Hi there, it’s your paranoia instalment for the month!
Millions of unsecured PCs running Windows are being infected by viruses that turn the PCs into zombies – unwitting collaborators in massive Distributed Denial of Service attacks (DDOS) that can bring a Web site to its knees.
How? Who’s doing this? Why are they doing it?
First, an analogy.
Imagine you own a little store, where customers walk in off the street, browse and buy stuff. Now imagine that one day, a large group of people invade your store. They mill about, filling all the available space. They don’t buy anything, they just hang around and don’t go away. Other customers approach the store, see that it is full and walk past.
Then a competitor appears, or perhaps the local mafioso, telling you that you must pay him money or your store will remain filled with people that don’t buy anything. The police won’t help you because technically, the invaders are not breaking the law; and some of the shoppers may be legitimate. You can hire private bouncers, or you can pay the extortion money, or you can close your store.
The same thing is happening to many Internet Web sites. You don’t hear about it because the publicity would frighten customers away, and invite more attacks.
Here’s how it works. First, a clever computer program called a trojan or virus, is surreptitiously planted in thousands of unprotected computers. The trojan can be transmitted from a Web site that causes it to be downloaded into your computer. Or it can be attached to spam email that you inadvertently opened.
The purpose of this program is not to paralyze your computer. Quite the contrary: the trojan, to be successful, must be undetected, and continue running simultaneously on your computer while you balance your check book and surf YouTube for nymphets (just kidding).
Over a period of time, trojans trickle treacherously into vulnerable targets, namely, PCs running Microsoft’s Windows operating system. Windows is vulnerable because it has many software bugs that allow it to be tricked and manipulated, resulting in poor security. Other OS, such as Macintosh and Linux, are used by too small a percentage of computers, and are not worth the effort to compromise. Trojans are platform-specific. A Windows virus cannot run on an Apple or on Linux.
What do these trojans do? Two simple things. First, they are programmed to secretly communicate with a central computer, operated by the Zombie Master (ZM). The ZM is a criminal who offers his services to the highest bidder, or is part of a hostile organization. A Windows PC has thousands of virtual communications ‘ports’, each with a specific purpose. The trojan calls in on a specific, pre-determined port, and receives instructions from the ZM. These instructions contain the IP (Internet Protocol) address of a target or victim.
To find the IP address of any Web site, simply open a Command Prompt (“DOS Window”), and type:
C:> ping www.google.com
The IP address will be displayed:
Pinging www.google.com [64.233.161.147]
Second, the trojan takes over the infected PC and begins transmitting requests to the target site. The requests are similar to a legitimate transmission from a human-operated browser. Except that the transmissions are repeated continuously and rapidly, and the trojan doesn’t care about the reply.
One single PC can’t do much harm to a Web site. However, if hundreds of thousands of infected PCs simultaneously start hammering a Web site, the volume of traffic can easily exceed what the Web site was designed to handle. The site will be overwhelmed, be unable to respond to any requests (even legitimate ones), and will be shut down as effectively as if the Bad Guys had planted a bomb in the computer room. If your company makes a living from Internet shoppers, you are out of business. Gambling sites are particular targets of these attacks.
These attacks are called ‘Denial of Service’ (DOS) because they interfere with your operations, and prevent you from responding to legitimate communications traffic. And ‘Distributed’ because the attacks can come from all over the World.
Can’t the victim simply increase the size and power of his Web site, to a level where it can handle the onslaught? It can take weeks to bring in new equipment, and it can be very costly.
There are companies that specialize in protecting from DDOS. They have a large arsenal of computers, and can temporarily take over your domain, filter the incoming traffic, and only let legitimate packets through. They are expensive, and only good as a temporary measure.
Why do ZM do this? A few motives are blackmail, retaliation, harming a competitor, or terrorism.
ZM can operate from anywhere in the World, and are beyond the reach of the law. Russia is a popular haven. The front-line attackers are PCs owned by clueless consumers with no firewalls or virus protection, scattered throughout the U.S., Canada and Europe. There is no single source, and there are not enough resources to track down all the leaks.
ZM cannot be stopped. A company called Blue Frog was destroyed by a DDOS attack. Blue Frog was “a community-based anti-spam system which tried to persuade spammers to remove community members' addresses from their mailing-lists by automating the complaint process for each user as they receive spam” (see the whole story at http://en.wikipedia.org/wiki/Blue_Frog). Blue Frog pissed off some powerful people, and were brought down by a massive, concerted DDOS attack.
In the latest version of Windows, called Vista, Microsoft attempts to fix many security holes. However, the remedy may be worse than the disease (that’s another story). Also, PCs running older versions of Windows will be around for years to come, haunting the Internet with ghostly zombie traffic.
If you have a high-speed Internet connection (aka ‘Broadband’), either DSL from the phone company, or cable, make sure you have a router with a hardware firewall.