Just When You Thought It Was Safe to Chat Online …
Security experts have discovered a hacking tool, Trinity v3, that uses chat systems to attack computers.
By Elinor Abreu
Yahoo! Inc. (YHOO)
eBay Inc. (EBAY)
To Serve, Maybe Protect
The World's Most Secure Operating System
Hackers, the Feds Want You
Email to a Friend
Print Article
Write the Editor
Security researchers have discovered what they believe is the first distributed denial-of-service tool that uses Internet relay chat, a real-time chat system, to direct hits on target computers.
The tool, dubbed Trinity v3, has been used to launch denial-of-service attacks on several educational institutions but no major e-commerce Web sites as yet, according to Chris Rouland, director of Atlanta-based Internet Security System's internal research and development group, called X-Force.
Hackers use distributed denial-of-service, or DOS, attacks, like the ones launched in February against eBay (EBAY) , Yahoo (YHOO) and several other sites, to flood Web sites with so much traffic that they become inaccessible to legitimate traffic. They do this by embedding software onto other machines, which then are used as agents to launch the attack.
Hackers have been using Internet Relay Chat, or IRC, systems for at least a year to control compromised computers via back doors and programs called trojan horses that contain hidden malicious instructions. Until now, though, IRC systems haven't been used for DOS attacks, Rouland says.
"The reason they're using IRC is because it's a very effective guaranteed delivery client-server transport mechanism that also provides the attacker with anonymity," says Rouland. "It's easy to log in and hide your identity."
Because of the ease with which hackers and malicious code writers can use IRC and the instant chat system ICQ to spread viruses, Rouland recommends that corporations block access to the systems. "IRC and ICQ are both very risky Internet behaviors because you are establishing a TCP/IP, or handshake, connection with untrusted hosts," he says.
Trinity automatically logs the compromised computer onto a specific IRC system, whereupon the hacker can control that computer and others by logging onto the same chat channel.
More than 400 host computers, all running Linux, were found to have Trinity installed, Rouland says. The tool not only allows a hacker to use the compromised machine to launch DOS attacks – it also allows the hacker, or anyone with password access to the IRC system, root access to the compromised machine, enabling visitors to do anything to the computer that they want. |
