X-SciTech

Hackers Breed Digital 'Zombies'

By CBSNews.com staff CBSNews.com staff

June 8, 2000 / 10:11 PM EDT / CBS

Beware the "Badman."

Experts from a computer security company may have stopped a potentially destructive hack attack when it discovered a malicious program sitting on more than 2,000 computers that would turn them into 'zombies.'

The FBI will meet with investigators from Network Security Technologies Friday to discuss the firm's discovery that hackers have embedded an Internet downloaded program disguised as a movie clip on business and home computers, positioning themselves to launch an attack designed to shut down Web sites.

"We discovered it because we were infected with it a while. We discovered it on one of the machines making a connection to the Internet," NETSEC vice president Todd Waskelis said Friday on CBS News' The Early Show. "We decided to investigate it and trace it back to the perpetrators."

The problem demonstrates the growing vulnerability that home computer users face as they begin to purchase permanent, high-speed connections to the Internet.

"A file is downloaded off the Internet which appears to be a movie file that contains the 'Trojan' program," Waskelis said. "The file turns the machine into a server, broadcasting information back to the hackers and letting them know who they are and where they can connect to them."

The hackers had access to all the computers' secrets - passwords, personal files and all - and can at any point launch a crippling assault similar to February's attacks that included CNN's news site, the Yahoo! Internet directory and Amazon.com.

The hackers, who used the nicknames "Serbian" and "Badman," tested their network of infected computers Wednesday night, said NETSEC, which alerted the Justice Department on Thursday.

Even computers at some large computer companies were penetrated by the hackers, according to NETSEC, which alerted the government to the problem.

"Anybody who is directly connected to the Internet through cable modems or DSL is extremely susceptible to these back-door programs. We have seen many, many attacks coming on to those people's machines," said Vincent Weafer, director of Symantec Corp.'s Anti-Virus Research Center in Cupertino, Calif.

The security firm suspects the hackers are adding to their numbers daily and could soon launch a major attack.

"They're gathering up their armies, and as that number increases, so will their testosterone level," said Todd Waskelis, a vice president at NETSEC.

The Herndon, Va.-based company first learned of the hackers' plans when the vandals tried to penetrate one of NETSEC's computers, and protective software detected it.

The file planted by the hackers looks like a movie clip but essentially turns the infected computer into a 'zombie' machine that the hackers can control, NETSEC said.

hen the fake movie clip is activated, the malicious program called "Serbian Badman Trojan" runs without any visible clues to the user. The program sends passwords, network details and other information to the hackers.

Armed with information gleaned from the infected computers, the hackers can then use the infected computer as a permanent gateway to access personal and corporate files or to launch massive denial of service attacks on Web sites.

In such an attack, the 'zombie' computers can be used to send thousands of repetitive requests, clogging a Web site's computers until they seize up.

NETSEC officials said they uncovered computers across the world that were penetrated by the hackers, including in Austria, Greece, Canada, Russia, France and the United States.

Most of the infected computers belonged to home users connected to high-speed Internet providers, NETSEC said.

Home users are especially susceptible because they do not have up-to-date anti-virus software or firewall programs that block hacker attacks. Also, most home users have fixed Internet addresses that are easily identified.