On The Insider: Miley Says No to Nudity

Search:
Go!


Today on CNET
Reviews
News
Downloads
Tips & Tricks
CNET TV
Compare Prices
Blogs
Cell phones| Desktops| Digital cameras| Laptops| MP3 players| TVs| All Categories


Click Here
advertisement

Security Watch : Don't get burned by viruses and hackers.
MyDoom won't hurt you, but its descendants might
E-mail to a friend
Send us feedback
By Robert Vamosi 
Senior editor, CNET Reviews
July 30, 2004

If you're having trouble viewing your favorite sites on the Internet, you're not alone. Within the last two months, we've experienced the return of the MyDoom virus as well as attacks--not on popular Web sites themselves, but on the secondary sites that power them. These two facts are related. What started as local gangs tagging and shutting down rivals has matured into a more sophisticated game that's targeting the interdependencies of the Internet itself.

Tag, you're it
Years ago, young hackers aligned themselves into gangs that prided themselves in shutting down rival sites. They did so by writing quick-and-dirty viruses that compromised as many innocent computers as possible with remote backdoor Trojan horses--much like a street gang tagging a site. If the red gang put a Trojan on your computer, then your computer was owned by the red gang. The blue gang could come along and retag your computer, but that was unlikely.

What started as local gangs tagging and shutting down rivals has matured into a more sophisticated game that's targeting the interdependencies of the Internet itself.
The game, back then, was simple: If the red army was bigger, it could cause a denial-of-service attack on the blue army's server, shutting down the rival gang. Something like that happened in December 2001, when four Israeli youths were arrested for creating the Goner virus, which existed mainly to attack a rival gang. When you're talking a few hundred PCs, this "war" seems trivial.

Sobig changed things
But over time, these armies of red and blue grew more sophisticated. Needless to say, a person in control of a thousand compromised computers--a collection called a botnet--is in a very powerful position. With a single command, those thousand machines could launch a new virus, start a distributed denial-of-service attack on a single target, or relay spam messages.

A botnet's spam-sending abilities seem to be the holy grail of criminal activity. Starting with the Sobig virus in 2003, someone, somewhere realized these botnet networks of compromised computers could be sold to spammers, who would then use the machines to relay their spam across the Internet.

But the original Sobig infected relatively few systems, so criminal hackers (crackers) went about improving it. Roughly every two to four weeks for several months, new versions of the Sobig virus continued to strike, then expire, each version reaching out to slightly more computers than the version before. By the time Sobig.f hit in August 2003, it infected more than a million PCs in a first few days. Given its success, other viruses soon followed this model; MyDoom and Netsky, in particular, were designed to create larger and larger networks of compromised computers.

Given that the Trojan horses used by these most recent viruses were created in Russia, there have been serious suggestions that the Russian mafia may be contracting with virus writers to create newer and better viruses solely to relay spam.

MyDoom's return
MyDoom goes even further. Its compromised computer networks sometimes have specific targets for denial-of-service attacks. The botnet created by MyDoom.a, for example, attacked Microsoft's Windows update site until Microsoft was forced to move it. MyDoom.b went after Microsoft and SCO Linux, successfully taking the SCO site offline for several days. At the time, many thought it was some kind of message about Linux or specifically about the lawsuits that SCO was filing against other users of Linux for copyright infringement. I suspect, even now, that the targets are arbitrary; I think that MyDoom and the others are test viruses released to find out what works and what doesn't.

I think that crackers are attempting to take down the Internet. Of course, they won't.
The very latest version of MyDoom, MyDoom.m, adds a new trick: it uses popular search engines to harvest all the e-mail addresses within a given domain, then e-mails itself to those addresses. Although MyDoom.m briefly disabled major search engines, I think that its real purpose was to see if it would spread further, faster. It did, until Google and other search engines figured out how to filter the queries and return to work again. MyDoom.m peaked within a day, which is rare for an e-mail virus these days, and is thus not a very important virus.

Higher goals
MyDoom.m and events such as the July 27, 2004, distributed denial-of-service attack that targeted DoubleClick and last month's Akamai attack make it clear, I think, that crackers are attempting to take down the Internet. Of course, they won't. The Internet links too many different types of computers and is far too robust to fail entirely.

Nonetheless, popular sites such as Microsoft, Google, Yahoo, and Apple can go dark, and I predict we'll see more attacks like this in the coming months.

What can you do? The only way to stop these Internet thugs is to make sure your own desktop isn't conscripted in their dirty little armies. Make sure your antivirus software is up-to-date, and if you haven't already done so, download a personal firewall such as ZoneAlarm. Stay on top of the latest Microsoft Windows updates as well. Then, once your PC is secure, get your friends and neighbors to secure theirs.

Got a security question? Let me hear about it!

Security Center
Top antivirus apps
From CNET Reviews
Top antispyware apps
From CNET Reviews
Virus and security alert forums
From CNET Message Boards




7/23/04
How to protect your laptop on the road
More than a quarter million laptops are stolen each year. Here's how to keep yours from going AWOL.

7/16/04
Is another MSBlast attack in your future?
Once again, the clock is ticking toward another big virus attack within the next few weeks. Here's how to diffuse the threat and also surf the Internet safely.

7/9/04
Wired hospitals? Are you crazy?
There's a proposal in Washington to have all hospital records online by 2015. This is a good idea--as long as it's done securely.

More commentary


More commentary
Buzz Report
Molly Wood
Taking a bite out of hype.
Security Watch
Robert Vamosi
Don't get burned by viruses and hackers.
Fully Equipped
David Carnoy
The electronics you lust for.
On Call
Kent German
Solutions for your wireless woes.
Driving It
Wayne Cunningham
What's hot and what's not in car tech.

Help Center|Newsletters|Corrections|What's New|All Product Reviews|
Search:
Go!

Popular topics: Apple | Antivirus | Cell Phones | Dell | Digital Camera | Firefox 3 | Games | iPhone | iPod | iTunes | Laptops | Norton | PS3 | Verizon | Wii | Xbox 360
CNET.com
About CNET|Today on CNET|Reviews|News|Compare prices|Tips & Tricks|Downloads|CNET TV
Popular on CBS sites: World News | Fantasy Football | Amy Winehouse | Baseball | E3 | Batman | Firefox 3 | iPhone 3G
About CNET Networks | Jobs | Advertise


© 2008 CNET Networks, Inc., a CBS Company. All rights reserved. | Privacy Policy | Terms of Use