An EYE opening story about hackers!
-> Software
#1: An EYE opening story about hackers! Author: Shadow_BshwackrLocation: Central Illinois, USA PostPosted: Sun Feb 19, 2006 12:38 pm
    ----
A story written by Brian Krebs @ Washingtonpost.com...

If this story don't make you want to secure your Windows install or worse yet, make you so paranoid you want to move to an alternative OS, I'll be very surprised. I sure don't like many "the sky is falling" articles, but this is too good to not share...

Invasion of the Computer Snatchers
Hackers are hijacking thousands of PCs to spy on users, shake down online businesses, steal identities and send millions of pieces of spam. If you think your computer is safe, think again

By Brian Krebs
Sunday, February 19, 2006; Page W10

In the six hours between crashing into bed and rolling out of it, the 21-year-old hacker has broken into nearly 2,000 personal computers around the globe. He slept while software he wrote scoured the Internet for vulnerable computers and infected them with viruses that turned them into slaves.

Now, with the smoke of his day's first Marlboro curling across the living room of his parents' brick rambler, the hacker known online as "0x80" (pronounced X-eighty) plops his wiry frame into a tan, weathered couch, sets his new laptop on the coffee table and punches in a series of commands. At his behest, the commandeered PCs will begin downloading and installing software that will bombard their users with advertisements for pornographic Web sites. After the installation, 0x80 orders the machines to search the Internet for other potential victims.

A look at how hackers control thousands of PCs and use them to make money.


The young hacker, who has agreed to be interviewed only if he isn't identified by name or home town, takes a deep drag of his smoke and leans back against the couch to exhale. He smiles. This is his day job, and his work is finished in less than two minutes. In two weeks, he will receive a $300 check from one of the online marketing companies that pays him for his services.

"Most days, I just sit at home and chat online while I make money," 0x80 says. "I get one check like every 15 days in the mail for a few hundred bucks, and a buncha others I get from banks in Canada every 30 days." He says his work earns him an average of $6,800 per month, although he's made as much as $10,000. Not bad money for a high school dropout.

Hacked, remote-controlled home computers, known as robots or "bots," and large groups of robot networks like the one 0x80 runs -- called "botnets" -- are the souped-up cyber engines driving nearly all criminal commerce on the Internet. Botnets are used to relay millions of pieces of junk e-mail, or spam, touting everything from cheap Viagra to get-rich-quick business schemes. And the botmasters who control these computer networks are at the heart of ominous and increasingly common online shakedowns known as "denial of service attacks." In such an attack, Web gangsters demand tens of thousands of dollars in protection money from businesses. If the businesses refuse to pay, the criminals order the thousands of computers that make up their botnets to flood the Web sites with meaningless traffic, crippling the businesses and costing them thousands or hundreds of thousands of dollars in lost revenue.

0x80 says that he doesn't use his botnet to shake down businesses. Instead, he and a growing number of botmasters make money by seeding their botnets with spyware, also known as adware. Once installed on a PC, the adware serves up pop-up advertisements and mines data about the user's online browsing habits. The computer worm that powers the botnet also gathers far more sensitive data from the victim's machine, including passwords, e-mail addresses, Social Security numbers and credit card data. The spyware and adware problem is pervasive and growing: A recent survey by the National Cyber Security Alliance and America Online found that four of five computers connected to the Web have some type of spyware or adware installed on them, with or without the owner's knowledge.

"Most days, I just sit at home and chat online while I make money," says 0x80, who says he makes $6,800 a month on average.(Sarah L. Voisin - The Washington Post)
The distribution of online advertisements via spyware and adware has become a $2 billion industry, according to security software maker Webroot Software Inc. And as the industry has boomed, so have the botnets. Just a few months ago, FBI agents arrested a 20-year-old from Southern California for installing adware on a botnet of more than 400,000 hacked computers. Jeanson James Ancheta's victims included computers at the Naval Air Warfare Center and machines at the Defense Information Systems Agency, according to government documents. He pleaded guilty to the charges last month.

