Hackers Attack DSL And Cable Modem Users


Peter Sayer


June 09, 2000




A malicious program concealed in a digitized video clip has compromised security on thousands of computers linked to the Internet by always-on connections such as DSL, cable modems or company networks, Network Security Technologies reported Thursday.

With the program installed on so many machines, the hackers could easily use the compromised machines to launch a distributed denial-of-service attack like that which affected a number of e-commerce Web sites earlier this year, Netsec said.

The program, a so-called Trojan, had installed itself on a machine at Netsec, and was detected as it tried to send information about passwords on the computer back to the hackers who developed it, the company said.

Netsec said it has since detected the Trojan on some 2000 computers, including some in major corporations throughout the U.S., Canada and Europe.

The Trojan is unusual, according to Netsec, because it has several defense mechanisms designed to prevent detection by virus scanners. The malicious part of the code is compressed to avoid detection, and it changes its name each time it installs itself on a computer.

The malicious code is transported within a .avi file, according to Netsec. When a user attempts to play the .avi file, the malicious executable decompresses and installs itself on the hard drive. When the computer is next rebooted, the code randomly renames itself, modifies the system.ini and win.ini files and the Windows Registry, and attempts to make a connection to one of two modified Internet Relay Chat servers. Once this connection is established, it sends the compromised computer's IP address, and then listens for further instructions. The Trojan can give hackers "full control" of the compromised machine, according to Netsec.

Netsec, in Herndon, Va., can be contacted at 703 561 0420 or at http://www.netsec.net/.


For More Network Computing News and Analysis, go to http://www.nwfusion.com