittrich, who worked to resolve the
>> problems at the University of Washington.
>>
>> Experts who have analyzed the malicious code say programs like trinoo are
>> used to covertly establish a nefarious network of hundreds or even
>> thousands
>> of unwitting "slave" computers.
>>
>> The network of slaves can then be used at any time to transmit a flood of
>> computerized data to a particular system, overwhelming the targeted site in
>> a
>> coordinated assault known as a "denial of service" attack.
>>
>> The malicious programs have nothing to do with the Y2K problem itself,
>> which
>> stems from a decades-old programming glitch involving the change in dates
>> from 1999 to the year 2000.
>>
>> But to malicious hackers, the tolling of the midnight bell on New Year's
>> Eve
>> offers a chance to cause trouble, since any disruptions might be blamed on
>> Y2K, said Tom Perrine of UCSD's San Diego Supercomputer Center.
>>
>> *
>> * NOTE: In accordance with Title 17 <U.S.C.> Section 107, this material
>> * is distributed without profit or payment to those who have expressed a
>> * prior interest in receiving this information for non-profit research and
>>
>> * educational purposes only. Provided by G2-Forward.
>>
-----
Raymond Popowich
[EMAIL PROTECTED]
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