Like Ancheta, 0x80 installs adware and spyware surreptitiously, though the law requires the computer owner's consent. The young hacker doesn't have much sympathy for his victims. "All those people in my botnet, right, if I don't use them, they're just gonna eventually get caught up in someone else's net, so it might as well be mine," 0x80 says. "I mean, most of these people I infect are so stupid they really ain't got no business being on [the Internet] in the first place."

Tall and lanky, with hair that falls down to his eyebrows, 0x80 almost never looks you in the eye when he talks, his accent a slurry of heavy Southern drawl and Midwestern nasality. He lives with his folks in a small town in Middle America. The nearest businesses are a used-car lot, a gas station/convenience store and a strip club, where 0x80 says he recently dropped $800 for an hour alone in a VIP room with several dancers. He tells his parents that he works from home for a Web design firm. His bedroom resembles a miniature mission control center, with computers, television and computer monitors, and what must be several miles' worth of tangled wires plugged into an array of surge-protected power strips.

At the moment, 0x80 controls more than 13,000 computers in more than 20 countries. This morning he installs spyware on just a few hundred of the 2,000 PCs that he has commandeered in the last few hours. He will stagger the remaining installations throughout this day and into the next, using a program he wrote that automates the process. If he installs too many bundles of spyware at once, the online marketing companies, "get suspicious, they cut me off, and I don't get paid," he mumbles, squinting at the screen while the nub of his cigarette sprinkles ashes all over his laptop and the coffee table. "I've learned not to get greedy."

A small dog with matted fur enters the living room and winds through 0x80's feet. 0x80 gives the dog a gentle shove with his foot, without even looking up from his laptop. He furiously stabs at the keyboard with his two forefingers, punching out a short command that produces a mesmerizing blur of black-on-white text that scrolls up the computer screen at several pages per second. 0x80 makes it halfway through a cigarette before the text flying across the screen finally stops. The command he typed -- "pstore" -- is short for "password store." On the screen in front of him is a listing of every user name and password that the owner of each infected computer has stored in the Microsoft Internet Explorer Web browser on his or her computer.

A quick scroll through the first few dozen pages of the file reveals credentials his victims have used to log in to online accounts at PayPal, eBay, Bank of America and Citibank, to name just a few. Many of the Web sites for which user names and passwords are stored are harmless, such as sports or hobby sites. Others are potentially far more revealing, such as hard-core sex and fetish Web sites. 0x80 has also found credentials for thousands of e-mail accounts, including dozens at ".mil" and ".gov" (U.S. military and government) addresses.


Want to read the whole article? Click HERE!
#2: Re: An EYE opening story about hackers! Author: JG300-StoopyLocation: Group W bench PostPosted: Sun Feb 19, 2006 4:04 pm
    ----
Heckuva good read, Senor Bush, and thanks...although, on a point of order, "0x80" is more often properly pronouced "hex-eighty" among the old-school actual programming community....but leave it to the third-generation kids and hackers to corrupt even that much...as tho the modern-day corruption of the english language via terms such as "gr8", "h8", "w8" "y do u" etc isn't bad enough....

Here's a dumb question along the same lines: Isn't there similar danger in going to HTML links and such, given by parties or persons you don't trust?

I ask because although I've always been extremely well-protected (with not ONE virus instance in over 20 years) I finally did get brought down hard by some damn spyware thingy that I got by visiting a website that hosts - of all innocent things - Guitar Tablature (sheet music for those that are too lazy to read real music). All it took was one visit to that website and some pop-ups that came up. I backed right out but it was way too late, I had registry entries made and a nasty little thing that came up on the next restart. REverting back to a restore point was the only fix. I happened across the same site yesterday (slow learner huh?) looking for something else and this time, MS Anti-spyware caught it and I also used Task Manager to kill the process(es) that had been loaded.

So, my question is, say someone you don't really know posts an HTML link, say here in a forum or wherever....could be anything, but let's say a personal web page or greeting card link etc......should that be considered "high-risk" dangerous stuff to stay away from? Because that's the path I take....am I too paranoid?
#3: Re: An EYE opening story about hackers! Author: Doug_KibbeyLocation: The Great Satan PostPosted: Sun Feb 19, 2006 4:12 pm
    ----
- JG300-Stoopy
.
"corruption of the english language via terms such as "gr8".........

could be anything, but let's say a personal web page or greeting card link etc......should that be considered "high-risk" dangerous stuff to stay away from?


