This Bug Is Nasty, Brutish, And Sneaky
April 03, 2006
Hackers have raised the stakes with a new bug almost immune to detection
As a data security specialist, Jeremy Pickett sees all kinds of digital tricks. So on Mar. 20, when he was tracing the origins of a computer bug that had been blocked the night before from entering a client's computer network, Pickett wasn't too surprised that it tried to connect with four sleazy Web sites, most of them, he believes, in Russia. Or that it then tried to load victims' PCs with as many as 30 new pieces of "malware," ranging from spam programs to those that automatically dial in to expensive phone-sex services.
But the real shock came when Pickett decided to test another bug by infecting his own PC with it. Out slithered a program that promptly installed itself deep inside his computer. There it became virtually immune to detection from the basic antivirus software that scans for dangerous code. The bug -- known as a "Trojan," which in turn was hidden inside a "rootkit" -- was designed to activate whenever a Web surfer typed in a user name or password for bank accounts or Web sites for dating, social networking, or e-mail. Pickett went to a bank site and entered fictitious log-in information. Right before his eyes, those data were sent streaming back to Russia, joining the IDs of thousands of real victims. His reaction: "absolute horror."
Source: http://www.businessweek.com/
As a data security specialist, Jeremy Pickett sees all kinds of digital tricks. So on Mar. 20, when he was tracing the origins of a computer bug that had been blocked the night before from entering a client's computer network, Pickett wasn't too surprised that it tried to connect with four sleazy Web sites, most of them, he believes, in Russia. Or that it then tried to load victims' PCs with as many as 30 new pieces of "malware," ranging from spam programs to those that automatically dial in to expensive phone-sex services.
But the real shock came when Pickett decided to test another bug by infecting his own PC with it. Out slithered a program that promptly installed itself deep inside his computer. There it became virtually immune to detection from the basic antivirus software that scans for dangerous code. The bug -- known as a "Trojan," which in turn was hidden inside a "rootkit" -- was designed to activate whenever a Web surfer typed in a user name or password for bank accounts or Web sites for dating, social networking, or e-mail. Pickett went to a bank site and entered fictitious log-in information. Right before his eyes, those data were sent streaming back to Russia, joining the IDs of thousands of real victims. His reaction: "absolute horror."
Source: http://www.businessweek.com/