Covert menace to computer networks found
<< 20-Nov-1999 Saturday
A malicious software program, designed to wreak havoc on both public and private computer networks, has been covertly installed in thousands of Unix-based computers around the world, experts said yesterday.
The program -- dubbed "trinoo" -- has not been used to attack any systems since it was discovered late this summer, said Kevin Houle of the federally funded Computer Emergency Response Team, or CERT, at Carnegie Mellon University.
Still, "There's evidence to suggest that (trinoo) is in active development, testing and deployment," Houle said. The person or persons who created the program are unknown, he added.Pittsburgh-based center described the trinoo threat in a relatively low-key "incident note," that was posted Thursday at its Web site: cert.org.
But some computer security experts say they're alarmed by the stealthy nature of the trinoo program, which remains dormant until activated, and by trinoo's potential for widespread disruption.
"As far as I can tell, any machine on nearly any network is vulnerable to this method of attack," said Gene Schultz, a network security expert at SAIC's Global Integrity Corp. "They are using very insidious mechanisms to cause damage and disruption."
The trinoo program was detected, for example, in computers operated by a major long-distance telecommunications company. But experts aren't sure how trinoo was installed there.
"Until we understand how this program is distributed into computers, we won't precisely understand how to defend against it," Schultz said. >>
... more at ...
uniontrib.com
*****
Hi Ken,
I think Y2K will be quite bad. There are reports of banks already lowering ATM limits, hassling customers requesting cash, hassling customers trying to sell their securities, etc. I think the oil situation will worsen through the rollover. And then there are the expected virus attacks. The above one is very disturbing as it affects unix systems which are the backbone of the networks running telecommunications, utilities, internet, etc. and it is just waiting to be triggered at Y2K. If there are terrorist attacks or riots, Slick is setting up for martial law. I could go on and on, but in truth, nobody really knows what will happen.
Preparing for Y2K is really just having insurance on the unknown. Whether one prepares for the government's public 3 day recommendation, the Red Cross's 10 day recommendation, the Y2K Czar's 3 week private recommendation to industry or much longer is up to each of us. You pays your money and takes your chances. In most cases, the incremental cost is minimal, because if nothing happens, you can always eat the food, use the supplies, etc next year.
:-))
John |