I don't think you're paranoid...and I flatter myself that I get your point completely Wink
#4: Re: An EYE opening story about hackers! Author: RCAF_MadDog PostPosted: Sun Feb 19, 2006 4:26 pm
    ----
I dontt think your paranoid either
The way I look at it Stoopy any link your not sure of is potentially dangerous. I dont usually click a link that is posted anywhere unless my sheilds are up or I know the person that posted the link. With the way the internet is nowadays its a use at your own risk deal. All we can do is to try to make sure our sheilds are going to hold up lol
#5: Re: An EYE opening story about hackers! Author: Shadow_BshwackrLocation: Central Illinois, USA PostPosted: Sun Feb 19, 2006 4:57 pm
    ----
Well, the purpose of the post was to make those that don't know the hazards exist and give them some insight on how dangerous this really is.

Keeping up with your OS security updates is crutial these days and running some kind of firewall, anti-virus, spy tools and spy look out tools is a normal way of life for savy users.

To answer your question Stoopy, yep, HTML links can pass 'bugs' into the system and I fix a lot of puters who's users visits less than desireable locations on the web. I find running Webroot Spy Sweeper does a nice job watching your machine for this.

The saying "An ounce of prevention is worth more than a pound of cure." is certainly true when using the net and being pro-active is a much better approach than being passive in this case.

So, let me tell you what I'm running...

Firewall, Adaware, SpyBot, Webroot Spy Sweeper, MS Anti-spyware, Avast and/or AVG anti-virus (I use both, but not at the same time.) These are just the front end blockers, then I also run as maintainence, PcRescue, System Mechanic and Registery Mechanic.

It's a shame you have to run this stuff, but if you don't, it's a matter of time before you get hit.

Something else to think about. I also run Linux/XP as a dual boot and at times will stay in that OS for quite a while and only come back to XP for gaming. This is especially true if there's been a warning on the net about specific worms, bots or virus' out like the recent black worm. Once the threat is gone, I'll boot into XP, do all the updates, rescan all sectors and all is well... Wink
#6: Re: An EYE opening story about hackers! Author: ShadesLocation: 3rd Branch up, 'Ye Olde Oak', Green Wood. PostPosted: Sun Feb 19, 2006 5:22 pm
    ----
I'm amazed by how many people I run into in RidgeRunners who still don't have a firewall.
I'd be one of 'em if folks like EW_Gorilla hadn't explained it all to me when I first came on-line.
Cheers monkeys!
#7: Re: An EYE opening story about hackers! Author: RCAF_WingnutLocation: Omaha, Ne. PostPosted: Sun Feb 19, 2006 9:02 pm
    ----
I once read a story by the owner of one of those companies attacked by bot controlled pc's regarding his personal research into the attack and defense against the bots. He discovered that the best, at that time, firewall available was the Zonealarm from Zone Labs. Of the programs he tested, it was the only one that blocked attempts from inside to access the net without permission of the owner. All the rest allowed a program on the inside to access outside the system. They all blocked outside attempts to get in, but a lot of the time the bots are attached to e-mail that people downloaded, and didn't know it was there. The bots that attacked his business were controlled by a 15 year old kid. The businessmans computer was protected inside his network by his built in firewall on his router, but the flood of pings from the bot controlled pc's blocked his entire bandwidth for several days.
#8: Re: An EYE opening story about hackers! Author: ShadesLocation: 3rd Branch up, 'Ye Olde Oak', Green Wood. PostPosted: Mon Feb 20, 2006 9:28 am
    ----
That research was specific to that company's computer network and shouldn't be taken as a recommendation for other systems:-
Security will vary from pc to pc depending on the components and software involved. ZA may well have served that chap well. It doesn't necessarilly mean it would serve someone else equally as well.

I've used McAfee and ZA in the past, which were the best for the machines I had them installed on. Now I use Norton as the NIS bundle is the best for my current machine. I'd rather not as NIS is so thorough, it affects system performance but I'm not sacrificing system security.
As Norton is still the best for my machine, I'll upgrade to NIS2006 and then review what's available when the time comes to change again.
-> Software

All times are GMT - 6 Hours

Page 1 of 1