Remember the Honeynet Project? I discussed it in my July 6, 2000, column. At that time, the project team had just released a paper that revealed details about how system crackers had fallen prey to its UNIX-based honey pot trap. More recently, the group has been experimenting with a Windows 98-based honey pot, and, as you might have already guessed, as soon as the group placed the new honey pot online, the system began to receive probes.
In a newly released paper, the Honeynet Project explains how intruders unleashed worms that successfully installed themselves in its Win98 honey pot using intentionally unprotected network shares. I read the paper last week and found it very interesting. According to the report, the attacking worms weren't designed to inflict damage or steal data; they were designed to steal CPU cycles for a contest hosted by Distributed.net.
Distributed.net conducts public contests to crack various forms of encryption. To facilitate the contests, the company offers client software that attempts to crack the unknown encryption key by brute force. The client program runs in the background using spare CPU cycles to test keys one by one until the successful key is found. Participants can join teams where all individual team members' key tests count for the team as a whole. Distributed.net awards considerable cash prizes to the person or team that discovers the working encryption key. And cash is plenty of incentive for some crackers--that's why they created the worm: it silently installs Distributed.net client software, which steals unsuspecting users' spare CPU cycles for their team in hopes that the team will win the cash.
When I first heard about this ploy, I chuckled. After all, using a worm to steal CPU cycles is rather harmless. But consider the bigger picture: If a worm can steal CPU cycles, what else can it steal? Usernames and passwords?
I read another interesting story last week that details how certain Russian crackers who can't afford Internet access still manage to get online everyday. To gain Internet access, the Russian crackers break in to unsuspecting users' systems and steal their Internet logon credentials. With the credentials in hand, the crackers hijack a user's ISP account for a day and, among other things, use the account to infiltrate more systems looking for additional logon credentials. This way they quickly develop a running supply of Internet access accounts.
Not only could this cost users' money through unauthorized use of their account, but it could also place users at risk because the crackers masquerade as the unsuspecting users by virtue of the account use. If a crime is perpetrated and detected, the account owner must face authorities to explain.
There's really no such thing as a harmless worm. Minimally, other crackers will take known worm code and, with a few quick tweaks, turn a worm designed to steal CPU cycles into a worm that can steal your most sensitive information--or perhaps even worse, use your system to commit other crimes. To help stop intruders, consider a desktop firewall--it's worth every penny.
If you think you can't afford a desktop firewall, know that there are free firewall products available today. One product I learned about just this week is Tiny Software's Tiny Personal Firewall, which is currently in V.2 beta release. The company announced Monday that it's offering the product free for personal use with the final V.2 release due by December 1, and although I haven't tested the product, its specifications sound promising. If you need a free desktop firewall, be sure to check it out. Until next time, have a great week.